Data Protection Bill & Right to Privacy

Author:-Tanisha Pandey


The rise of data surveillance by the public authority and private bodies in new age India and how it is at the same time breaking our protection and disregarding the basic rights ensured by our constitution and influencing the existences of guiltless residents who are ignorant of the information store. This paper mostly examinations the different discussions identified with information security lately like the presentation of the AADHAR bill and how it can lead towards an authoritarian state which can control residents for their own benefit with unapproved and clueless selling of information to private bodies for the sake of improvement and development, without taking the residents assent as a top priority.

The greatest incongruity of the circumstance is the legitimisation of the public authority of wrongfully selling information of residents without their assent or information asserting it to be absolutely lawful and a vital advance for the improvement of our country which will profit our economy. Advantages have just been considered from the public authority’s perspective and just according to the point of view of private elements and not from the situation of the honest residents whose information is being shared without their assent or consent.

The information-driven strategy has changed law implementation from one side of the planet to the other with the development of huge information and observation. In the 21st Century with information being perhaps the most remarkable wellsprings of control, this explicit negligence towards information storing has prompted a significant infringement of our crucial rights and with the presentation of The Personal Data Protection Bill 2019, there is a developing feeling of stress over our information security and its assurance as this bill gives clear exclusions to government offices from investigation and uncontrolled authorisation further weakening our right to protection.

Initial Stage Of Data Protection:

The 21st century has seen huge development and improvement than some other century throughout the entire existence of humankind owing it fundamentally to the extension and spread of innovation from one side of the planet to the other prompting the absolute greatest advancements in the field of data and innovation that has prompted us to another time, a time of ‘Data, Data, Technology and Social media’ which has additionally been engraved in our everyday day to day routines and changed the manner in which people experienced and acted. Our enactment to in any case be important in this new world and another period of innovation needs to stay aware of its high speed and organisations, laws should be altered and changed and new laws should be made to adjust to these new conditions and new difficulties it carries with it.

Data and innovation are unavoidable in each aspect of our being and everyday lives. New innovation causes new circumstances which existing law can’t handle. Innovation has exceptionally affected and changed the manner in which we take a gander at our reality and has made us vigorously subject to it and has made it practically difficult to escape from it.

In the time of information assembling and use by on-line organisations, the new innovation has made it conceivable to not just store individual data given by the shoppers yet additionally to follow purchasers’ choices as they surf online destinations, henceforth there has been a developing interest of securitising information under information insurance. The progression of time has uncovered that the extraordinary quality of customary law empowered the appointed authorities to permit imperative insurance without the intervention of the law-making body for example security or otherwise called ‘Right to be left alone’.

The misdeed law has developed into security concerns plainly showing how changes in law requirements have an immediate connection to the new information-driven arrangements, these significantly affect protected law too as we can find in the ‘AADHAR’ discussion. In May 2017, The Economist considered information the most remarkable asset significantly more important and of interest than oil, which was a significant acknowledgement with respect to how law implementation has switched up the world and how exceptionally it rotates around information accumulating and information mining and observation of this information, presently the force is being controlled by how much information the public authority holds and controls.[1]

Significant Features of the Data Protection Bill,2019:

  • Free development of information these days is a danger to one side to protection of regular people thus pressure should be given to rigorously stick to classification of data. To keep a satisfactory degree of central rights and opportunity the Indian government acquainted the Data Protection Bill with fortify the assurance of individual information. The Personal Data Protection Bill, 2019 was brought by the Minister of Electronics and Information Technology, Mr Ravi Shankar Prasad on eleventh December 2019. The Bill’s principle point is to accommodate the security of individual information of every single individual, and furthermore needs to additionally build up a Data Protection Authority to investigate the issue.
  • As indicated by the clergyman, the advisory group has drawn out a draft Personal Data Protection Bill (PDPB) and wide-running conversations and interviews have been directed on the proposals and exhortation of the board with a solid view to settle the draft enactment. The Bill manages the handling of individual information of people by the public authority and private substances fused anyplace in India and abroad.[2]
  • Handling is permitted if the individual gives assent, or in a health related crisis, or by the State for giving advantages. Which is a major advance towards guaranteeing information security and insurance of person’s privileges and giving central significance to free assent? The Bill defines rules for the handling of individual information by the public authority, organisations fused in India unfamiliar organisations managing individual information of people in India. Individual information manages information which relates to qualities and properties which are exceptional to an individual and order them as delicate individual information with a degree that incorporates monetary information, biometric information, station, strict or political convictions.
  • The Personal Data Protection Bill, 2019 significantly manages security and security of information and data of Indian residents. The public authority said it is likewise chipping away at changes to the brief rules under the IT Act in regards to the matter, and will likewise investigate the standards directing the web and online media organizations, for example, WhatsApp and Facebook and so forth, the fundamental point being to control tales and phony news which has developed quickly throughout the most recent couple of years with the essential prerequisite to accommodate an intentional client confirmation instrument for clients in India.

    The Bill gets the Data Protection Authority which will find ways to secure the interests of people, and forestall the abuse of individual information, and will guarantee consistence of the Bill. It will comprise of an administrator and six individuals, with no less than 10 years of involvement with the field of information insurance and IT. Orders of DPA can be spoke to an Appellate Tribunal and further Appeals from the Tribunal will be tested in the Supreme Court.[3]
  • The bill explicitly characterizes individual information as any information of a characteristic individual which permits immediate or backhanded recognizably. The delicate individual information has been characterized as monetary information, biometric information, and incorporates strict and political convictions, standing, trans-sexual status, and official government personality archives like PAN and so on The bill likewise confines and forces conditions on cross-line move of individual information and Sensitive individual information will be moved external India just if expressly assented by the person. The clergyman additionally expressed in his explanation that the country’s information sway is non-debatable.[4]
  • The greatest defect of the bill can be seen through the exceptions allowed as the focal government has absolved its offices from the arrangements of the bill by refering to the interest of the security of the state, public request, sway and uprightness of India and under well disposed relations with unfamiliar states. The grounds to handle individual information additionally covers under its extension the request for State for giving advantages to the individual, official actions and to react to a health related crisis which makes our touchy information very discernible and out in the open for control.

    Besides, the individual information preparing is additionally excluded from arrangements of the Bill for purposes like anticipation, examination, or arraignment of any offense, or individual, homegrown, or editorial purposes which again makes the person’s information very defenseless against abuse as it is as yet accessible to specific areas without the person’s assent available to their own.
  • Equity B.N. Srikrishna, who headed the advisory group whose reports were utilised to shape the center design of the Bill has utilised words, for example, “Older sibling” because of the defend evacuation for Government organizations. It was recently noted by the board of trustees that security faces significant risk which can be destructive for its insurance from the state and the non-state entertainers. It, hence, underscored more on the significance and need for exceptions to be more impermeable and solid and accessible for utilise just in the midst of intense need and accessible just in extraordinary restricted conditions.

    The council likewise enthusiastically prescribed a law to investigate the different insight gathering exercises that the public authority is liable for and to subsequently keep a mind the means by which non-consensual handling and utilisation of information happens in the everyday exercises which can be an obstruction to the security of people. [5]
  • The primary inquiry that is acquired the cutting edge from this uncover and furthermore the greatest concern, is the selling of this information even lawful? In addition, is the information even open? Or on the other hand is it a reasonable interruption in our protection and plainly disregarding our basic right to life and freedom under Article 21 of the Constitution of India, 1950. The principle question of concern is whether the commercialisation of this information for the public great or a greeting for more bother through information break and infringement of our key rights ensured by our constitution.

    The development of large information and reconnaissance and information driven arrangement has completely changed our administration’s methodology of working of our country by absolutely digitalising our everyday exchanges and furthermore our own subtleties in their administration data sets to control our brains and promoting the plan of effectively carrying out their new enactment and strategy choices with least obstruction.

Indian Data Protection Laws:

Indian protection laws draw in into practically comparable ideas of worldwide wording of information dealing with while at the same time not utilising the specific terms. As far as utilisation, it is very certain that Privacy Rules secure the information subject for example a substance the information of which is being shielded from assortment; use; and exposure of its data without its information or assent. The genuine explanation for the requirement for setting off the Privacy Rules is assortment, ownership, taking care of/managing or move of ‘individual’ or ‘private’ data as given under rule 2(1)(i) of the Privacy Rules.

It is exceptionally evident that the information subject in Indian security laws is essentially a person. We can make out from the demonstration is dominating the information between the corporate bodies are not ensured besides in the circumstance where it identifies with people. There is no material lawful differentiation as far as commitments between an information regulator and an information processor which alongside others brings its own arrangement of issues. The scope of data that is ensured isn’t all close to home data however as it were “touchy” individual information or data (“SPDI”) as indicated by the bill. In actuality, the pool of data that is considered ‘touchy’ is genuinely low and there are no predetermined commitments identifying the affected information.[6]

There has been a presentation of information insurance laws which are obviously zeroing in on the security and protection of information. This had been presented in the Information Technology Act, 2000 in the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules.

These security laws have not been presented determined to keep it confined distinctly to the innovation area however these standards can likewise be applied similarly and with similar power and consistency to all areas and tasks with no predefined limitation as such on the grounds that information insurance standards are an extremely general and pivotal subject. This carries our regard for the idea of the Right to security and its effect in India which is entwined and interconnected to the idea of information assurance and break of individual information. [7]

On July 4, 2019, the focal administration of India delivered its monetary overview for 2018-19 which has one of its sections named “Information ‘Of the People, By the People, For the People’”. The public authority spread out the reasons why its information, and our own, should be sold. Area 4.12 as indicated by the study specifies the way that “over the most recent twenty years, the world has seen the rise of organizations, like Facebook, Amazon, Instagram, and so forth, who procure income solely from individuals’ information.” Hence again supporting the activities of information observation in view of the developing necessities of the world and the competition to stay aware of new advancements for the improvement of our economy.

Right to Protection and Aadhar:

The Parliament of India on July ninth 2019 passed the Aadhaar (Amendment) Act 2019, the principle point of the bill is to change the current laws worried about the utilisation of biometric information for verification of personality of a person for the different reasons for the award of offices, administrations, advantages and appropriations to people all over the country. The Act offers to permit deliberate utilisation of Aadhaar cards which can be found useful in getting versatile associations and financial balances without any problem.

The mandatory utilisation of Aadhaar card dependent on the KYC for versatile associations and ledgers was before denied by the peak court in its judgment followed through on September 26, 2018, which had maintained the established legitimacy of the Aadhaar Act, with the presentation of specific limitations and changes to bring it inside the four corners of the Constitution of India 1950. [8]

The Aadhaar Amendment Act 2019 intends to alter Indian Telegraph Act to permit the willful utilisation of Aadhaar for personality confirmation by the banks prior to the opening of a ledger. Without a strong information insurance law, private elements can’t be allowed to store touchy biometric information of residents which at the same time permits free progression of information to serve the public authority without the assent or information on the public which can be abused by private substances compromising the person’s on the right track to protection.

It is presented with the goal that it can work with the intentional utilisation of the Aadhaar number for personality check to utilise the 12-digit one of a kind number for confirmation of character of a person. The Act likewise recommends a revision to the Prevention of Money Laundering Act to permit the deliberate utilisation of Aadhaar for personality checks by the banks before the cv checking of the financial balance. This prompts the significant milestone choice which changed the security law for great.

Case Law: Justice K.S Puttaswamy and Anr vs. Association of India

This was a milestone case in Indian legal history where the zenith court unequivocally made a firm remain on the issue of Right to Privacy as a basic right and announced something similar, the seat did as such by over-administering both MP Sharma and Kharak Singh situations where it was held that there was no principal right to security. This choice has brought the truly necessary help and clearness in our country’s security law and statute.

It held that protection is a principal right, and the judgment additionally decided that enlightening security is a subset of our essential right to security. Conversations were held where it was directed to the end that freedom and protection are prior regular rights conceded to an individual and that assuming our freedom is of central worth under our Constitution, security is inborn too to be remembered for that worth. Protection isn’t ought not to exist in the shadow of different rights, rather it ought to be the embodiment of our poise, opportunity and freedom. [9]

Aadhaar is viewed as a genuine attack on the right to security of people and it at the same time additionally tends to prompt an observation state where every individual can be kept close watch over and under steady examination of the state by making his/her life profile and furthermore track his/her development dependent on his/her utilisation of Aadhaar.

The candidates in the constitution seat case additionally challenged that it could prompt an authoritarian state if the Aadhaar project is permitted to proceed. Information driven strategies have prompted the public authority to give huge accentuation on the Aadhar project which is contrary to our majority rule standards and law and order, which is the spine with the assistance of which the Indian Constitution stands.

It remains against the protected qualities and ethical quality and has the force which would empower a nosy state to turn into an observation state based on data and information that is gathered from every one of the individual residents of the country by making of a cross-section of information. The Act strikes at the security of every individual consequently insulting the right to the protection which was raised and given the situation with central solidly in the Indian constitution under the Articles 14, 19 and 21 of the Constitution of India by a nine Judge Bench judgment of the zenith court in K.S.Puttaswamy and Anr. v. Association of India and Ors.

The cons of this sort of circumstance are the hugeness of information that is being penetrated and sold. Consequently, the measure of individuals whose lives are being controlled and furthermore whose crucial rights are being penetrated is a tremendous sum and subsequently the present circumstance can’t be trifled with as a careful conversation of these strategies is required and the present circumstance should be promptly managed as large information and observation has switched the manner in which our administrations all up the world are working. [10]


The Data Protection Bill, 2019 is the most important guide to the topic with regards to how information-driven approach has changed law implementation, as these days the lawmakers need to remember the current situation we live in for example innovative period and need to make the enactments which can satisfy the recently arising necessities and issues emerging out of our present circumstance which incorporates digital wrongdoing, web-based media tormenting, security break, an information storing and so forth

The information out there makes us more helpless as though fallen into wrong hands it can turn into an enormous danger to our opportunity prompting more enemy of social and criminal conduct which can be utilised as a weapon either by the people for individual additions or additionally by different countries to advance their own plans in future. Large information and reconnaissance offer exceptionally complex freedoms for law-breaking in non-conventional manners as a society depends on electronic frameworks for everything from aviation authority to operations to public safety even a little glitch in these activities can place our lives at serious risk.

Information insurance laws are covered under the idea of property as in the digital world information is only the centre of our property-explicit authoritative measures and are largely part of our right to ownership. The PDP bill isn’t sufficient to address the security-related damages of our information economy in India and consequently, it has gotten very significant with the developing requirements of our general public and an innovatively arising world where an information break is a genuine issue this space of law is transitioning in India and will ideally be settled with appropriate arrangements and system soon.

Tanisha Pandey, is a third-year law student at New Law College, Bharati Vidyapeeth Deemed University, Pune currently pursuing BBA LLB.

[1] S.V Joga Rao, Computer Contracts and Information Technology Law (2nd Ed. 2005)

[2] David Parkins, “The world’s most valuable resource is no longer oil, but data”, Regulating the internet giants (May. 5, 2020




[6] India, “Personal Data Protection bill, 2019,” Pub. L. No. 373 of 2019, (May. 6, 2020, 9:00 AM),

[7] https://www.s/

  • [8]



Leave a Reply