The need for sector-specific safeguards in ‘techade’

India’s digital economy is set to reach a whopping $1 trillion by 2026. The Digital Personal Data Protection Bill 2022, that was proposed recently, comes after five years of discussion and deliberation on a framework to safeguard citizens’ information from misuse and unauthorised access. Even as the Bill outlines citizens’ rights over their personal data and the responsibilities of data collectors, it lacks specificity in certain clauses such as the interaction with sectoral data protection regulations. The American sectoral approach to data protection has been deemed flawed for various reasons, including inconsistent protection, problems in enforcement, overlapping and contradictory provisions, and a lack of federal regulation leaving certain sectors unprotected. Therefore, the current draft of the Bill, while a major step towards ensuring the protection of citizens’ personal data, needs greater clarity and specificity regarding the interaction with sectoral regulations; we need to draw from our experience to find the right balance Finding the right space for the Bill In India, for example, we already have sectoral regulations regarding data protection such as the Reserve Bank of India’s directive on storage of payment data and the National Health Authority’s Health Data Management Policy.