top of page

Data Protection Bill, 2019 and Right to privacy

Updated: Feb 20, 2022

Written by - Laasya Gogineni



The 21st century has witnessed massive growth and development than any other century in the history of mankind owing mainly to the expansion and spread of technology all around the world leading to some of the biggest innovations in the field of information and technology that has led to us to a new era, an era of ‘Information, Data, Technology and Social media’ which has further been inscribed in our day to day lives and changed the way humans lived and behaved.

In order to be still applicable in this modern environment and new technological age, our legislation must continue with its rapid speed and networks, regulations must be modified and updated and new legislation must be developed to adapts to these new circumstances and new problems. Info and technologies are prevalent in all aspects of our daily life and lives. New technologies introduce new situations that current legislation is unable to regulate. Technology has greatly affected and altered the way we see our environment and made us very dependent on it and has almost prevented us from escaping from it.

During the time of the collection and use of information by on-line enterprises, the new technology not only enabled the user to store information generated by customers but has also allowed them to monitor customer decisions when surfing on-line pages. Over time, the peculiar feature of common law has shown that judges have allowed the necessary safeguards to be granted without legislative intervention i.e., privacy or the so-called "right to leave alone."

Tort law has developed into privacy issues that specifically illustrate how the developments in the enforcement system are directly related to the current strategies guided by evidence. As we can see from the "AADHAR" dispute, these also have a significant effect on constitutional law. In May 2017 the Economist found data much more precious and interesting than energy as the most important weapon. It was a significant realisation of the way law enforcement has evolved all over the globe and how much data collection and data analysis and monitoring have been at stake.

Important Provisions of Data Protection Bill, 2019:

Free movement of data is today a threat to the privacy of natural people and therefore the confidentiality of information must be kept under pressure. The Indian Government introduced the data protection bill to reinforce the protection of personal data to maintain a sufficient level of fundamental rights and freedom. Minister of Electronics and IT, Mr Ravi Shankar Prasad, presented the Personal Data Protection Bill, 2019, on 11 December 2019.[1] The key goal of the Bill is to ensure that each person's personal data is protected and to set up a Data Privacy Authority to examine the issues.

The Committee drafted a draught Personal Data Protection Bill (PDPB), and broad discussions and consultations were held on the Committee's findings and guidance with a clear view to finalising the draught act. The Project oversees the treatment of government and private entities' personal data in India and abroad.

Processing is permitted if the person provides approval or the State provides benefits in a medical emergency. The Bill establishes guidelines for the government's personal data handling, corporations which are international firms in India that deal with individuals' personal data in India. Personal data deals with data that are specific to an individual, categorised as sensitive personal data, including financial data, biometrical data, caste, religious or political convictions, etc. Data is treated as sensitive personal data.

The Personal Data Protection Act of 2019 mainly covers the privacy and protection of Indian citizens' personal data and documents. The Government has also been working on amendments to the temporary IT Act guidelines and is also examining the rules on Internet and social media companies such as WhatsApp, Facebook etc., with the primary objective of limiting rumours and fake news, which has increased rapidly in recent years with a necessary requirement for voluntary users to make provision.

The Bill shall be incorporated into the Data Protection Authority and shall take measures to safeguard people's rights, avoid sensitive data being misused and ensuring that the Bill is complied with. It consists of a chairman and six executives with a minimum of 10 years of data security and IT expertise. DPA orders can be referred to an Arbitration Tribunal and the Supreme Court shall challenge further appeals from the Tribunal.

The law describes personal information as any details of a natural individual allowing for direct or indirect identification.[2] Moreover, confidential personal information, including religious and political views, caste and the state of transgender and official government identification records, such as PAN, etc, has been identified as financial and biometric details.

The bill further limits and sets requirements for transferring personally identifiable data across borders and Sensitive personal information shall only be transferred outside of India if the citizen expressly agrees. In his declaration, the Minister also declared that the sovereignty of the country's data is not negotiable. The public interest should not be sacrificed. It must be necessary for these measures to be formulated.

The major weakness in the draught legislation is to show by exempting the central government from the requirements of the bill by citing the interests of state protection, public order, dignity and integrity of India and in its good ties with foreign states. The central government has relieved their agencies. The basis for the treatment of personal data also covers the State's order of the citizen, legal action to ensure that our confidential data can be readily perceptible and vulnerable to abuse in the event that medical emergencies occur.

Furthermore, the collection of sensitive data is also excluded from Bill requirements, for example, for the avoidance, inspection or enforcement of an offence or for personal, domestic or journalistic reasons, which once again leaves the data of the individual extremely vulnerable to abuse because it remains accessible to those sections without the permission of the individual to access it.

Justice B.N. Srikrishna, who chaired the committee whose reports were used to form the central framework of the Bill has used terms such as “Big Brother” in reference to the safeguard exclusion for Government agencies. It was previously stated by the committee that privacy faces significant danger which can be dangerous for its protection from the state and the non-state actors. Our Government's approach to the working of this country has been completely transformed by digitalizing our daily transactions and our personal records in the government's database to exploit our minds and promote the programme for easy application of its current laws and policy decisions with minimal opposition.

Indian privacy laws.

Indian privacy regulations embrace the identical principles of global data management terminology though not using the same phrases at the same time. It is very clear from the point of view of use that the Data Protection Rules cover the data recipient, i.e. a person whose data is not collected from, used and communicated without its permission or consent. Recognize, hold, handle or pass of 'personal' or 'private' information as provided for in Rule 2(1)(i) of the privacy rules, as is the true reason for the need to invoke privacy rules.[3]

Clearly, Indian privacy regulations are mostly concerned with data subjects. We should conclude that the data between business entities are predominantly unprotected only in the event it concerns persons (e.g. banking data of overseas personnel). It is very important to remember that there is no substantial legal difference between the duties of a data controller and a data processor that has a number of difficulties with others. Not all personal information is protected, but only "sensitive" personal data or information ("SPDI," by law). In fact, the pool of information considered 'sensitive' is very small and no specific data sensitivity obligations are imposed.

Data security regulations have been introduced that are specifically aimed at data protection and data privacy. The above has been adopted in the Rules on IT (Reasonable Practices and Practices for Security and Sensitive Personal Data or Information) of 2000.[4] Such data protection regulations have not been adopted in order to apply them to only the technology industry, but such legislation can also be applicable to all industries and operations in an equal and equal way without any specific limitation as a result of the very universal and crucial issue of data security standards. This takes us to the principle of the right to privacy, which is interwoven with and linked to the concept of data security and personal data violation, in India.

On 4 July 2019, the Central Administration of India published its 2018-19 economic survey entitled Data 'By People, for People' in one line. The government has explained that it and our data have to be sold. Section 4.12 of the report says: "Over the last two decades, businesses such as Facebook, Amazon, Instagram, etc. that receive money solely from personal data have emerged in the country."[5] This is another reason why data supervision activities are justified because of the increasing demands of the environment and the race to maintain modern technologies for improving our economy.

Right to privacy and Aadhaar.

The Aadhaar (Amendment) Act 2019 has been passed by the Indian Parliament on 9 July 2019, the principal objective of the proposal is to amend the current laws on the use of biometric data for authenticating individual identification for different purposes of granting factories, utilities, incentives and subsidies to people throughout the world. The Act provides free use of Adhaar cards, which are useful in easy access to telephone and bank accounts. “The Act provides for the use of the Aadhaar number as proof of identity of a person, subject to authentication. The Bill replaces the provision to state that an individual may voluntarily use his Aadhaar number to establish his identity, by authentication or offline verification.”[6]

The Supreme Court, in its judgement dated 26 September 2018, which affirmed the statutory validity of the Aadhaar Act and introduced some limitations and alterations to put it within the four corners of the Constitution of India 1951, had previously prohibited the obligatory use of the KYC-based Aadhar card for mobile connections and bank accounts.

Justice K.S Puttaswamy & Anr v. Union of India

It was the most significant case of Indian justice where both Mr Sharma and Mr Kharak Singh were overruled in a case where the Supreme Courts once and for all took a strong stance on the question of the right to data protection as a key right. This decision provided much-needed relaxation and clarification in the privacy law and case law of our country.[7]

The judge ruled that data protection is an essential right and that information confidentiality is also a component of our universal right to privacy. Discussions took place where it was decided that freedom and privacy pre-existent natural rights are given to individuals and that if our freedom, according to our Constitution, is of paramount importance, then private privacy is also intrinsic to that value. In the shadow of other rights, privacy does not exist, nor should be at the core of our dignity, equality and freedom.

It is also a propensity to lead to a supervisory state, whereby each person may be monitored and constantly examined by his/her life profile and also tracked his/her movement based on his or her use of Aadhaar, as well. Aadhaar is considered a major violation of people's rights to privacy.

It opposes liberal principles and morals and has the potential to allow an intrusive state, based on information and data gathered from all human people by the creation of a mesh of data, to become a surveillance state. The law violates the privacy of each person thereby by means of nine-judge Bench decisions of the Supreme Court in K.S. Puttaswamy & Anr. v. Union of India & Ors that have been elevated to and recognised as basic rights in the Indian Constitution in accordance with Articles 14, 19 and 21 of the Constitution of India.


Data protection bill 2019 provides the most important example of how data-driven policies have changed law enforcement and lawmakers have to keep in mind the current scenario in which we live in a technological era to make laws capable of meeting the newly emerging needs and problems arising from our current cyber-crime, Social Media, etc.

The data there leaves us more insecure as if falling into the wrong hands could be a major challenge to our rights and lead to more anti-social and illegal activity, which could either be used as weapons by particular people to further their own interests in the future or by other countries. Big data and monitoring provide sophisticated possibilities for non-traditional legislation breakdown, as a society depends on computerized processes that place lives at risk, with a minor flaw in those activities – from air traffic control to medical procedures and national security.

As cyberwallet data is nothing but the heart of our property-specific legislative measures, data protection laws are protected under the concept of property and all of them shape our own rights. Data protection legislation The PDP bill is not sufficient to fix the private harm caused to our data economy in India and thus it has become very necessary to meet the increasing needs of our society and a technologically developing environment where a violation of data represents a real challenge in India. It is hoped that the legislation can be addressed in the near future with appropriate remedies and policy.

[1] The Personal Data Protection Bill, 2019, India, available at

(Visited on March 05, 2021). [2] Ibid. [3] Deepanvitha Sengupta, “The Interrelationship between Data Protection Bill,2019 and Right to Privacy” (2020) [4] Ibid. [5] Ibid [6] Saswati Das, “Cabinet approves amendments to Aadhar Bill” Livemint, July 24, 2019. [7] Deepanvitha Sengupta, “The Interrelationship between Data Protection Bill,2019 and Right to Privacy” (2020)

17 views0 comments

Recent Posts

See All
bottom of page