India Is Moving To Replace Two-Decade-Old IT Act With New ‘Digital India Act'

The Indian government will "very shortly" begin work on a new Digital India Act to govern the country's digital ecosystem, Minister of State for Electronics and IT Rajeev Chandrasekhar said on Saturday, 9 April, according to The Economic Times.

The new law is intended to replace the IT Act, 2000, which is over two decades old. “In the internet domain, 22 years is almost four or five centuries," he said.

Chandrasekhar added that the government is focused on creating enabling frameworks and policies through public consultation.

The Indian government is in the process of creating a comprehensive legal and executive architecture to support India's digital ambitions.

So far, the plan includes four components:

1. A data governance policy framework – Chandrasekhar told ET that a new framework will be introduced to replace the controversial Draft India Data Accessibility & Use Policy, which suggested that government data could be sold to the private sector.

2. Cybersecurity policies and guidelines – India's current cybersecurity policy was introduced in 2013 after reports emerged that the US was spying on Indians. This policy could soon see a revamp.

3. A new data protection law – The Personal Data Protection Bill, 2019, was referred to a Joint Parliamentary Committee (JPC) which submitted its report in December 2021 with a new draft bill to Parliament. Reports suggest that the current bill may be scrapped in favour of a fresh privacy bill.

4. The proposed Digital India Act – This will be a renewed law to govern the digital ecosystem and the cyberspace in India, replacing the IT Act, 2000, which is the India's main law dealing with cyber crime and e-commerce.

”What you’re seeing today are the building blocks of the overall architecture for the next 10 years of India’s tech economy,” Chandrasekhar told the publication.

The Union minister, in an interview with ET, said that the central government will float a new National Data Governance Framework and Policy – to govern citizen data and set standards for its storage, collection, and use.

This is intended to replace the Draft India Data Accessibility & Use Policy, which was introduced on 21 February 2022 and was met with widespread concern and criticism.

The draft policy suggested that "high value" datasets that have undergone value addition or transformation may be "priced appropriately" and sold to the private sector. Without a data protection law in place, however, such a move could prove to be privacy nightmare.

More on the controversial policy here.

Crucially, according to the report, the new policy:

• Does not have any provisions related to monetisation

• Will not be applicable to private entities

• Won't include restricted datasets (like Aadhaar's) in overall data sharing

• Envisages the setting up of an India Data Management Office (IDMO) responsible for setting all standards, rules, and guidelines

The policy is aimed at extracting value from the vast amounts of data that the government collects – by anonymising it and making it easily accessible to aid in governance and economic growth, especially in artificial intelligence.

“AI is a kinetic enabler of the digital economy; we can create another $100- 150 billion of opportunities for startups in this space," the Union minister told the publication.

Chandrasekhar also said that Big Tech and other online service providers are accountable to their users, ET reported.

He said that the challenges, going forward, in jurisprudence and cyberspace regulation are considerable, including the "increasing trend of weaponisation of the internet," presumably referring to cyberattacks.

He reportedly added that the government wants internet and technology to be defined by "openness, safety, trust and accountability" to users and is working on evolving a policy framework to enable that.

(With inputs from The Economic Times)