The latest Personal Data Protection bill signals India's intent to be among the rule makers and not be a mere subscriber of rules made by others.
law is very strict but largely in line with international norms - in fact, in many ways, it is very similar to the European Union's General Data Protection Regulation. Data is still a nascent field and the new law signals the intent of the Narendra Modi government to be among the rule makers and not be a mere subscriber of rules made by others - with good reason.
India has half a billion Net users, the second largest user base in the world after
. It generates humungous amounts of data and is considered the next frontier by almost every Western and Chinese Internet-based company.
The proposed law classifies data into critical, personal and general and mandates different standards with regard to the storage, usage and processing of each. For example, critical and personal data can be stored only in India.
Since data is widely acknowledged as the new equivalent of gold, it is just fair that the Indian government has some say over how it is used. Not doing so would open the field for “data colonisation” - a situation where a handful of mostly western (and some Chinese) companies would exercise control over the data generated by Indians, influence his/her decisions on a host of issues, including voting behaviour in elections, and earn billions of dollars in the process.
The PDP returns control of data ownership to its rightful owner --- the person who generates that data. It also invokes national sovereignty to claim access to data for legal purposes.
One can quibble over the fine print but there's little one can argue with its overall direction and intent.