ABSTRACT
Personal data once captured by digital platforms employing new-age digital technologies could be misused for targeted marketing, targeted campaigning, or for any other kind of unilateral commercial and social gains, leading to a sense of weariness amongst users. Prudent regulations around Data Protection could, therefore, serve as an invaluable tool to cement the trust of digital users on digital technologies. The Government of India introduced the Digital Personal Data Protection (DPDP-2022) bill in November 2022 – that has its immediate predecessor in the Personal Data Protection Bill (PDP), 2021 – which had further emanated from several constitutional processes, initiated formally in the year 2018. Such regulations are indeed a timely attempt to support individuals’ privacy vis-à-vis corporates. The study attempts to chronologically map this data protection journey of India from its very start till PDP-2021. It further attempts a critical policy analysis of each of these policy versions. The study particularly critiques PDP-2021 for some of its nascent provisions. The study insists on balancing innovation pitied against the trust of the digital users, who, we should not forget, are the real owners of this date. Since the study had been conducted in the year 2021, it has not encompassed discussions on the recently announced DPDP-2022.
