Source: Getty Summary: Indiaâs proposed data protection law would create an enormous task for the new agency formed to regulate it. Given stretched resources, the new Data Protection Authority should take a strategic approach. Related Media and Tools Countries with low state capacity need to think strategically when new regulatory functions are entrusted to the government. Any new task given to a government body requires a careful assessment of how to make the best use of available resources. India’s proposed data protection law would, if passed, require a similar assessment. The law would establish the Data Protection Authority of India (DPA)—an independent regulatory agency entrusted with the task of regulating the use of personal data across all sectors in the Indian economy. Indian regulators have been historically plagued by capacity constraints, so the DPA would need to build its capacity strategically so its resources are not disproportionately drained.