India's Draft Data Protection Bill: The Wrong Approach?

India's draft data protection bill takes a "harm-based" approach rather than the preferred "rights-based" approach, argues Shashank Mohan, counsel at the Software Freedom Law Center, which provides legal representation to not-for-profit developers of open source software.

"Data principals ... would have to approach the data fiduciaries showing the likelihood of harm or there is some harm caused to them due to some violations of provisions in this bill," Mohan says in an interview with Information Security Media Group. "So what we see here is that the bill has placed an onus on the data principal to prove harm to the data fiduciaries to ascertain their rights." (See: India's Proposed Data Protection Bill: Compliance Issues)

The proposed legislation defines "harm" in a broad, unquantifiable manner, Mohan contends. "It might create situations where data principals are deterred to go to data fiduciaries to enforce their rights because it is hard to prove these harms," he argues.

A rights-based approach would lead data principals to approach data fiduciaries when they see the right to privacy or certain other rights have been infringed, he says.

Mohan also points out the proposed legislation does not include a right to data erasure; instead, it focuses on the right to withhold information, he points out.

In this interview (see audio link below photo), Mohan also discusses:

• His concerns about the data localization clause in the bill;
• How the approach to consent can be modified;
• His views on right to data erasure.

Mohan is counsel at the Software Freedom Law Center. He focuses on intellectual property rights, international taxation, corporate law, education policy and human rights as well as policy research.