India Is Set To Get Its First Data Protection Law The Personal Data Protection Bill, 2019 has been cleared by the Union Cabinet on December 4

By Tahira Noor Khan

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Pixabay

In today's time when technology is becoming all-pervasive and cyber crimes are increasing, the need for a data protection law is dire. The first draft of the Personal Data Protection (PDP) Bill was submitted in 2018 to Ministry of Electronics and Information Technology (MEITY). The 2018 bill was drafted by a panel headed by ex-Supreme Court judge Justice B.N. Srikrishna. With some changes, The Personal Data Protection Bill, 2019 has been cleared by the Union Cabinet on December 4.

The bill categorizes personal data into three parts and talks about its collection, storage and processing. It also delves on the consent of individuals, penalties and compensation, code of conduct and an enforcement model. The PDP Bill is said to be modelled after the European Union's General Data Protection Regulation (GDPR) law. However, debates are going on around the PDP Bill.

Related Read: Personal Data Protection Bill 2018: Will the Legislation Introduce a GDPR-esque Compliance Regime in India?

The Contentions

The Personal Data Protection Bill, 2019 divides data into three categories, namely general, sensitive and critical. The Bill defines sensitive personal data as constituting or related to passwords, financial data, health data, official identifier, sexual orientation, religious or caste data, biometric data and genetic data. The critical data includes military or national security data and can be defined by the government to include other aspects of data. All the other data falls in the category of general data.

1. Data Localisation

According to this categorisation, there are rules as to where the data can be processed and stored. If the data falls in the non-critical and non-sensitive category, then it can be stored and managed anywhere in the world with the explicit consent of the individual. Sensitive data may be processed outside India with the explicit consent of the user but needs to be stored in India as well whereas critical data must be stored and handled only in India. This data localisation or the storage of personal data on servers located within the physical boundaries of one's country has been criticised by many.

The critics argue that data localisation goes against the concept of free-flowing data and hampers the growth of a country by forcing big multinationals to store data locally. It is an extra cost for companies and people further argue that security can be affected by fragmenting networks and platforms and localisation is not the answer to ensure data security.

2. Government Can Access Individual's Personal Data

The PDP Bill delegates upon the Central Government the power to issue to the Central Authority such directions which allow access and use of personal data of individuals if it thinks it is important for national security and sovereignty. There are no objective parameters and criterion of when the government can scoop in an individual's data. The bill gives the Central Authority an arbitrary power to encroach on the privacy of individuals.

Related Read: What Does The Indian Personal Data Protection Bill Say?

Other Provisions Of The Bill

The bill provides rights like Right to confirmation, Right to correction, Right to Data Portability and the Right to Be Forgotten. The bill also states that each company will have a Data Protection Officer (DPO) based out of India, who will be responsible for auditing, grievance redressal, recording maintenance and more of people's personal data.


Tahira Noor Khan

Former Junior Features Writer

Side Hustle

'I Was Called Crazy': This 27-Year-Old's Side Hustle Hit $30,000 a Month in Under a Year — Now It's Worth Millions

Changing regulations forced Angel Rodriguez's jet ski rental company to shut down, and the young entrepreneur had to figure out his next move — fast.

Business News

'How Vulnerable Senior Investors Are': Morgan Stanley Was Ordered to Pay $843,000 to an Elderly Widow Who Was Scammed Out of Millions (and Not By Them)

The scheme involved multiple criminals who pretended to be technical support staffers, employees at the bank, and even government workers.

News and Trends

Ranbir Kapoor Launches Lifestyle Brand ARKS in Mumbai

ARKS will offer premium footwear and wardrobe staples like tailored shirts, white T-shirts, and trousers, reflecting Ranbir Kapoor's sophisticated yet relaxed style influenced by cinema and fashion trends.

Growing a Business

The 10 Best Podcasts Every Entrepreneur Should Listen to for Growth, Strategy and Success

Unlock your potential with the 10 must-listen podcasts for entrepreneurs, offering expert insights on growth, strategy and success.

Marketing

Beyond Likes and Shares — How to Leverage Influencer Partnerships in the New Era of Social Media

Social media is evolving, and traditional marketing tactics are no longer enough. Learn how to leverage influencer partnerships, build authentic connections and navigate dark social to create impactful marketing campaigns that drive real engagement and trust.