India Is Set To Get Its First Data Protection Law The Personal Data Protection Bill, 2019 has been cleared by the Union Cabinet on December 4

By Tahira Noor Khan

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Pixabay

In today's time when technology is becoming all-pervasive and cyber crimes are increasing, the need for a data protection law is dire. The first draft of the Personal Data Protection (PDP) Bill was submitted in 2018 to Ministry of Electronics and Information Technology (MEITY). The 2018 bill was drafted by a panel headed by ex-Supreme Court judge Justice B.N. Srikrishna. With some changes, The Personal Data Protection Bill, 2019 has been cleared by the Union Cabinet on December 4.

The bill categorizes personal data into three parts and talks about its collection, storage and processing. It also delves on the consent of individuals, penalties and compensation, code of conduct and an enforcement model. The PDP Bill is said to be modelled after the European Union's General Data Protection Regulation (GDPR) law. However, debates are going on around the PDP Bill.

Related Read: Personal Data Protection Bill 2018: Will the Legislation Introduce a GDPR-esque Compliance Regime in India?

The Contentions

The Personal Data Protection Bill, 2019 divides data into three categories, namely general, sensitive and critical. The Bill defines sensitive personal data as constituting or related to passwords, financial data, health data, official identifier, sexual orientation, religious or caste data, biometric data and genetic data. The critical data includes military or national security data and can be defined by the government to include other aspects of data. All the other data falls in the category of general data.

1. Data Localisation

According to this categorisation, there are rules as to where the data can be processed and stored. If the data falls in the non-critical and non-sensitive category, then it can be stored and managed anywhere in the world with the explicit consent of the individual. Sensitive data may be processed outside India with the explicit consent of the user but needs to be stored in India as well whereas critical data must be stored and handled only in India. This data localisation or the storage of personal data on servers located within the physical boundaries of one's country has been criticised by many.

The critics argue that data localisation goes against the concept of free-flowing data and hampers the growth of a country by forcing big multinationals to store data locally. It is an extra cost for companies and people further argue that security can be affected by fragmenting networks and platforms and localisation is not the answer to ensure data security.

2. Government Can Access Individual's Personal Data

The PDP Bill delegates upon the Central Government the power to issue to the Central Authority such directions which allow access and use of personal data of individuals if it thinks it is important for national security and sovereignty. There are no objective parameters and criterion of when the government can scoop in an individual's data. The bill gives the Central Authority an arbitrary power to encroach on the privacy of individuals.

Related Read: What Does The Indian Personal Data Protection Bill Say?

Other Provisions Of The Bill

The bill provides rights like Right to confirmation, Right to correction, Right to Data Portability and the Right to Be Forgotten. The bill also states that each company will have a Data Protection Officer (DPO) based out of India, who will be responsible for auditing, grievance redressal, recording maintenance and more of people's personal data.


Tahira Noor Khan

Former Junior Features Writer

Business News

'I Love Doing Product Reviews': Bill Gates Stepped Down from Microsoft in 2020, But Admits He Still Spends 15% of His Time Working at the Company

In a new interview with the Wall Street Journal, Gates also said he is still close with Microsoft's CEO Satya Nadella.

Franchise

Franchise Models Explained — How to Choose the Right One for Your Goals

Navigating the franchise world starts with understanding key business models. Here's how project-based and subscription franchises differ in investment, scalability, and recession resistance.

Business News

Uber's CEO Says Drivers Have About 10 Years Left Before They Will Be Replaced

Uber CEO Dara Khosrowshahi says the jobs of human drivers are safe for the next decade, but after that, another type of driver will take over.

Business News

Elon Musk's DOGE Is Hiring People Eager to 'Work Long Hours' to Eliminate 'Waste, Fraud and Abuse' in the Government. Here's How to Apply.

The Department of Government Efficiency is hiring U.S. citizens to help cut spending and headcounts in the federal government.

Business News

'Everyone Can Profit From It': What Is DeepSeek? China's 'Cheap' to Make AI Chatbot Climbs to the Top of Apple, Google U.S. App Stores

DeepSeek researchers claim it was developed for less than $6 million, a contrast to the $100 million it takes U.S. tech startups to create AI.

Starting a Business

Market Research: What It Is and How to Conduct It

To boost your competitive advantage, you may want to do market research. Entrepreneur is here with a guide on market research and how to conduct it.