• News
  • Columns
  • Interviews
  • BW Communities
  • Events
  • BW TV
  • Subscribe to Print
BW Businessworld

Personal Data Protection Bill To Be Tabled In Parliament

Personal Data Protection Bill, 2019 has received the approval of the Cabinet, and will be tabled in this winter session of the Parliament.

Photo Credit :


Ministry of Information and Broadcasting, quoting the Minister Mr. Prakash Javadekar, through a

Press Release dated 04 December, 2019 stated that the Personal Data Protection Bill, 2019 has received the approval of the Cabinet, and will be tabled in this winter session of the Parliament.


In 2012 a committee headed by Justice A P Shah had submitted a Report by Group of Experts on

privacy, which proposed a conceptual framework for a privacy statute in India and how Indian

Privacy law should take shape. This was followed by a consultation paper on Privacy, Security

and ownership of Data in the Telecom sector published by the Telecom Regulatory Authority of

India on the 9th August 2017. This was another endeavor to effectively enforce the

“fundamental right to privacy” recognized by the Supreme Court of India in the Justice K.S.

Puttaswamy judgment earlier in 2017 wherein the Court observed:

“Informational privacy is a facet of the right to privacy. The dangers to privacy in an age

of information can originate not only from the state but from non-state actors as well.

The Parliament needs to examine and put into place a robust regime for data protection

in India. The creation of such a regime requires a careful and sensitive balance between

individual interests and legitimate concerns of the state.”

Subsequently, the Ministry of Electronics and Information Technology, vide its NotificationNo.3

(6)J2017-CLES (hereinafter referred to as “Notification”) had constituted a “Committee of

Experts” under the Chairmanship of former Supreme Court Justice „Shri B N Srikrishna‟ on issues

relating to data protection in India and draft a bill on data protection.

The Committee released a „white paper of the committee of experts on a data protection

framework for India‟ (hereinafter “white paper”) on 27th November 2017. The White paper

highlighted key principles for the data protection law like legal flexibility, informed consent,

controller accountability, data minimisation etc. This white paper was open for comments from

the public and held stakeholders‟ consultation in Delhi, Hyderabad, Bengaluru and Mumbai till

31st January, 2018.

The Committee of Experts under the Chairmanship of Justice B N Srikrishna on the 27th of July

2018, submitted its Report to the Ministry of Electronics and Information Technology titled “A

Free and Fair Digital Economy-Protecting Privacy, Empowering Indians”, making

recommendations on principles underlying data protection, identifying key data protection issues and recommending methods of addressing them.

The Committee of Experts also submitted a draft Bill titled “The Personal Data Protection Bill,

2018” (hereinafter referred to as the “Bill”) with primary objective to

“protect the autonomy of individuals in relation with their personal data, to specify where the

flow and usage of personal data is appropriate, to create a relationship of trust between

persons and entities processing their personal data, to specify the rights of individuals whose

personal data are processed, to create a framework for implementing organisational and

technical measures in processing personal data, to lay down norms for cross-border transfer of

personal data, to ensure the accountability of entities processing personal data, to provide

remedies for unauthorised and harmful processing, and to establish a Data Protection Authority

for overseeing processing activities”

Scope and Applicability of the Bill


 The draft Bill provides for horizontal applicability of the proposed legislation, whereby

section 2(1)(b) provides that the same shall be applicable to both government and private


 Further, the draft Bill under Sections 3 (13) and (14) provides for the reformulation of the

relationship between the “data subject” and the “data controller” as a fiduciary

relationship between the “data principal” and the “data fiduciary” to emphasize greater

accountability and trust between the two.

Definition of personal data:

 The draft Bill underscoring the importance of defining what constitutes personal

information as critical to determine the extent of the law defined Personal data on the

parameters of identifiability under provisions of Section 2(3) of the Bill. While the said

definition does not specifically mention any particular form of data or attribute, the bill

expressly mentions the exclusion of anonymized data from the application of the law.

 While the definition of sensitive personal data, has been expanded has been expanded

under Indian law to include passwords; financial data; health data; official identifier; sex

life; sexual orientation; biometric data; genetic data; transgender status; intersex status;

caste or tribe; religious or political belief or affiliation1


 Additionally, data fiduciaries are required to establish mechanisms for age verification

and parental consent and Processing of personal and sensitive personal of children by

data fiduciaries should be done in a manner that protects and advances the rights and

best interests of the child.

 Besides as per provisions of Section 23 of the proposed draft Bill, it has been laid down

that fiduciaries that operate commercial websites or online services directed at children

or process large volume of children personal data would be classified as guardian data

fiduciaries and barred from performing certain processing operations.

Tags assigned to this article:

Top themes and market attention on: