Without further delay: Why India urgently needs a data protection law

The absence of a comprehensive data protection law in India has severe economic and national security implications.

ByJehosh Paul

Published Jun 16, 2023 | 9:00 AMUpdatedJun 16, 2023 | 9:00 AM

Data Protection Law India

In the wake of the significant data breach suffered by prominent e-commerce retailer Zivame, where the personal information of 1.5 million customers was put up for sale online, the need for a robust data protection law in India becomes starkly evident.

This incident is not an isolated occurrence, but rather represents the latest in a series of recurring data breaches in India’s continually evolving digital landscape.

Also read: Report says CoWIN security breach bleeds personal data

Poses substantial challenges

The situation in India regarding data protection poses substantial challenges with profound implications for both the country’s economy and national security.

With cyber-attacks on the rise and the potential revenue opportunity of $35 billion at stake, it is imperative for the Prime Minister Narendra Modi-led National Democratic Alliance (NDA) government, whose key campaign planks are development and national security, to prioritise the enactment of a robust and comprehensive data protection law.

While much has been said on the need for a comprehensive data protection law to protect the right to privacy, this article will shed light on the economic and national security consequences of the government’s failure to address this issue.

Also read: Cyberabad police nab Faridabad man selling confidential data 

Economic Implications

Trust serves as the foundation of consumer-business relationships, but the escalating number of data breaches, which have increased by 7.9 percent since 2017, has the potential to make consumers more cautious.

This caution could subsequently lead to a decline in customer loyalty. Research reveals that a data breach can lead to a loss of trust in 65 percent of consumers, with 85 percent ceasing engagement with the affected organisation.

Consequently, this erosion of trust can have a substantial negative impact on revenue generation.

Alongside the tangible impact on businesses, these cybersecurity concerns also influence the trajectory of innovation.

The IBM Security Data Breach Report 202 highlighted that the cost of data breaches in India averaged ₹17.6 crore per breach for FY2022, marking a 6.6 percent increase from the previous year.

Such figures can give companies pause, making them hesitant to invest in emerging technologies such as artificial intelligence (AI) and machine learning (ML) due to concerns surrounding data security.

Also read: Hyderabad cops bust Noida-based gang selling confidential data

Potential to curb innovation

This reluctance has the potential to curb technological innovation, which is a vital driver of modern economic growth, and could lead to stagnation in our burgeoning economy.

The implications of data security, however, extend beyond domestic boundaries, and have the potential to affect foreign investment and international trade.

The insecurity surrounding data protection in India may discourage foreign businesses from investing.

Existing foreign companies, including Mastercard and Visa, have in the past expressed concerns over India’s data localisation rules, which could increase their operational costs.

Moreover, the possibility of inadequate data protection prompting other countries or blocs to impose data transfer restrictions looms large.

Such restrictions could directly impact sectors such as IT and business process outsourcing (BPO) services that rely heavily on cross-border data flow.

The National Association of Software and Service Companies (NASSCOM) predicts a potential loss of a $35 billion revenue opportunity by 2025 if these concerns are not adequately addressed.

National Security Implications

The absence of a comprehensive data protection law in India has significant implications for national security.

Experts have emphasised that the existing legal framework falls short in adequately safeguarding the data of the people, and establishing a necessary regulatory framework for both domestic and foreign apps.

This has resulted in India banning over 300 Chinese apps due to concerns regarding national security.

While it is important to acknowledge that a data protection law alone cannot eliminate every challenge, it can significantly enhance national security.

By establishing a legal framework, the law provides guidelines, regulations, compliance measures, and penalties to ensure that the apps do not compromise users’ sensitive personal data.

This helps mitigate the risks of cyber threats, and strengthens the nation’s ability to safeguard its citizens, businesses, and critical digital infrastructure.


The absence of a comprehensive data protection law in India has severe economic and national security implications.

To ensure the trust of consumers, attract foreign investment, and align with the Bharatiya Janata Party (BJP)’s key campaign planks of development and national security, it is crucial for the Modi regime to promptly address data protection concerns.

By enacting a robust data protection law, India can foster a secure digital ecosystem, encourage technological innovation, and protect its national interests.

It is essential that the Government of India prioritise the enactment of this law, recognising its significance for India’s economic growth, and national security in the digital age.

(Jehosh Paul is a Lawyer and Research Consultant. He holds an LLM in Law & Development from the Azim Premji University, Bengaluru, and is associated with the Congress. Views expressed are strictly personal and not of the organisation)