Personal Data Protection Bill 2019


    In News

    • A Parliamentary panel deliberating on the Personal Data Protection Bill has made certain recommendations.

    Recommendations Made

    • Limit the exemptions available to the government under the current version by placing reasonable restrictions on how the exemption can be availed.
    • The government be exempted only under a “just, fair, reasonable and proportionate procedure”.
    • The government keep non-personal data “including anonymous data” outside the purview of the personal data protection bill.


    • The draft Personal Data Protection Bill, 2019 was referred to a Joint Parliamentary Committee (JPC) in 2019 which was tasked to come up with a report on its recommendations on the various provisions in the bill.

    Contentious Issue

    • Currently, the contentious clause 35 of the draft data protection bill allows the government and its agencies to gain blanket exemptions from complying with any and all provisions of the bill, with no checks and balances in place.
    • Agencies like the Aadhaar authority UIDAI and the Income Tax Department have already sought to be exempted from the bill.

    Key Features of Personal Data Protection Bill 2019

    • Categorisation of Data: Constitute 3 types of user data: Sensitive, Critical and General.
    • Concept of Data Principle: Gives data principle right over his/her personal data & how it can be utilised.
    • Right to Forgotten: This allows an individual to remove consent for data collection and disclosure.
    • Exemptions: Government is qualified to obtain the data for research or on national security concerns.
    • Setting of Independent Regulator: Data protection Authority (DPA) to safeguard the interest and check misuse of data.
    • Data Protection Officer (DPO): Each company will have DPO in which work in liaison with Data Protection Authority (DPA).
    • User Verification Mechanism: Social media companies need to develop UVM based on the severity of data.
    • Data Localisation Norms: Non-personal data can be stored and processed outside but personal data within the Indian territory.

    Shortcomings/ Challenges

    • The independence of data protection authority is questionable.
    • Government can have access to a wide range of data.
    • Prevailing digital illiteracy is also the main concern
    • The complicated language used by the internet agencies in terms and conditions.
    • Lack of proper digital infrastructure

    Way Forward

    • Provision of Data Localisation should be enforced.
    • Focus on enhancing digital awareness and literacy, not only the digital economy.
    • Independence of the data protection authority.
    • DPB should be passed and enforced soon to have a robust data protection regime.

    Source: ET