On November 18, 2022, the Indian Ministry of Electronics and Information Technology invited feedback from the public on the draft Digital Personal Data Protection Bill, 2022 (the “DPDP”). The call for feedback has been extended to January 2nd, 2023.
The Global Network Initiative (GNI) welcomes this opportunity and acknowledges and appreciates the importance of the secure collection, storage, and retention of personal data, and the need to consider the potential human rights impacts of GNI members’ practices in these areas, wherever they operate.
GNI company members commit to disclose to users in clear language what personal information they collect, as well as policies and procedures for responding to government demands for personal information. They also commit to assessing, on an ongoing basis, measures for transparency with their users on their data collection, storage, and retention practices.
We write to express our concerns regarding some of the elements of the bill that undermine its admirable data protection aims, which we believe could raise challenges for companies seeking to protect user privacy.
We are concerned that these exceptions, when taken together with other proposed and recently enacted provisions of Indian law GNI has commented on separately, pose real concerns for individuals ’ privacy. We would also encourage stronger independence and oversight of any regulatory bodies tasked with enforcing the DPDP, and improved opportunities for redress for individuals whose privacy rights are affected by companies and the state.
The Global Network Initiative (GNI) is a multistakeholder initiative that brings together 85 prominent academics, civil society organizations, ICT companies, and investors from around the world. Members’ collaboration is rooted in a shared commitment to advancing the GNI Principles on Freedom of Expression and Privacy, which are grounded in international human rights law and the UN Guiding Principles on Business and Human Rights (UNGPs). For over a decade, the GNI Principles and corresponding Implementation Guidelines have guided ICT companies to assess and mitigate risks to freedom of expression and privacy in the face of laws, restrictions, and demands.