The ODR approach can offer the soon-to-be-formed Data Protection Board mechanisms that are digital from the ground up. By integrating various elements of India’s digital public infrastructure into the ODR process adopted, we can ensure that data protection in India is techno-legal from the get-go.
The Digital Personal Data Protection Act, 2023 is not perfect. There are many things I would have liked to change. But it has been enacted and it is the law we’ve been given. It is time to stop the hand-wringing and get on with working with what we have.
India’s new data protection law is simple and principle based. But it will require companies big and small to make radical changes to the way they operate. And I don’t think businesses fully realise the changes they are going to have to make.
The Digital Personal Data Protection Bill - that has been listed as one of the items for discussion in the Monsoon Session of Parliament - will, if enacted be a significant first step in the journey to a functional privacy regime. But there is still a lot to be done including issuing regulations and establishing the Data Protection Board.
Regulating the intersection of data protection and competition is hard. Dominant platforms can leverage user data to create monopolies, limit user choice and raise competition concerns. As India prepares its own data protection law, it should try and avoid regulatory overlaps and strike a balance between data protection and competition regulation.