The Curious Case of India’s Personal Data Protection Bill

Personal Data Protection

We are more than just citizens today. We are netizens. With our digitized lives, we rely on the internet for everything from random queries to daily payments. The country has nearly 450 million Internet users and a growth rate of 7-8%. India is well on the path to becoming a digital economy with a large market for global players. Data being constantly shared and received mustn’t fall into the wrong hands. India’s Personal Data Protection Bill focuses on making data sharing safe and secure.

What is the Data Protection Bill?

As India’s first attempt to legislate the issue of personal data protection, the Bill aims —

“To provide for the protection of the privacy of individuals relating to their data, specify the flow and usage of personal data, create a relationship of trust between persons and entities processing the personal data, protect the fundamental rights of individuals whose personal data is processed, to create a framework for organizational and technical measures in the processing of data, laying down norms for social media intermediary, cross-border transfer, accountability of entities processing personal data, remedies for unauthorized and harmful processing, and to establish a Data Protection Authority of India for the said purposes and matters connected in addition to that or incidental thereto.”

The Bill mandates users and citizens to provide the government with any non-personal data when demanded. The Bill asks for a Data Protection Authority to form, which will be in charge of definition-making, reviews, and audits.

The Bill states penalties worth as high as Rs. 5 Crores or 2% of worldwide turnover for minor violations and Rs. 15 Crores, or 4% of worldwide turnover for more severe violations. The company’s executive may also face legal trials and jail time for up to three years under the law. 

The Bill has three main categories-

• Personal Data- Data that contains confirmation details like name, address, etc. 

• Sensitive Personal Data (SPD)- Data that contains critical information like financial status, sexual orientation, biometrics, etc. 

• Critical Personal Data- If stolen, data can be a national issue of concern like military or national security, confidential information, etc. 

The Ministry of Electronics and Information Technology gathered a committee to study the issue of data protection. The committee after analysis and discussion submitted the draft for the Personal Data Protection Bill, 2018 in July 2018. The Cabinet Ministry of India after further observations approved the draft as the Personal Data Protection Bill 2019 on the 11th of December 2019. 

Why is Such A Bill Necessary?

The reality is that almost every single activity undertaken by an individual involves some sort of data transaction. The data or information gathered should be used for the intended reasons. It became necessary to establish authority for those who collect, store, and process personal data. In addition, rights for people whose data is held. 

Not quite long ago, external and domestic consumer customers expressed concern about the country’s data protection and privacy regulations as being ineffective. A few incidences have questioned the data protection and privacy regulations in India, embarrassing the outsourcing sector.

Data Protection Laws can help enforce cybersecurity and give an internet experience without any kind of infringement. Recently, users witnessed many WhatsApp hacks and data leaks have users. One more issue is spreading fake news about national security threats and other instances. Enforcement laws can curb such instances. 

Data Protection Around The World

Globally, there are several contrasting and similar Data Protection Laws, models, and approaches. 

In Europe, the right to privacy is fundamental freedom intended to uphold one’s dignity.  The European Charter of Fundamental Rights (EU Charter), mentions the right to privacy. Along with the right to the protection of personal data. EU GDPR or the General Data Protection Regulation was initially more of global law for data protection. It was for associations that dealt with processed data on a global basis. 

In the US, privacy protection is essentially a “liberty protection” i.e. protection of the personal space from the government. There are no official laws at the federal level in the country. But, there are some federal legislations that protect data more generally. Several US states have adopted their data-related legislation due to the transfer of power to the state level. The California Consumer Privacy Act (CCPA) provides robust privacy rights and consumer protection. 

Brazil has the General Data Protection Law ( Brazil’s Lei Geral de Proteção de Dados). It specifies the terms “personal data” and “public data,” and lays down specific obligations, applied to all areas of the nation.

The United Kingdom’s Data Protection Act 2018 has already implemented the requirements of the EU’s GDPR into UK law from 01 January 2021. It was dissolved thanks to Brexit,  in 2021 and new regulations will apply thereafter. 


The Indian Bill tabled in 2019, however, faced a lot of criticism both from companies and the citizens of the country. Critics pointed out that the Bill had a lot of loopholes and open-ended definitions that may result in the state intruding on a person’s private life. 

Critics observed that through this Bill, the government can “at any time access private data or government agency data. On grounds of sovereignty or public order.” The bill needs to be revised and respect the fundamental Right to Privacy.

The Government took the criticism into a review which led to withdrawing the Bill in Lok Sabha. The Bill is currently under scrutiny and a revised draft will soon be submitted for the Personal Data Protection Bill. 


The prime focus of the revised Bill should be to find a balance between securing data and data privacy. Data Localization is a crucial step but should be initiated with organic categorizations and solutions. 

New Personal Data Protection Bill will be introduced in next Parliament session: Center informs SC during WhatsApp Privacy Policy hearing.

Releated Posts:


Fortunes Crown seeks to inspire, inform and celebrate businesses.We help entrepreneurs, business owners, influencers, and experts by featuring them and their


get daily update to join our Magazine