India Needs a Robust and Streamlined Data Protection Framework That Will Enable the Growth of MSMEs, Accelerate Growth Towards a USD 5 Trillion Economy

New Delhi: The Joint Parliamentary Committee (JPC) on Personal Data Protection (PDP) Bill is ready to put forth its report during the winter session of the Parliament. The PDP Bill must look at supporting innovation and growth, avoid overregulation, minimize compliance costs and burdens, and focus on removing uncertainty in business operations at a time when start-ups are flourishing and MSMEs are adopting digital solutions.

The Joint Parliamentary Committee (JPC) on Personal Data Protection (PDP) Bill is ready to put forth its report during the winter session of the Parliament. The Bill is being introduced at a crucial juncture in India’s digital economy which is still undergoing several transformations in the post-COVID world. Despite challenges, 38 companies harnessed digital growth to become unicorns in 2021. India Tech is poised to become a world leader while also helping MSMEs grow. The PDP Bill must support MSMEs and potential unicorns.

The Personal Data Protection Bill must look at supporting innovation and growth and avoid overregulation, as well as minimising compliance costs and burdens. The focus must be to remove uncertainty in business operations at a time when start-ups are flourishing and MSMEs are adopting digital solutions. To prevent complications, there is a need for a clear definition of non-personal data.

Sharing her opinion at a consultation session organised by The Dialogue, Dr. Aruna Sharma IAS, Former Secretary, Govt. of India, added that “The PDP Bill is still at the nascent stage, there is a need to clearly demarcate and distinguish guiding principles related to personal and non-personal data. It is imperative to invite recommendations and hold consultations with the stakeholders to make the bill more inclusive.”

Mr. Kazim Rizvi, Founding Director, The Dialogue highlighted, “The PDP Bill must look at supporting growth, being interoperable, along with having a transparent and independent Data Protection Authority. Non-personal data should ideally be kept outside the purview of the Personal Data Protection Bill. There is a need for a progressive law that protects the privacy of the user and provides an enabling environment for the growth of our digital economy.”

Adding to this, Dr. Aruna Sharma also shared, “Standardisation of contractual clauses in cross-border transfer of data is extremely important to reduce hindrances and allow easier navigation for businesses with respect to data concerns.” Ms. Shefali Mehta, Program Manager, The Dialogue, also highlighted, “The world is becoming more open in terms of data, and if India’s law is very restrictive, then the country will alienate itself from the larger global economy. There is a need to expedite bilateral and multilateral agreements to encourage data transfers between different countries while still respecting the basic principles of data protection.”

An accountability framework must be put in place to ensure transparency of operations. This can be achieved successfully by an independent third-party data regulator who can put forth an unbiased take at decentralising the power outlined in the Bill. It is highly crucial to balance concerns of national security and safeguarding the rights of citizens and working towards accelerating the development of start-ups and small businesses.