With Digital Personal Data Protection Bill (DPDPB), 2023, passed by the Rajya Sabha, allowing consented, lawful and transparent use of personal data, a conundrum has risen regarding the safety of cross-border information exchange. Experts believe that the principle of data accuracy (ensuring data is correct and updated) mentioned in the DPDPB could provide scope for scammers to get exact information for conducting fraudulent activities. “ The bill expects to promote ethical handling of personal data by fostering a culture of accountability and building trust. However, it also presents challenges, such as the compliance burden on SMEs and potential limitations on innovation,” Neha Suyal, co-founder, Woovly, a social commerce platform, told FETransformX, adding that the bill’s success depends on the right balance between data protection and fostering innovation, as well as effective implementation and enforcement of mechanisms.
Industry experts believe the principle of storage limitation (storing data only until it is needed for the specified purpose) of the DPDPB might oppose disclosing personal information under the Right to Information Act. There were about 692.0 million Internet users in India at the start of 2023 and penetration stood at 48.7%, as per insights from Datareportal, a market research platform. The storage limitation in the DPDPB is expected to reduce the number of users in the digital space eventually affecting the digital market. “ The bill applies to the processing of digital personal data within India, whether the data has been collected online or offline and is digitised. So, it is significant to note that the Personal Data (PD) of a Data Principal may be collected only for a lawful purpose upon the consent of an individual and will not have any impact on the digital sector,” Rajdutt Shekhar Singh, partner, S&A Law Offices, a law firm, explained.
From what it is understood, the bill entails the retention of consumer data only as long as it serves the intended purpose and then the right to correction and erasure of data. “The user data holds lifetime value for most businesses, especially fintech. The removal of data on short notice could eventually lead to the absence of important data which might be crucial for business in the future, ” Abhishek Kothari, CEO, Pepper Money India, a finance company, explained.
As per a survey conducted between November and December 2022, about 70% of Internet users claimed to have experienced cybercrime, as per insights from Statista, a market research platform. Critics argue the Data Protection Bill (DPDPB) and cross-border information exchange might present challenges. The expected legal complexities of cross-border information exchange highlight the need for international collaboration and robust legal frameworks to curb fraudulent activities. “The bill is expected to be a positive step towards building ‘Digital Trust’ across the country. However, DPDPB indicates possibilities of exemptions to certain classes of Data Fiduciaries such as entities seeking personal data from users, startups and permits cross-border data transfers. These are expected to propel innovation in a lawful manner,” Anil Srinivas Tadimeti, head of strategy and operations at Bureau, a fraud detection company, concluded.
Follow us on Twitter, Facebook, LinkedIn