The Personal Data Protection Bill, 2019, was introduced in Parliament in December 2019, and was referred to a 30-member Joint Parliamentary Committee for review. The Bill is the first legislation that focusses on privacy of citizens, and could potentially result in significant overhaul of digital businesses and companies. The Committee is expected to submit its report to the Parliament before the Budget Session concludes on April 3, 2020. Earlier this month, MediaNama held discussions in Delhi and Bangalore on the main aspects and impact of the Bill with a wide set of stakeholders. The discussions were held with support from Facebook, Google, and STAR India in Delhi, and with support from Facebook and Google in Bangalore. The discussions were held under Chatham House Rule, so quotes have not been attributed. Quotes are not verbatim and have been edited for clarity and brevity. Read our full coverage of the discussions here: #NAMA India’s Data Protection Law – January 2020. The following is Part II of our notes from the session on data protection authority. Read Part I here. Does the DPA have the necessary capacity? Can it regulate for 1.3 billion people? An audience member pointed out that while other regulators like SEBI and RBI deal with only limited entities, the DPA’s regulated entities cut across sectors, and are many more. So will the DPA have this capacity, what does history tell us? Regulation for a population is only indirect: Taking the example of an existing regulator, a speaker pointed out that SEBI regulates listed entities,…
