Get All Access for $5/mo

India Is Set To Get Its First Data Protection Law The Personal Data Protection Bill, 2019 has been cleared by the Union Cabinet on December 4

By Tahira Noor Khan

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.


In today's time when technology is becoming all-pervasive and cyber crimes are increasing, the need for a data protection law is dire. The first draft of the Personal Data Protection (PDP) Bill was submitted in 2018 to Ministry of Electronics and Information Technology (MEITY). The 2018 bill was drafted by a panel headed by ex-Supreme Court judge Justice B.N. Srikrishna. With some changes, The Personal Data Protection Bill, 2019 has been cleared by the Union Cabinet on December 4.

The bill categorizes personal data into three parts and talks about its collection, storage and processing. It also delves on the consent of individuals, penalties and compensation, code of conduct and an enforcement model. The PDP Bill is said to be modelled after the European Union's General Data Protection Regulation (GDPR) law. However, debates are going on around the PDP Bill.

Related Read: Personal Data Protection Bill 2018: Will the Legislation Introduce a GDPR-esque Compliance Regime in India?

The Contentions

The Personal Data Protection Bill, 2019 divides data into three categories, namely general, sensitive and critical. The Bill defines sensitive personal data as constituting or related to passwords, financial data, health data, official identifier, sexual orientation, religious or caste data, biometric data and genetic data. The critical data includes military or national security data and can be defined by the government to include other aspects of data. All the other data falls in the category of general data.

1. Data Localisation

According to this categorisation, there are rules as to where the data can be processed and stored. If the data falls in the non-critical and non-sensitive category, then it can be stored and managed anywhere in the world with the explicit consent of the individual. Sensitive data may be processed outside India with the explicit consent of the user but needs to be stored in India as well whereas critical data must be stored and handled only in India. This data localisation or the storage of personal data on servers located within the physical boundaries of one's country has been criticised by many.

The critics argue that data localisation goes against the concept of free-flowing data and hampers the growth of a country by forcing big multinationals to store data locally. It is an extra cost for companies and people further argue that security can be affected by fragmenting networks and platforms and localisation is not the answer to ensure data security.

2. Government Can Access Individual's Personal Data

The PDP Bill delegates upon the Central Government the power to issue to the Central Authority such directions which allow access and use of personal data of individuals if it thinks it is important for national security and sovereignty. There are no objective parameters and criterion of when the government can scoop in an individual's data. The bill gives the Central Authority an arbitrary power to encroach on the privacy of individuals.

Related Read: What Does The Indian Personal Data Protection Bill Say?

Other Provisions Of The Bill

The bill provides rights like Right to confirmation, Right to correction, Right to Data Portability and the Right to Be Forgotten. The bill also states that each company will have a Data Protection Officer (DPO) based out of India, who will be responsible for auditing, grievance redressal, recording maintenance and more of people's personal data.

Tahira Noor Khan

Former Junior Features Writer

News and Trends

Dee Piping Goes Public: Announces Initial Public Offering

Dee Development Engineers Limited, commonly known as 'Dee Piping,' has announced its transition into a public limited company.

Business Solutions

Increase Productivity with This Microsoft 365 Subscription, Now $25 Off

It can make the entrepreneur life a lot easier.

News and Trends

Unifi Capital Launches Two New Funds at GIFT City

Rangoli India Fund and G20 Portfolio are the two new funds launched by Unifi Capital, via its subsidiary UIML in GIFT City, to expand international investment opportunities.

Business News

Apple Pay Later Is Ending. Here's What's Taking Its Place.

The program was available for less than a year.


I've Grown a High-Performing Team in Just 2 Years — Here's are 5 Growth Strategies I Learned

A team's strength lies in its people's individual skills and how they synergistically come together.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.