I do not understand why legislator of a non-US country is not instantly copying GDPR. It has solid spread already and the rules are adequately balancing customers, law and company interests (yes, that does not look like but hey, advertisement is still possible). International collaboration is much easier like that.
GDPR has this very fancy article saying: This all applies, except a law says otherwise. As a government, this is then up to you how many laws you create for your own surveillance and other state apparatus. Citizens get a nice benefit. Big companies anyway need to adhere to GDPR one way or the other due to the international market. Local companies which want to collect citizens data should get their users consent. That is not so hard. Even data privacy paranoid Germany has a private credit rating system which works for 50+ years.
There is no other reason except corruption/lobbyism which would require a legislator to vote against a GDPR like approach. There is no risk to your economy by introducing good data privacy.
Because there will be people for whom any changes would massively affect their ability to do their work/business who would not simply accept something as comprehensive as GDPR.
As the OP article says, even if not perfect, why not start here and make amendments later to tighten things up i.e. something is better than nothing. The real problem is that legislation is glacially slow and expensive to put into law which is good (to stop kneejerk laws) but also bad since it doesn't allow you to pass the 90% that is probably agreed and worry about the sticky bits later.
India doesn't have enough purchasing power to convince big tech companies (Google, Facebook, etc.) to store the data of Indian residents in India. Also, there are not many local tech monoliths with consumer apps to fall back on (like China had).
Since India depends heavily on apps & services by big tech, I doubt such requirements like GDPR has would be enforced. Although the right to ask a website to delete all information about one and so on are quite good and could work.
GDPR has this very fancy article saying: This all applies, except a law says otherwise. As a government, this is then up to you how many laws you create for your own surveillance and other state apparatus. Citizens get a nice benefit. Big companies anyway need to adhere to GDPR one way or the other due to the international market. Local companies which want to collect citizens data should get their users consent. That is not so hard. Even data privacy paranoid Germany has a private credit rating system which works for 50+ years.
There is no other reason except corruption/lobbyism which would require a legislator to vote against a GDPR like approach. There is no risk to your economy by introducing good data privacy.
Just a rant. India might have its reasons.