Current Affairs
Daily Bits

Government Withdraws Data Protection Bill, 2021

  • Posted By
  • Categories
    Polity & Governance
  • Published
    4th Aug, 2022


The government has withdrawn the Personal Data Protection Bill from Parliament as it looks to come up with a “comprehensive legal framework” for regulating online space including separate legislation.

What is Personal Data?

  • Data can be broadly classified into two types: personal and non-personal data.
  • Personal data pertains to characteristics, traits or attributes of identity, which can be used to identify an individual.
  • Non-personal data includes aggregated data through which individuals cannot be identified.
  • For example, while an individual’s own location would constitute personal data; information derived from multiple drivers’ location, which is often used to analyse traffic flow, is non-personal data.

What is Data Protection?

  • Data protection refers to policies and procedures seeking to minimise intrusion into the privacy of an individual caused by collection and usage of their personal data.

Why was a bill brought for Personal Data Protection?

  • In August 2017, the Supreme Court had held that Privacy is a fundamental right under Article 21 of the Constitution.
  • The Court also observed that privacy of personal data and facts is an essential aspect of the right to privacy.
  • In July 2017, a Committee of Experts, chaired by Justice BN Srikrishna, was set up to examine various issues related to data protection in India.
  • The committee submitted its report, along with a Draft Personal Data Protection Bill, 2018 to the Ministry of Electronics and Information Technology in July 2018.

Personal Data Protection Bill Features

  • The Bill seeks to provide for the protection of personal data of individuals.
  • The Bill governs the processing of personal data by-
    • Government
    • Companies incorporated in India
    • Foreign companies dealing with personal data of individuals in India
  • Obligations of data fiduciary: Personal data can be processed only for a specific, clear and lawful purpose. Additionally, all data fiduciaries must undertake certain transparency and accountability measures such as:
    • Implementing security safeguards (such as data encryption and preventing misuse of data).
    • Instituting Grievance Redressal Mechanisms to address complaints of individuals. They must also institute mechanisms for age verification and parental consent when processing sensitive personal data of children.
  • Rights of the individual: Seek correction of inaccurate, incomplete, or out-of-date personal data.
    • Have personal data transferred to any other data fiduciary in certain circumstances.
    • Restrict continuing disclosure of their personal data by a fiduciary, if it is no longer necessary or consent is withdrawn.
  • Grounds for processing personal data: The Bill allows the processing of data by fiduciaries only if consent is provided by the individual. However, in certain circumstances, personal data can be processed without consent. These include-
    • If required by the State for providing benefits to the individual
    • Legal proceedings
    • To respond to a medical emergency

How is personal data regulated currently?

  • Currently, the usage and transfer of personal data of citizens is regulated by the Information Technology (IT) Rules, 2011, under the IT Act, 2000.
  • The rules hold the companies using the data liable for compensating the individual, in case of any negligence in maintaining security standards while dealing with the data.

Verifying, please be patient.