Draft Personal Data Protection Bill 2019

INTRODUCTION

India being a developing nation is witnessing a lot of advancements, especially in the sector of technology. India’s move towards digitalization or digital economy is one such great example. But in a country like India, the absence of laws on the protection of data affected the right of privacy offered in the Indian Constitution, the need for such laws was witnessed by India after the decision in the case of Justice K.S. Puttaswamy V Union of India & others.  

Draft Personal Data Protection Bill 

After the realization that India needs such laws on data protection, the Ministry of Electronics and Information Technology in July 2017 established a group made up of 10 specialists and chaired by Justice B.N. Sri Krishna, a former Supreme Court Justice to address the issue of the need for the data protection legislation. The Justice B.N. Krishna Committee produced a report on July 27, 2018.  

Subsequently, the Draft Personal Data Protection Bill, 2019 was introduced before the Indian Parliament on December 11th, 2019. The main goal of this Act is to address the growing privacy and data protection concerns by fostering an environment that promotes the development of a free and fair digital economy ensuring the Indian’s right to privacy. This Data Protection Bill 2019 establishes an independent Data Protection Authority (DPA) to regulate the matters related and also paves the way for certain exemptions and their grounds.  

Scope of Draft Personal Data Protection (PDP) Bill 2019  

This legislation is drafted to regulate the processing of personal data by,  

Processing personal data that has been collected, disclosed, shared, or otherwise processed within the territory of India.  

Processing of Personal Data by the State, any Indian company, any citizen of India, or any person or body of persons incorporated or created under Indian law.  

Processing of personal data by data fiduciaries or data processors not present within the territory of India, if such processing is in connection with any business carried on in India, or any systematic activity of offering goods or services to data principals within the territory of India.   

Personal data under PDP Bill, 2019 

According to the PDP Bill, 2019, personal data refers to any data which can be used to identify any natural person directly or indirectly, containing any characteristic, trait, attribute, or any feature of identity in respect of a natural person whether online or offline and in any such combination which may be used to identify a person will be classified as Personal Data and thereby will fall under the purview of the Personal Data Protection Bill. 

Effective Date  

The bill has not been adopted as a law yet, as the bill resides with the Joint Parliamentary Committee for further discussion as the interim report of the PDP Bill was adopted for consideration by the Parliamentary Panel on the 22nd of November.  

A survey conducted by Tsaaro on Draft Personal Data Protection Bill 2019 

The need for a survey arose because Tsaaro wanted to get insights regarding the Draft Personal Data Protection Bill, 2019 from the privacy professionals.  

Through this survey, Tsaaro aims to gather valuable insights into the draft which depicts the stand of the people.  

Survey methodology  

We framed our survey in a way where we could connect with individuals and through a series of questions, understand what they think is needed and what must be done to ensure that our law measures up in global standards.  

We created the survey using online platforms and sent out the link to Privacy Professionals through our social media handles and Personal mail. In this survey, Tsaaro extensively studied the upcoming law and the points of interest we drafted a survey, wherein we collected the responses from more than 200 privacy professionals so as to study how people working in the industry are responding to the upcoming statute.  

The Survey processes  

The survey involved four steps which include,  

The first step where Tsaaro studied the Personal Data Protection Bill, 2019 extensively and formulated the Questionnaire accordingly.  

The second step is where the survey was sent out through different platforms to ensure maximum participation. 

The third step wherein participants attempted the survey and provided their valuable insights  

The fourth step wherein Tsaaro studied the insights thoroughly and came up with a report to depict the stand of participants.  

Findings of the survey 

The key findings of the personal data protection survey were that most of the participants are concerned that the bill does not provide the same rights that privacy laws such as the GDPR provide to data subjects.  

The participants also felt that the definitions in the bill were not very clear and were vague. In the case of compliance, the majority of the participants felt that once the bill is enacted there should be given sufficient time for the organization to comply with the laws. 

Suggestions to improve the bill  

The participants suggested some of their suggestions to improve the bill which includes, providing clear definitions, the definition of critical data, data localization requirement, providing independent supervisory authority, non-exemption of government or public bodies, and some of the inclusion in the data subject rights.  

Check out Tsaaro’s detailed survey on the Draft Personal Data Protection Bill, 2019  

Conclusion  

The Personal Data Protection Bill, 2019 was later withdrawn, and now the Draft Digital Personal Data Protection Bill, 2022 was introduced by the Indian government in November 2022. After getting feedback from the public, it has been approved by the government in 2023 and is expected to be introduced in the second half of the budget session of Parliament.