India's proposed data protection legislation, the Personal Data Protection Bill, 2019 is currently pending in Parliament. The bill proposes to create a new, independent public authority called the Data Protection Authority of India (DPA). The DPA will oversee the implementation of the protections provided under the bill and is therefore a key part of the proposed regulatory framework. However, as a new regulator, the DPA will have to build data-related expertise. The DPA will also have to deal with capacity constraints that existing Indian regulators already face. Given that the bill is on its way to being enacted into law, how can the Indian Government best prepare for what lies ahead? What strategies can the DPA adopt to enable it to become a capable and effective regulator?

Carnegie India hosted a workshop on ‘Building an effective Data Protection Authority in India’. This event examined capacity constraints likely to be faced by the proposed DPA, and the need to prepare for it in advance. This workshop featured a presentation by Carnegie India scholars Suyash Rai and Anirudh Burman. It was followed by a discussion featuring Dr. Ajay Shah, Ms. Annabel Lee and Ms. Rosalien Stroot.


1. Shivangi Tyagi and Anirudh Burman, Banking to groceries — Data Protection Authority has multi-sector role, but must be efficient, December 6, 2020, ThePrint.

2. Suyash Rai, A Pragmatic Approach to Data Protection, February 8, 2018, The Leap Blog.