The Data Protection Bill, 2021, was complicated and created roadblocks for India's start-up ecosystem, said Minister of State for Electronics and Information Technology Rajeev Chandrasekhar in conversation with Soumyarendra Barik of The Indian Express. After the government's withdrawal of the 2021 Bill in August, the newly published draft Digital Personal Data Protection Bill, 2022 (DPDP Bill), ensures that a consumer's right to data protection is captured as a right, said Chandrasekhar. Light-touch obligations for data fiduciaries have been included so that they're easy to comply with, don't slow down innovation or the economy, and make India a "safe destination" for processing data of citizens of different countries. The Bill also preserves the government's unspecified "governance objectives" for data governance. Why it matters: Released last Friday, the much-awaited DPDP Bill is a slender 24 pages, and purportedly seeks to provide for digital personal data processing that “recognizes the right of individuals to protect their personal data, societal rights and the need to process personal data for lawful purposes”. This fourth iteration of India's data protection law also raises many questions—as much of its procedures are unspecified and relegated to future subordinate regulation. The Minister's comments clarify what the Ministry of Electronics and Information Technology (MeitY)Expres expects from the law, as well as the problems it aims to solve. On revised provisions for cross-border data flows Section 17 of the Bill permits transfers of personal data to select countries notified by the Centre. This marks a departure from previous versions of the law—where transfers…
