India Is Set To Get Its First Data Protection Law

The Personal Data Protection Bill, 2019 has been cleared by the Union Cabinet on December 4

learn more about Tahira Noor Khan

By Tahira Noor Khan


Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

In today's time when technology is becoming all-pervasive and cyber crimes are increasing, the need for a data protection law is dire. The first draft of the Personal Data Protection (PDP) Bill was submitted in 2018 to Ministry of Electronics and Information Technology (MEITY). The 2018 bill was drafted by a panel headed by ex-Supreme Court judge Justice B.N. Srikrishna. With some changes, The Personal Data Protection Bill, 2019 has been cleared by the Union Cabinet on December 4.

The bill categorizes personal data into three parts and talks about its collection, storage and processing. It also delves on the consent of individuals, penalties and compensation, code of conduct and an enforcement model. The PDP Bill is said to be modelled after the European Union's General Data Protection Regulation (GDPR) law. However, debates are going on around the PDP Bill.

Related Read: Personal Data Protection Bill 2018: Will the Legislation Introduce a GDPR-esque Compliance Regime in India?

The Contentions

The Personal Data Protection Bill, 2019 divides data into three categories, namely general, sensitive and critical. The Bill defines sensitive personal data as constituting or related to passwords, financial data, health data, official identifier, sexual orientation, religious or caste data, biometric data and genetic data. The critical data includes military or national security data and can be defined by the government to include other aspects of data. All the other data falls in the category of general data.

1. Data Localisation

According to this categorisation, there are rules as to where the data can be processed and stored. If the data falls in the non-critical and non-sensitive category, then it can be stored and managed anywhere in the world with the explicit consent of the individual. Sensitive data may be processed outside India with the explicit consent of the user but needs to be stored in India as well whereas critical data must be stored and handled only in India. This data localisation or the storage of personal data on servers located within the physical boundaries of one's country has been criticised by many.

The critics argue that data localisation goes against the concept of free-flowing data and hampers the growth of a country by forcing big multinationals to store data locally. It is an extra cost for companies and people further argue that security can be affected by fragmenting networks and platforms and localisation is not the answer to ensure data security.

2. Government Can Access Individual's Personal Data

The PDP Bill delegates upon the Central Government the power to issue to the Central Authority such directions which allow access and use of personal data of individuals if it thinks it is important for national security and sovereignty. There are no objective parameters and criterion of when the government can scoop in an individual's data. The bill gives the Central Authority an arbitrary power to encroach on the privacy of individuals.

Related Read: What Does The Indian Personal Data Protection Bill Say?

Other Provisions Of The Bill

The bill provides rights like Right to confirmation, Right to correction, Right to Data Portability and the Right to Be Forgotten. The bill also states that each company will have a Data Protection Officer (DPO) based out of India, who will be responsible for auditing, grievance redressal, recording maintenance and more of people's personal data.

Tahira Noor Khan

Junior Features Writer

Related Topics


4 Ways To Negotiate For A Good Salary

Negotiating a salary can be an intimidating task for many, especially for those who are just starting their careers. However, with the right approach and mindset, this can become a smooth and successful process.

Business News

Amazon Is Starting to Let Customers Know What Products Are Returned Often

The e-commerce giant has begun flagging certain items that were frequently sent back.

News and Trends

Student Run Startup Plutus Raises $280,000 Pre-Seed Funding

The fund raised will help Plutus build new tools to expand the monetisation potential for content creators


50 Work-From-Home Jobs that Pay As Much or More than Average Salary

If you're tired of driving to an office and would love to work at home, there are plenty of high-quality full-time work-from-home jobs for you.


5 Winning Habits That Will Transform Your Leadership Skills

Ready to take your leadership skills to the next level? Discover the five winning habits that will transform you into an exceptional leader!