A Public Brief on the Data Protection Bill, 2021

IFF has released its Public Brief and Analysis on the Draft Data Protection Bill, 2021 in continuation of our efforts to make available a public analysis that helps you discover the top issues and concerns with this legislative proposal.

11 July, 2022
5 min read

tl;dr

IFF has released its Public Brief and Analysis on the Draft Data Protection Bill, 2021 in continuation of our efforts to make available a public analysis that helps you discover the top issues and concerns with this legislative proposal. We hope this helps you form your own views and then voice them to help bring the power of civic participation to data protection!

Let’s get some context

By now we all have heard data classified as the “new oil” or “new fuel”. While the government has left no stone unturned in extracting the monetary value of data, a law that seeks to protect your data from exploitation has still not been enacted. After a (very) long journey, the Draft Data Protection Bill, 2021 (“DPB”, 2021) may be tabled in the Parliament in the Monsoon Session. Which means that this Bill might actually turn into an Act in the coming weeks (see here, here, and here).

Our feelings could not be more mixed about this incoming data law, as India desperately needs data protection legislation, especially considering the rush in which digital policies are being introduced (don’t ask us how many because we have lost count). But on the other hand, the DPB, 2021, which should empower the user with rights surrounding their own personal information, has failed to prioritise the user. It, instead, benefits the government and large corporations way more than it benefits users such as you and I.

What is this about?

The point of the data bill is to empower you with rights relating to your own data. But in its current form, it provides large exemptions to government departments, prioritises the interests of big corporations, and does not adequately respect your fundamental right to privacy. This move, when taken with the lack of literacy around data protection in India, may be dangerous on an individual level - where your everyday privacy is threatened - and on a collective level, given how it makes allowances for mass surveillance.

Maybe you are aware of the gravity of the situation. Maybe you are a “Data protection in India” newbie. Regardless of our awareness and understanding about this issue, the reality is that this incoming bill affects all of us, all our data and consequently, our fundamental right to privacy (see here for a fun explanation on the need for a data protection legislation)! We’ve been keeping a watchful eye on all things privacy in India for a while, and have been engaging deeply with the developments in the data protection framework in India.

  • Our #StartFromScratch series, which was a short introduction to the Personal Data Protection Bill, 2019 (“PDPB, 2019”) which included some historical and legislative context, a summary of the PDPB, 2019, an overview of the issues with the PDPB, 2019, and possible alternative paradigms for data protection.
  • Next, through our #DataProtectionTop10 series, wherein we analysed the top 10 issues with the PDPB, 2019 in detail.
  • Currently, through our #PrivacyOfThePeople series which is looking at how the DPB, 2021 will impact our daily lives by focusing on its impact on different sections of society.

However, if you would like to fast-forward and read a detailed analysis of the current version of the Bill instead of following the entire series, you can read our Public Brief and Analysis on the DPB, 2021. In this brief, we highlight the issues, analyse the contentious clauses, summarise the loopholes, and compare it with previous versions of the Bill. (IFF’s briefs focus on research to support public understanding on issues of digital rights. Further analysis and guides available at: https://saveourprivacy.in/ and https://internetfreedom.in/)

SaveOurPrivacy has worked since May, 2018 as a framework for civil society groups to put forward demands on data protection and surveillance reform. Powered by IFF and comprising of many organisations and volunteers it has prepared a public analysis of the Draft Data Protection Bill, 2021.

This public brief runs you through the timeline of the data protection framework in India and the past parliamentary efforts to bring a model privacy law in India.


The industry, digital rights and civil society organisations, as well as experts have flagged several concerns over provisions in the DPB, 2021, which has been in the making for nearly five years. Inter alia, concerns around the DPB, 2021 include noticeable reduction in the autonomy of the Data Protection Authority, inclusion of non-personal data, supposedly voluntary self-verification of social media users, primacy to economic interest. We have thus summarised the top 10 issues and loopholes in the DPB, 2021.


We establish how the data protection regime has been deteriorating constantly by comparing the DPB, 2021 with its predecessors, i.e., the Personal Data Protection Bill, 2018 submitted by the Srikrishna Committee and the Personal Data Protection Bill, 2019 as introduced in the Parliament by MeitY. Additionally, we compiled the dissent notes filed by 8 members of the Joint Parliamentary Committee (“JPC”) against the final recommendations submitted by the JPC.


It is not too late!

Like we said before, the journey till this point has been long and full of roadblocks. But it is not too late to voice your concerns against the harmful provisions of the DPB, 2021. This time is crucial to raise awareness and put public pressure on our Members of Parliament so that they can enact a much better data protection legislation that will safeguard our digital rights and prioritise the interests of everyday citizens like you. We urge you to go through this and circulate it widely. We have made every effort to break down legal jargon and make it as simple and accessible as possible.

  1. IFF’s Public Brief and Analysis of the Draft Data Protection Bill, 2021 dated 11.07.2022 (link)
  2. IFF’s Public Brief and Analysis of the Personal Data Protection Bill, 2019 dated 25.01.2020 (link)
  3. Representation to the Joint Parliamentary Committee dated 19.12.2019 (link)
  4. The report of the Joint Parliamentary Committee on the Personal Data Protection Bill, 2019 tabled on December 16, 2021 (link)
  5. The Personal Data Protection Bill, 2019 (link)
  6. Key Takeaways: The JPC Report and the Data Protection Bill, 2021 #SaveOurPrivacy dated December 16, 2021 (link)

This post was drafted by Tejasi Panjiar, Associate Policy Counsel at IFF, and reviewed by Prateek Waghre, Policy Director at IFF.

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
No place for tech: How digital interventions in NREGA are undermining rural social security

Mandatory digital ‘solutions’ introduced in the NREGA scheme by union and state governments, like Aadhaar-based payments, mobile monitoring apps, facial authentication and surveillance tools, are impinging on workers’ statutory rights and poking holes in the rural social security net.

8 min read

2
Into IT Standing Committee’s review of action taken by MeitY following its recommendations on citizen data security and privacy

This post breaks down the 55th report of the Standing Committee on Communications and IT, in which the Committee assesses the extent to which its recommendations on citizen data security and privacy were accepted and acted upon by the Ministry of Electronics and IT.

11 min read

3
Statement: Reportedly, IT Ministry looks to block Proton Mail on request of Tamil Nadu

Reportedly, the E2EE email service Proton Mail has received communication from MeitY regarding a potential block under S.69-A IT Act, at the request of the TN police over a hoax bomb threat sent to private schools in Chennai. 

1 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!