Let's bring academics, experts and civil society to the table! #SaveOurPrivacy

The Personal Data Protection Bill (PDP) 2019, which is critical for the data privacy, is being considered by a special Joint Parliamentary Committee (JPC) and it must invite independent experts and civil society organisations for depositions.

27 August, 2020
4 min read


The Personal Data Protection Bill (PDP) 2019, which is critical for the data privacy, is being considered by a special Joint Parliamentary Committee (JPC). While the JPC has picked up pace in the last few weeks, the initial depositions have primarily focussed on engagement with government bodies and industry experts. We believe this needs to change and have urged the committee to invite a diverse range of stakeholders for depositions. Without it, conscious drafting choices against the interests of citizens contained in the PDP Bill run the risk of avoiding proper scrutiny. Today we wrote the JPC to consider widening participation and bringing a diverse range of independent voices to depose before it.

Prioritisation over privacy

A large portion of issues inherent to the Personal Data Protection Bill 2019, which currently lies for debate and deliberation with the specialist JPC originates from the priorities set by an Expert Committee on Data Protection. Broadly these can be placed in two buckets:

  1. Viewing personal data primarily as an economic resource: While many view data as an economic resource, personal data at its core -- as per the articulation of the Justice (Retd.) K.S. Puttaswamy Judgement of the Hon’ble Supreme Court of India -- is a component of the fundamental right to privacy from the perspective of legal regulation. This constitutional understanding has been de-prioritized by the Draft Data Protection Bill. There is clear language within the preamble and key legislative provisions that prefer economic exploitation over data protection. In its present form the draft law will undermine the rights of citizens in favour of data collectors and processors.
  2. Absence of surveillance reform, institutional autonomy of the Data Protection Authority (DPA), and large public sector exceptions: The expectations from data protection today are that protections under it should be enforced with strength and independence against public sector bodies and government functionaries since they collect large amounts of data. However, shared analysis by many groups and experts has shown that there has been a complete absence in engaging with the issue of surveillance reforms that can provide oversight and safeguards over mass surveillance projects. Further, the institutional design of the DPA lacks autonomy and there are large exemptions available to public authorities. This would lead to an overwhelming circumvention of data protection in favour of mass surveillance.

This is not rhetoric. We have detailed these concerns in a clause by clause analysis available on a citizen centric advocacy campaign titled #SaveOurPrivacy. It is available here. To supplement this, we had also come out with primers explaining the effect of the PDP Bill on National Population Register (NPR)  and Workplace Surveillance. These public analysis documents were also part of a separate detailed submission to the JPC as part of their request for suggestions on the PDP Bill 2019.

A little diversity never hurt nobody!

These core deficiencies have existrd in the draft from the time it was suggested by the Expert Committee headed by Justice (Retd.) B.N. Srikrishna.This draft was forwarded by the Ministry of Electronics and Information Technology (MeitY) for introduction in the Parliament before eventually being referred to the JPC.

Throughout the entire process diverse, independent and transparent feedback has been lacking (For eg. concerns raised by citizens to the Srikrishna Committee). We believe that a positive path can be charted with open stakeholder depositions that promote equal representation of independent academics, technologists and global experts on specific areas of data protection -- beside government bodies, law firms & those representing industry voices. A listing for this is given below.

S.No. Date Deposing Entity
1. 16.01.2020
  • Government: MeitY
  • Non-government: None
2. 18.02.2020
  • Government: MeitY
  • Non-government: None
3. 3.03.2020
  • Government: MeitY and Ministry of Law and Justice (MoL&J)
  • Non-government: None
4. 17.03.2020
  • Government: MeitY, UIDAI, and National Crime Records Bureau (Home Affairs)
  • Non-government: None
5. 27.07.2020
  • Government: MeitY, UIDAI, and Home Affairs
  • Non-government: L&L Partners
6. 10.08.2020
  • Government: MeitY, MoL&J
  • Non-government: Foundation of Data Protection Professionals in India (FDPPI), and L&L Partners
7. 11.08.2020
  • Government: MeitY and MoL&J
  • Non-government: ASSOCHAM and Dr. APJ Abdul Kalam Centre
8. 20.08.2020
  • Government: None
  • Non-government: NASSCOM and Dr. APJ Abdul Kalam Centre
9. 26.08.2020
  • Government: None
  • Non-government: NASSCOM

So what can be done about this? Given the process is one that is ongoing and depositions are proceedings we believe, the JPC must expand future depositions. We have urged them to do this through a letter we wrote to it's Chairperson Ms. Meenakshi Lekhi today. This can be by depositions by organisations and independent experts, who have proven expertise and experience in domains like privacy, civil liberties, and digital rights.

  1. Our representation to the JPC on the PDP Bill urging for a wider civil society and citizen engagement dated. [link]
  2. IFF’s explainer on PDP Bill’s impact on NPR dated 25 February 2020. [link]
  3. IFF’s explainer on PDP Bill’s impact on workplace surveillance dated 11 February 2020. [link]
  4. Key considerations on the PDP Bill 2019 dated 28 February 2020. [link]

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

Your personal data, their political campaign? Beneficiary politics and the lack of law

As the 2024 elections inch closer, we look into how political parties can access personal data of welfare scheme beneficiaries and other potential voters through indirect and often illicit means, to create voter profiles for targeted campaigning, and what the law has to say about it.

6 min read

Press Release: Civil society organisations express urgent concerns over the integrity of the 2024 general elections to the Lok Sabha

11 civil society organisations wrote to the ECI, highlighting the role of technology in affecting electoral outcomes. The letter includes an urgent appeal to the ECI to uphold the integrity of the upcoming elections and hold political actors and digital platforms accountable to the voters. 

2 min read

IFF Explains: How a vulnerability in a government cloud service could have exposed the sensitive personal data of 2,50,000 Indian citizens

In January 2022, we informed CERT-In about a vulnerability in S3WaaS, a platform developed for hosting government websites, which could expose sensitive personal data of 2,50,000 Indians. The security researcher who identified the vulnerability confirmed its resolution in March 2024.

5 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!