• Legal Armor

Data Protection In India

Online data exchange has become an integral part of our internet-driven world and is conveniently available to everyone making the users a potential target for various data-related crimes. Indian laws do not cover the likes of data-related issues as there is no comprehensive legal framework to govern the activities of data service providers. The aftermath of the case K.S. Puttaswamy vs. Union of India (2017), lead to the introduction of The Personal Data Protection Bill (PDP Bill) in the Parliament, which was made with the aim of protecting and regulating data by establishing Data Protection Authority of India (DPA). The main focus of the bill revolves around three objectives- (1) Recognizing Right to Privacy as a Fundamental Right, (2) Growth of the Digital Economy in the Nation and (3) Fostering a Free and Fair System for the Digital Economy.

The PDP bill will play an important role in shaping the policies of data regulation and with more businesses shifting to virtual platforms, it not only has implications for those within the territory of India but also for those far beyond our territory. However, it has received criticism because of its inadequate attempt to deal with privacy issues and the arbitrary power given to the government agencies to regulate data in order to curtail the open internet. Justice B.N. Krishna who was the head of the Drafting Committee of the bill stated that the bill is dangerous and can turn India into an Orwellian state i.e. destructive to the welfare of a free and open society. As of now, the Minister of Information Technology, Ravi Shankar Prasad has referred the bill for scrutiny to a Joint Parliamentary Committee.

The PDP bill profoundly relies on the assumption that users will agree to disclose an increased amount of information to the government which may be ineffective as users are not open to sharing more personal data than needed. Moreover, the bill also allows the government to exempt any of its agencies from the requirements of the legislation thus enabling such agencies to abuse the rights of the user. They can obtain unaccounted access to the information of any of the citizens if they believe the matter is necessary or proportionate thus enhancing the extent of government surveillance in the country which may result in the breach of privacy of citizens.

Furthermore, the proposed requirements may cause significant costs to business who have to alter their operations accordingly. For example, Data Localization requirements direct service providers to store the data within the territory of the country which may lead to conflicts between the government and the companies as compliance to such requirements will result in costs that the companies may not consent to pay. It also enables the government to force companies to give out their non-personal data. Moreover, the distinction between personal and non-personal data has been diluted which is a cause of concern as now government agencies may use this slight distinction to obtain personal data.

In conclusion, The DPA is bestowed with a large number of responsibilities and it may struggle to fulfil its duties effectively and efficiently. In addition, the authoritarian provisions and strict requirements will lead to displeasure among users and companies against DPA will definitely affect the economy. India is a big hub of data exchange and is growing at a rapid pace which makes it an attractive platform for business worldwide, thus there is a call for this bill to be amended accordingly to ensure justice to both citizens and companies.


Akshat Mall is currently a 3rd Year law student at Maharashtra National Law University, Aurangabad.

Editor: Jayant Upadhyay

Disclaimer by Legal Armor:

We at Legal Armor do not endorse the Authors' views and are in no way responsible for the said views. We are just publishing the Write-ups as blogs with just light editing, and are in no way responsible for any legal claims.