A policy tool that tries to hit two different targets is bound to miss both. India’s Personal Data Protection Bill, 2019 aims for several. One of them, both directly and indirectly, is digital competition. To be fair, policymakers and regulators the world over are grappling with the increasing overlap of data protection with competition regulation. But there are no effective answers that can be found here.
Two of the bill’s provisions that blur the regulatory boundary most directly have to do with unbundling data and consent, and data portability. Both borrow heavily from the European Union’s General Data Protection Regulation (GDPR), a directive that aims to “harmonise data privacy laws across” the EU member states. Unbundling means that when a company offers a service for which a user has to hand over personal data — say, registering on a new app — it has to offer a bouquet of choices. Users should be able to opt out of a category of service while retaining another, based on the sensitive personal data they want to share. The company also can’t make any service conditional on personal data that isn’t necessary for it.