Salient Features of the Indian Data Protection Act and How it can help our privacy?

Dec 30, 2019
Posted by
Cyber Security
Gis Consulting


Time and again, questions have been raised about the privacy of a person and how to ensure the same in the digital age we are residing in today. After a lot of deliberations and discussions, our country is finally on the path to ensure the privacy of a common Indian man by coming up with an extensive and all-encompassing Indian Data Protection Act. This act is undoubtedly the need of the hour and is sure to help to ensure the privacy of people in this digital age.

Bill and Its Journey

Mr. Ravi Shankar Prasad, the Union Minister of Electronics and Information Technology informed the Rajya Sabha, the Upper House of the Parliament on January 4th, 2019 about finalizing the Data Protection Law which is soon expected to be tabled in Parliament.

What does Bill Address?

Indian Data Protection Act addresses the growing concerns regarding a breach of people’s privacy in the modern digital era. It is not uncommon to find several instances when companies have been found flouting rules and making the mockery of people’s privacy. As of now, there is no comprehensive data protection regime in India that can provide umbrella protection to the Indian citizens against gross violations of the privacy of people in the digital age.

Definitions: The definition of ‘sensitive personal data’, as laid out in section 2(36) of the Draft Bill, does not include the term ‘passwords’ anymore.

Sensitive personal data is now defined as such personal data which may, reveal, be related to, or constitute:-

  • financial data
  • health data
  • official identifier
  • sex life
  • sexual orientation
  • biometric data
  • genetic data
  • transgender status
  • intersex status
  • caste or tribe
  • religious or political belief or affiliation, or
  • any other data categorized as sensitive personal data by the authority and the sectoral regulator concerned.

Current Situation

Currently, the Information Technology Act, 2000 is the primary governing data protection regime of India. The Information Technology (Reasonable Security Practices and Sensitive Personal Data or Information) Rules, 2011 is also governing this regime and trying to give moderate protection to the Indian citizens helping to maintain their privacy. But, it is important to note here that these acts have no teeth and it miserably fails to protect the interests of people. Thus, an urgent need to have an Act in place that can help people protect their privacy and data was felt. The coming up of the Indian Data Protection Act is a positive step in the right direction.

How EU GDPR is inspiring us?

The General Data Protection Regulation in the European Union is proving to be a benchmark of global data protection regulations. It came into effect in the year 2018 and some of its major features are as under-

  1. Citizens have the right to minimize personal data
  2. Citizens have the right to know where their data is stored
  3. Citizens have the right to access data and to get it corrected.
  • There are a lot of hopes to protect people’s privacy from data breach from the Indian Data Protection Act which is soon going to be tabled in the Parliament.