August 1, 2021

Analysis of The Proposed Data Protection Bill 2019



India being a diverse nation with great technology and equipments and in this digital surrounded world every single activity of human are surrounded by technology, starting from our day with coffee to ending our day with dinner, in whole day we come across number of task where we need equipments, gadgets to perform this activity and while performing this activity we kept sharing and receiving some vital information related to oneself or to our loved ones or job, business and what so ever.

From the above point it can be said that we have our life’s majority task dependent on internet and social media and in order to secure our vital information we need some effective laws to regulate our activity and to protect it from theft, misuse or cyber attacks. In present we have Information technology Act ,2000 which cover majority of protection from cyber abuse but when comes to data protection, this present Act is not so competent to handle every sphere of data protection so we need some stringent laws , with this our government proposed Personal Data protection , Bill 2019 to provide some effective mechanism for data protection .

Personal Data protection, Bill 2019 primarily entails to bring effective modifications to the ways in which technologies are designed and managed, including awareness on search, garage and security of information. The aim is to protect vital personal data from the infringement and abuse by the hackers, but whether this bill is without any loop holes or whether this bill going to fulfil our high hopes in field of security and data protection.

While inspecting the Personal Data protection, Bill 2019, Parliament joint select committee too faces a complicated and multifaceted challenges some of like need of quality modifications at the core of current virtual transformation: the blurring of distinction among reality and the digital world; a distinction among human, system and nature; the problem of records abundance; a shift from standalone IT property to networked belongings; and of information and statistics processing from centralised hardware architecture to distributed-software program designed architectures etc

The Personal Data protection, Bill 2019, therefore, with the objectives to promote the virtual economy, innovation and protection of citizen and consumer interest also needs to focus on information privacy and particularly of the state and public interests.

In this article, we are going to present our initial remarks on the Personal Data Protection Bill 2019, as introduced in the Lok Sabha in December 2019, along with its future and possible issue.

Before moving further we would like to deal with some important aspect behind this introduction of personal data Protection Bill, 2019

Global negotiations today revolve around debates about the switch and safety of personal information. In this present context, the Personal Data Protection Bill, 2019 can be seen as the India’s first try to regionally legislate on the difficulty of records protection.

The Bill derives its thought from a previous draft version organized by a committee headed by means of retired Justice B N Srikrishna. However, the present invoice differs from what was encouraged by way of Justice B N Srikrishna committee

The justice B N Srikrishna committee draft had required all fiduciaries to stop a copy of all personal statistics in India, which was criticised through overseas technology businesses that keep maximum of Indians’ records overseas. The Bill, however, tifurcates the records into three classes and mandates the storage within India’s boundaries relying upon the type of data.

The Bill trifurcates facts as follows

  • Personal records: means Data from which an individual may be identified like name, deal with etc. The Bill calls for sensitive personal facts to be stored handiest in India. It may be processed overseas only beneath certain conditions consisting of approval of a Data Protection Agency.
  • Sensitive personal information: Some varieties of personal information like as financial, health, sexual orientation, biometric, genetic, transgender status, caste, religious belief, and more.
  • Critical personal information: Anything that the authorities at any time can deem critical, such as military or national security records .Critical personal statistics should be stored and processed in India.
  • Non Personal Data: The Bill mandates fiduciaries to provide the authorities any non-personal information while demanded. Non-personal data refers to anonyms’ records, such as visitor’s styles or demographic facts.
  • The preceding draft did now not apply to this kind of information, which many corporations use to fund their commercial enterprise model.
  • The Bill also calls for social media companies, which can be deemed significant information fiduciaries based on factors such as extent and sensitivity of facts, to broaden their own person verification mechanism. This intends to lower the anonymity of users and prevent trolling.
  • The Bill removes the requirement of information mirroring (in case of personal records). Only character consent for information transfer overseas is required

Major highlights of the Personal Data protection, Bill 2019 as follows-

  • Personal Data protection, Bill 2019 have certain exemptions for processing information without an individual’s consent for “affordable purposes”, such as security of the state, detection of any fraud, whistle blowing, clinical emergencies, credit scoring, operation of search engines and processing of publicly available statistics.
  • The Bill provides for the establishment of an unbiased regulator Data Protection Authority, so one can oversee tests and audits and definition making.
  • Each corporation in our nation could have a Data Protection Officer who will liaison with the Data Protection Authority for auditing, grievance redressal, recording maintenance and more.
  • The Bill also provides “Purpose limitation” and “Collection limitation” clause, which restrict the gathering of information to what is wanted for “clear, specific, and lawful” purposes.
  • The Bill additionally grants for the individuals have right to facts portability and the potential to access and transfer one’s own facts. It also grants people the right to records portability, and the ability to get entry to and transfer one’s own records.
  • Finally, it legislates on the proper to be forgotten. General Data Protection Regulation, this regulation allows any man or woman to dispose of consent for information series and disclosure.
  • The Personal Data protection bill, 2019 also have the penalty provision for offences come under its view and the penalties varies such as Rs five crore or 2 percent of worldwide turnover for minor violations and Rs fifteen crore or four percentage of total global turnover for more critical violations.
  • Similarly the company’s executive can also face prison phrases of up to three years.

Some major Benefits for bringing Personal Data protection, Bill 2019

  • Under the bill now Data localisation can provide aid to our law-enforcement organizations in accessing facts for investigations and enforcement. this Data localisation will also boom the capability of the Indian authorities to tax Internet giants.
  • Secondly Instances of cyber assaults and surveillance can be checked. We can see that in recently, we heard about WhatsApp accounts hacking as many were hacked by use of Israeli software referred to as Pegasus.
  • In our nation incident of lynching is rising and for this Social media is getting used to spread fake news, which has resulted in lynching’s, countrywide safety threats, which can now be monitored, checked and avoided in time, as this strong information protection rules will also help to enforce data sovereignty.

Major issues in Personal Data protection, Bill 2019

With the introduction of this bill in our parliament many views started emerging in our society, some of them favouring the bill while at same time some of them are against of this bill many were expressed their discontent while contending that the physical vicinity of the information isn’t relevant within the cyber world. Even if the data is stored inside the country, the encryption keys may also nonetheless be out of reach of country wide agencies.

Some of us also said that National protection or reasonable purposes are an open-ended terms, this can lead to intrusion of state into the personal lives of citizens. They fear that the domino impact of protectionist coverage will cause other nations following suit as Protectionist regime suppress the values of a globalised, competitive internet marketplace, where fees and speeds determine information flows instead of nationalistic borders.

One another major issue before us in this bill is that Data Protection Authority has been weakened in the Bill, limiting the effectiveness of the new regime as immense powers and exemptions for the State will severely restrict the effectiveness of the new regime

Another issue is that Bill must strengthen client protections in the proposed sandbox and clarify its objectives “Harm” has to now not be a condition on which rights and obligations depend in the Bill; it should contain transitional provisions to create certainty approximately in its implementation.

Similarly Bill must not consist of provisions regarding the sharing of Non-Personal Data as it may hamper the personal activity of masses in day to day activity.

As there is such other concern which we need to analyse in coming time and proper debate setup should be planned in order to discuss what one can do to rectify in this bill for our effective data protection system.


From above discussion we can conclude that government step to bring Personal Data protection law in our nation is an effective initiative to curb the misuse and offences related to personal data but this objective needs to be fulfil in planned and effective way so that it could not get back fire in this changing scenario as we can see in the Justice K.S.Puttaswamy(Retd) V. Union Of India And Ors[1] ,where apex court held that the proper to privateness is a fundamental right and it’s miles vital to protect personal information as an important side of informational privacy, whereas the growth of the virtual economic system is also essential to open new vistas of socio-economic increase. In this context, the government coverage on information safety must not deter framing any coverage for the boom of the digital economy, to the volume that it doesn’t impinge on personal information privacy.


[1]K.S.Puttaswamy(Retd) V. Union Of India And Ors, WRIT PETITION (CIVIL) NO. 494 OF 2012.

Author Details: Krishankant Sharma (Jagarn Lakecity University)

The views of the author are personal only. (if any)


Leave a Reply