A+| A| A-
A Defective Data Protection Board
The Digital Personal Data Protection Bill, 2022 is notably silent on a key agency that it proposed to set up to enforce the law—the Data Protection Board. This silence has implications for the constitutional validity of the provisions in question, especially since the bill excludes the jurisdiction of civil courts and makes the board the sole mechanism for the enforcement of rights and liabilities under the bill.
Consequent to the withdrawal of the Personal Data Protection Bill, 2019, the union government recently made public a draft of the Digital Personal Data Protection Bill, 20221 (the bill). Promised as a “comprehensive legal framework” when the earlier bill was withdrawn, the bill, as it stands, is far less exhaustive than its predecessor on a number of issues (Mathi 2022).
The biggest failing of the bill perhaps may be the lack of detail in the context of the proposed “Data Protection Board” (the board). Clause 19 which provides for the creation of the board is bereft of details on its composition, the qualifications of the chairperson, members and chief executive, the tenure and terms of conditions and even the appointment process that is to be followed. All of these matters have been left to rules to be framed at a future date. The board itself is not created as a permanent body by the bill—it is left to the government to issue a notification to create it.
Dear Reader,
Or
To gain instant access to this article (download).
(Readers in India)
(Readers outside India)
