Get All Access for $5/mo

India Is Set To Get Its First Data Protection Law The Personal Data Protection Bill, 2019 has been cleared by the Union Cabinet on December 4

By Tahira Noor Khan

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Pixabay

In today's time when technology is becoming all-pervasive and cyber crimes are increasing, the need for a data protection law is dire. The first draft of the Personal Data Protection (PDP) Bill was submitted in 2018 to Ministry of Electronics and Information Technology (MEITY). The 2018 bill was drafted by a panel headed by ex-Supreme Court judge Justice B.N. Srikrishna. With some changes, The Personal Data Protection Bill, 2019 has been cleared by the Union Cabinet on December 4.

The bill categorizes personal data into three parts and talks about its collection, storage and processing. It also delves on the consent of individuals, penalties and compensation, code of conduct and an enforcement model. The PDP Bill is said to be modelled after the European Union's General Data Protection Regulation (GDPR) law. However, debates are going on around the PDP Bill.

Related Read: Personal Data Protection Bill 2018: Will the Legislation Introduce a GDPR-esque Compliance Regime in India?

The Contentions

The Personal Data Protection Bill, 2019 divides data into three categories, namely general, sensitive and critical. The Bill defines sensitive personal data as constituting or related to passwords, financial data, health data, official identifier, sexual orientation, religious or caste data, biometric data and genetic data. The critical data includes military or national security data and can be defined by the government to include other aspects of data. All the other data falls in the category of general data.

1. Data Localisation

According to this categorisation, there are rules as to where the data can be processed and stored. If the data falls in the non-critical and non-sensitive category, then it can be stored and managed anywhere in the world with the explicit consent of the individual. Sensitive data may be processed outside India with the explicit consent of the user but needs to be stored in India as well whereas critical data must be stored and handled only in India. This data localisation or the storage of personal data on servers located within the physical boundaries of one's country has been criticised by many.

The critics argue that data localisation goes against the concept of free-flowing data and hampers the growth of a country by forcing big multinationals to store data locally. It is an extra cost for companies and people further argue that security can be affected by fragmenting networks and platforms and localisation is not the answer to ensure data security.

2. Government Can Access Individual's Personal Data

The PDP Bill delegates upon the Central Government the power to issue to the Central Authority such directions which allow access and use of personal data of individuals if it thinks it is important for national security and sovereignty. There are no objective parameters and criterion of when the government can scoop in an individual's data. The bill gives the Central Authority an arbitrary power to encroach on the privacy of individuals.

Related Read: What Does The Indian Personal Data Protection Bill Say?

Other Provisions Of The Bill

The bill provides rights like Right to confirmation, Right to correction, Right to Data Portability and the Right to Be Forgotten. The bill also states that each company will have a Data Protection Officer (DPO) based out of India, who will be responsible for auditing, grievance redressal, recording maintenance and more of people's personal data.


Tahira Noor Khan

Former Junior Features Writer

Business News

Former Steve Jobs Intern Says This Is How He Would Have Approached AI

The former intern is now the CEO of AI and data company DataStax.

Business Process

How CEOs Can Take Control of Their Emails and Achieve Inbox Zero

Although there are many methodologies that leaders can use to manage their emails effectively, a consistent and thought-through process is the most effective way to systemize and respond to emails and is a step of stewardship for the effective leader.

Science & Technology

5 Automation Strategies Every Small Business Should Follow

It's time we make IT automation work for us: streamline processes, boost efficiency and drive growth with the right tools and strategy.

Employee Experience & Recruiting

There's a Growing Demand For This New Type of Professional — Here's Why Your Startup Needs Them, Too.

As startups evolve, a new breed of talent — the "boulder climber" — is emerging: adaptable professionals who balance strategic vision with hands-on execution. Learn why these versatile hires are redefining success in lean, agile teams.

Green Entrepreneur®

How Global Business Leaders Can Build a Sustainable Supply Chain

Businesses can build sustainable supply chains by leveraging technology to reduce environmental impact, optimize resources and track emissions while balancing operational efficiency and sustainability goals.