The Personal Data Protection Bill, 2019: An Analysis

Data is all around us. The creation and storage of data are growing at unprecedented rates. They are changing the face of the world. There is no denying that data generation and its ease of retrieval has contributed to the development of a fast-paced, tech-savvy society. However, in the process of providing society with the benefits of technological advancements, valuable personal information about individuals or their personal data is not always protected from unauthorised access and is often misused, resulting in a violation of peoples’ right to privacy. Therefore, personal data needs to be protected, along with maintaining the privacy of those who manage the data, that is, the data principals. There are no specific laws for data protection in India. Therefore, an expert committee, headed by B N Srikrishna, a retired judge of the Supreme Court, was set up to draft a Personal Data Protection Bill. This draft bill was submitted to the Ministry of Electronics and Information Technology, post which the then Minister of Law and Justice, Electronics and Information Technology and Communications, Mr Ravi Shankar Prasad, introduced a revised Personal Data Protection Bill in the Lok Sabha in 2019. This paper deals with how the revised bill has jeopardised the fundamental right to privacy which was recognised in the case of K S. Puttaswamy v. Union of India in 2017. The paper also makes a comparative analysis of the Personal Data Protection Bill, 2019 with the European Union's General Data Protection Regime Model Regulation (2018), on which both the draft and the proposed versions are based. After that, the paper gives some recommendations for the revised bill to ensure its consonance with the intent to protect data, respecting the right to privacy, as well as for its effective and efficient implementation.