Data Protection Bill 2019: An Analysis

Data Protection Bill 2019: An Analysis

BLOG/ NEWS LAW EXPLAINED Legal Legal Documents & Acts
Spread the Love

The need for a Data Protection Law came into existence the most, over the concerns of privacy when ADHAAR came into existence back in the year 2009. Although the first Data Protection Bill was introduced way back in 2006, a law is yet to be formed. As of today the only law containing provisions for the scope of usage of personal data by corporations is the Information Technology Act 2000. There has been a desperate need for a sound Data Protection Act despite the IT Act due to a plethora of reasons, the consequences of which has made India the biggest host of outsourced data. To address these reasons the latest development on this issue, the Personal Data Protection Bill 2019  was introduced.

What is this data and why does it need to be protected?

Data can be classified into two groups: Personal and Non-Personal Data. Non-Personal Data is a basic set which does not contain any personally identifiable information. On the other hand,  Personal Data can be described as a set of information (sexual orientation, phone number, IP Addresses or Location Data, Internet traffic) which can potentially be used to identify an individual.

In 2017, the Supreme Court of India ruled that privacy is a constitutional right of Indian citizens. Every Citizen however, leaves a visible trail of digital data while navigating the digital world. PDPB intends to protect and safeguard citizens’ right to privacy by curbing the exploitation of this data.

What is the Personal Data Protection Bill 2019?

The Personal Data Protection Bill, 2019 was introduced in Lok Sabha by the Minister of Electronics and Information Technology, Mr. Ravi Shankar Prasad, on December 11, 2019. The bill seeks to govern the law relating to collection, usage, processing and storage of Personal Data of Individuals by setting up a Data Protection Authority of India. It aims to protect Individuals’ right to privacy that can be breached by unsolicited usage of personal data of individuals.

The Personal Data Protection Bill seeks to address all the ambiguity surrounding data by focusing on the following provisions:

  • Applicability: The bill is applicable on certain stakeholders capable of processing personal data viz;
    • The government,
    • Indian Companies and
    • Foriegn Companies processing data of individuals in india.
  • Obligations of Data Fiduciary: The bill states a Data Fiduciary is an entity that holds the Personal Data of individuals and processes it in a fair and reasonable manner, while ensuring the privacy of the data principal.
  • Grounds for processing personal data: The bill approves the processing of data only and with the consent of the individual except for in the case of:
    • Requirement of data by the government in any case necessary
    • Legal proceedings and
    • Attending a medical emergency.
  • Rights of the individual: The bill seeks to provide the individual (read: Data Principal) the right to receive a confirmation from the data fiduciary as and when his data is accessed/processed/corrected/erased and the right to obtain an easily comprehensible copy of his data processed by the fiduciary. Data Principal also hold the right to have their data deleted as per their wish.
  • Sharing of non-personal data with the government: The central government may direct data fiduciaries to provide it with any:
    • Non-personal data and
    • Anonymised personal data (where it is not possible to identify data principal) for better targeting of services.
  • Exemption: The government can exempt itself from the provisions under this bill in case the government is convinced that it is necessary for the State to process or access an individual’s data
  • Transfer of Data outside India: Sensitive personal data may be transferred outside India if and only when the individual consents to it while continuing to store the data in india. Data recognised as ‘Critical’ by the government can be processed only in india.
  • Offenses and Penalty:
    • Violation while processing or transferring data: 4% of annual turnover of the data fiduciary or 15 crore rupees whichever is higher.
    • Failure to conduct data audit: 2% of the annual turnover of the fiduciary or 5 crore rupees whichever is higher.
This blog is written by Dharna Prasad, Hindu College.

Some of her blogs-

Visit our Instagram page @lawyergyan at this link.


Please Subscribe for more updates.

Get Lawyers Gyan in your Email & Join 10000+ Lawyers!!

Spread the Love

Leave a Reply