Digital risks

India needs appropriate laws to protect data

The alleged leak from the CoWin database is yet another indication of some persistent weaknesses in India’s digital public infrastructure (DPI) and a pointer to the need to overhaul its techno-legal approach to managing the personal data of citizens. According to the government, the details being disseminated from the Telegram bot may be from a prior data leak. The concerns, therefore, extend way beyond this one leak, damaging as that may be. It has been six years since the Supreme Court declared privacy a fundamental right and five years since a committee chaired by Justice (retired) B N Srikrishna prepared the first draft of legislation for personal data protection. But a policy vacuum continues to exist since India still doesn’t have a dedicated law on data protection and privacy. Nor does it have a dedicated law on cybersecurity.

Incidents of this kind will continue to occur because of dissonance between government policy to encourage digitisation