A Technical Look At The Indian Personal Data Protection Bill
This work addresses data protection challenges for policymakers and technologists in India, but it is incremental as it builds on existing frameworks like GDPR.
The paper analyzes India's Personal Data Protection Bill 2019, comparing it to GDPR and exploring cryptographic solutions to address its clauses, concluding that better technical understanding of privacy is crucial for defining the bill and that technical-legal collaboration can enforce it.
The Indian Personal Data Protection Bill 2019 provides a legal framework for protecting personal data. It is modeled after the European Union's General Data Protection Regulation(GDPR). We present a detailed description of the Bill, the differences with GDPR, the challenges and limitations in implementing it. We look at the technical aspects of the bill and suggest ways to address the different clauses of the bill. We mostly explore cryptographic solutions for implementing the bill. There are two broad outcomes of this study. Firstly, we show that better technical understanding of privacy is important to clearly define the clauses of the bill. Secondly, we also show how technical and legal solutions can be used together to enforce the bill.