Libertatem Magazine

Explained: The Personal Data Protection Bill, 2019

Contents of this Page

The Personal Data Protection Bill, 2019 was introduced in parliament wherein the Joint Parliamentary Committee has been referred for detailed examination and making reports.


In July 2017 a committee was formed to examine the issues related to data protection in India. Which was chaired by Justice B.N. Srikrishna. The committee after examining the issues submitted its report along with a draft Bill to the Ministry of Electronics and Information Technology.

The Personal Data Protection Bill, 2019 was introduced by the Ministry of Electronics and Information technology in Lok Sabha. It was inspired by the principles of the General Data Protection Regulation, 2016. And from the case, Justice K.S. Puttaswamy (Retd.) & Anr V. Union of India, where it was held that the right to privacy is a fundamental right.

The aim and premise of this bill are to protect the details of individuals and establish a Data Protection Authority for the same. It intends to regulate data usage by state and private entities. It governs the processing of data by both governments and companies incorporated in India. It also governs foreign companies if they deal with the personal data of individuals in India.

Why is the Personal Data Protection Bill important?

As half of the world population have started using the internet for various purposes, the concern about data is very important. The smartphone that we use has AI that analyses us. It collects information about us from our habits to health issues, and usage of these AI technologies are inevitable in this 21st century. So, it is very important to protect the details of the individuals. Thus, countries around the world have started to pay attention to creating data-related laws and policies to protect people.

How is personal data regulated?

In India, the protection of data, its usage, and issues related to it are regulated by the Information Technology Rules, 2011 under the IT Act, 2000. This rule states that a company shall be held liable if any negligence happened while maintaining data security standards. The expert committee after analyzing the IT Rules held that:

  1. the definition of sensitive personal data under the rules is narrow and
  2. some of the provisions can be overridden by a contract. It further stated that these IT Rules apply only to companies whereas not to the government.

Is the Bill different from the draft Bill suggested by the Expert committee?

The Bill has gone through several changes and is different from the draft Bill suggested by the Expert Committee. Such as the Bill has expanded the scope of the exemption for the government, and additionally, provided that the government may direct data fiduciaries to prove it with any non-personal or anonymized data for better targeting of services.

Analyzing the personal data by the government without the consent was granted under certain circumstances,

  1. If required by the state for benefiting an individual,
  2. Legal proceedings
  3. To respond to medical emergencies.

Will individuals have rights over their data?

Any processing of data can only be done by the consent of data principle. This bill provides certain rights to data principles with respect to their personal data, such as confirmation on whether their personal data has been processed, seeking correction, completion, or erase of their data, and restricting continuing disclosure of their personal data.

Joint Parliamentary Committee (JPC)

To examine and provide recommendations on the said bill, a Joint Parliamentary Committee (JPC) is formed. It was constituted in December 2019. It consists of 20 members from Lok Sabha and 10 from Rajya Sabha. On 21st September, P.P. Chaudhary (Member of JPC) moved the motion for a time extension. Through a voice vote, the motion was passed by Lok Sabha. The house extended the time up to the second week of the winter session of the parliament 2020 for submission of reports and recommendations.


As per the report, Clause 35 of the bill is an issue of concern. The clause provides immunity to governmental agencies from the application of this bill for reasons of national security, integrity, sovereignty, public disorder, and friendly relations with foreign states. It is merely giving a blanket for governmental agencies to conduct surveillance.

Some of the suggestions in the bill could be restrictive for service providers and enterprises said the Internet and Mobile Association of India. It also stated that it may not be possible to achieve India’s target of a $1 Tn digital economy by 2024.

National security or reasonable purposes are open-ended and subjective terms, which may lead to intrusion of the state into the private lives of citizens, and it may backfire start-ups which aim for global growth.


To protect the data of individuals and to establish a Data Protection Authority for this purpose, the Personal Data Protection Bill was introduced. The bill has recently been referred to the Joint Parliamentary Committee (JPC) to examine it and make a report on the same. is now on Telegram. Follow us for regular legal updates and judgments from the court. Follow us on Google News, InstagramLinkedInFacebook & Twitter. You can also subscribe to our Weekly Email Updates. You can also contribute stories like this and help us spread awareness for a better society. Submit Your Post Now.

About the Author