Nearly half a decade after the Supreme Court’s 2017 Puttaswamy judgment recognized privacy as a fundamental right, India has a new iteration of the Digital Personal Data Protection (DPDP) Bill. At a cursory glance, the bill’s simplicity immediately catches the eye. With streamlined provisions, easy-to-understand language and clear illustrations, the draft bill strives to serve a comprehensive legal framework while retaining the fundamentals of its predecessors to regulate digital personal data in the country.
Refreshingly, the bill acts as a panacea to some of the pain points of the previous versions. Nonetheless, the bill is not without room for improvement.
In a world of increased Internet penetration and a technology-fueled digital economy, there is a need to rethink traditional tools and practices of regulation and devise an agile regulatory framework that promotes innovation and disruption. One such tool that could help in the enforcement of the current bill is a co-regulatory model. On a broad spectrum of regulation with a top-down approach of government legislation on one end and bottom-up solutions of self-regulation on the other, co-regulation serves as a fine balancing act in the middle. It envisages active participation from the government, industry experts, specialized groups, civil society organizations and citizens in framing and enforcing standards and best practices. Each of these stakeholder groups are equipped with specific information about the data economy which, if combined, could result in the creation of a data protection framework that is consistently informed by empirical data and practical challenges. Such a multi stakeholder engagement will pave the way for an efficient feedback loop in enforcing intricate laws impacting the ever-so-dynamic technology landscape.
The concept of co-regulation has already had its taste of success in regulatory models across various sectors in India, and it would be a shame if the same was not applied to the DPDP Bill. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 envisage a three-tier grievance redressal system for news publishers and OTT platforms on digital media based on the co-regulatory model. At the first tier, an aggrieved person can file a complaint with the platform. At the second and the third tier, the complainant can appeal to a self-regulatory body created by an association of intermediaries followed by approaching the Interdepartmental Committee set up by the Ministry of Electronics and Information Technology. Additionally, time and again the Reserve Bank of India has promoted industry self-governance by issuing frameworks for establishing Self-Regulatory Organizations (SROs) in the digital payments ecosystem such as for Payment System Operators and Non-banking Finance Corporations. The Stock Exchange Board of India also operates on the SRO model while retaining substantial oversight over the SROs. Another example of co-regulation in India is in the real estate sector, where the government has set up the Real Estate Regulatory Authority (RERA) to oversee the regulation of the industry, but states like Maharashtra have introduced the concept of SROs for developers and builders to follow self-regulation codes of conduct established by industry associations.
Such hybrid self-regulatory models wherein the government outlines a framework for the industry players to set their guidelines and implement their own standards along with creating oversight mechanisms serve as success cases of co-regulation. Co-regulation is also becoming a defining feature of Internet and media regulations in international jurisdictions. The EU GDPR espouses a collaborative approach where the private industry players can draft codes of conduct, for ease of compliance with the law, which are monitored by data protection authorities. In a similar vein, Canada’s recent Bill C-11, enacted to reform the privacy laws in the country, provides a framework to industry players for creating their own codes of practice in assuring compliance with the privacy act.
The upsides of co-regulation are clear. It will fulfill the appetite for standardized industry action and deeper community involvement while working in tandem with the government. The principles that emanate from such consultative processes will serve as a guiding force for effective implementation of the data protection laws in the long haul. It will also lead to enhanced transparency, legal certainty, and compliance with the bill by various actors in the data chain. Most importantly, the co-regulatory model can be tailor-made to suit the regulatory landscape of India by learning from its domestic application in different sectors and international experience. The need of the hour is for India to adopt an innovative way forward that would equip the country to effectively deal with the unique regulatory challenges posed by the data economy.
Disclaimer
Views expressed above are the author's own.
Top Comment
{{A_D_N}}
{{C_D}}
{{{short}}} {{#more}} {{{long}}}... Read More {{/more}}
{{/totalcount}} {{^totalcount}}Start a Conversation