The following are recommendations given by a Parliamentary panel debating the Personal Data Protection Bill:

  • Limit the government’s exemptions in the current edition by imposing reasonable constraints on how the exemption might be used.
  • Only a “just, fair, reasonable, and appropriate procedure” should exempt the government.
  • Non-personal data, “including anonymous data,” is kept outside the scope of the personal data protection bill by the government.


  • In 2019, the proposed Personal Data Protection Bill was referred to a Joint Parliamentary Committee (JPC), which was tasked with producing a report on its suggestions on the bill’s different components.

What exactly is the problem:

  • Currently, controversial section 35 of the draft data protection bill allows the government and its agencies to get blanket exemptions from all of the bill’s provisions, with no checks and balances in place.
  • The Aadhaar Authority, UIDAI, and the Income Tax Department have already applied for exemptions from the bill.

Bill on Personal Data Protection (PDP) 2019:

  • The report provided by a Committee of Experts led by Justice B.N. Srikrishna is the source of this Bill.
  • During the hearings before the Supreme Court in the right to privacy case, the government formed the committee (Justice K.S. Puttaswamy v. Union of India).

What is the bill’s approach to data regulation:

The bill specifies three different forms of personal data:

  • Critical
  • Sensitive
  • General

Other important provisions include:

  • According to the bill, the individual whose data is being held and processed is the data principal.
  • Social media firms who are considered key data fiduciaries due to characteristics including data volume and sensitivity, as well as turnover, should build their own user verification process.
  • Assessments, audits, and definition creation will be overseen by an independent authority, the Data Protection Agency (DPA).
  • Each organization will have a Data Protection Officer (DPO), who will work closely with the DPA on audits, grievance resolution, and record-keeping, among other things.
  • Individuals will also have the right to data portability, or the capacity to access and transfer their own data, under the measure.
  • The right to be forgotten: An individual’s right to withdraw consent for data gathering and disclosure.


  • The controversial section 35 of the Personal Data Protection (PDP) Bill 2019 invokes the “sovereignty and integrity of India,” “public order,” “friendly relations with foreign states,” and “security of the state” to give the Central government the power to suspend all or any of the Act’s provisions for government agencies.

Why is there apprehension about the bill:

  • The bill is a double-edged sword. While it protects Indians’ personal data by giving them data primary rights, it also grants the central government exemptions that are contrary to the principles of processing personal data.
  • When necessary, the government can process even sensitive personal data without the data principals’ explicit agreement.

Source The Hindu