Radhika Jhalani

India’s Digital Personal Data Protection Bill is here, at long last. The Bill, which germinates from the landmark judgment Puttaswamy v Union of India, 2017, recognising the right to privacy in the Indian Constitution, has seen four iterations over the past five years. Although each version suffered criticism from civil society, forgiveness would still have been possible had the final version been a rights-respecting law.

At the outset, there is a disconnect between the text of the Bill, and the Explanatory Note released with it. The Note echoes the “natural principles” of all data protection regimes across jurisdictions, including values of lawfulness, transparency, fair use of data, purpose limitation, data minimisation, accurate data collection, storage limitation, security and accountability measures. While these principles are very important and respectable, their mention in an Explanatory Note to a Bill is not helpful in protecting data rights since the Note holds no legal binding value.