Personal Data Protection Bill – Provisions and Issues

Personal Data Protection Bill – Provisions and Issues

Personal Data Protection Bill

Personal Data Protection Bill, 2019: It is based on Justice B N Srikrishna’s committee. It has the following provisions:

  • The Bill establishes a Data Protection Authority (DPA) as an independent regulator with quasi-judicial powers.
  • Each company will have a Data Protection Officer (DPO) who will liaison with the DPA for auditing, grievance redressal, recording maintenance, and more.
  • Holistic Approach: The Bill governs the processing of personal data by the government, companies incorporated in India, and foreign companies dealing with the personal data of individuals in India.

Classification of Personal Data Protection Bill

The Bill classifies the data into 3 types:

  • Critical data (characterized by the government) must be stored and handled only in India.
  • Sensitive data like passwords, financial data, health data, biometric data, etc may be processed outside India with the user’s explicit consent and be stored in India only.
  • General data is any data that is non-critical and non-sensitive and is categorized as general data with no limitation on where it is stored or managed.
  • Rights of the individual include seeking correction of inaccurate, incomplete, or out-of-date personal data, and the Right to be forgotten, i.e., to restrict continuing disclosure of their personal data by a fiduciary.
  • Data Processing can be done only if the individual provides consent. However, in certain circumstances, personal data can be processed without consent. These include:
        • If required by the State
        • Legal proceedings
        • To respond to a medical emergency.
  • Big Social media intermediaries must provide a voluntary user verification mechanism for users in India.
  • The central government can exempt any of its agencies from the provisions of the Act in the interest of the security of the state, public order, sovereignty and integrity of India, and friendly relations with foreign states,
  • The Bill amends the Information Technology Act, of 2000 to delete the provisions related to compensation payable by companies for failure to protect personal data.


Justice (Rtd) BN Srikrishna, has reportedly called it “a piece of legislation that could turn India into an Orwellian state”.

Concerns on Personal Data Protection Bill

  • No independent collegium for the appointment of members to the DPA.
  • Open-ended exceptions power to the government.

Recent Addition

The Personal Data Protection Bill, 2019, was withdrawn by the Union Information Technology Minister in light of the recommendations given by the Joint Committee of Parliament (JCP) on the Law.


Thus, it appears from the above discussion that the bill appears to be a good step in the right direction. However, it has various issues that must be addressed to ensure that in a digital age, someone’s privacy is not taken for granted.

Download the PDF now:

External Link

Daily Current Affairs for UPSC


Get the important and the best daily current affairs for the UPSC examination from Plutus IAS. Today, collect the current affairs from us and memorize them properly. 

Also, get the weekly, and monthly current affairs for IAS exam preparation. 

No Comments

Post A Comment