Revamping India’s outdated data laws

After over a decade of status quo, India appears to be poised to welcome a slew of changes to its data and information technology laws. The change is likely to help realise India’s true potential as one of the most powerful data-centric economies in the world. Recent media reports citing government sources have indicated that the Government of India will shortly commence work on a new law to replace India’s Information Technology Act, 2000 (“IT Act”). As part of this process, it appears that the Government may introduce policies on data governance and cybersecurity, a “Digital India Act” to replace the IT Act and new regulations to replace the Personal Data Protection Bill (“PDP Bill”).

The ill-fated PDP Bill – which has since 2018 gone through numerous iterations at the hands of a Joint Parliamentary Committee, including a short stint as the ‘Data Protection Bill 2021’ – has reportedly been scrapped in order to be reformulated from scratch, bringing us back to the drawing board. The PDP Bill introduced various contentious concepts such as data localisation and data mirroring, which caused much consternation among corporate stakeholders who would have had to restructure significant parts of their data flow architectures to comply with such requirements.

Please click here to read the full article by Rupinder Malik and Sriram SL, published in The Economic Times.