India, being an emerging nation, is experiencing rapid development, particularly in the realm of technologies. One such outstanding instance is India’s transition to a purely digital economy. However, in a nation like India, the lack of regulations regarding data protection has harmed the expectation of privacy guaranteed by the Indian Constitution; the requirement for such laws was highlighted by the court’s ruling in the instance of K.S. Puttaswamy, J. v. Union of India and others.


As a result of the increasing number of people using the internet and the broad use of technology, an immense amount of sensitive information has been generated. This data has been gathered without the consent or accountability of individuals, raising worries regarding privacy violations.

In response to increasing concerns about data privacy, a group of experts was formed in 2012 to outline core areas of data privacy protection, such as transparency, collection and purpose constraints, security, confidentiality, consent gathering, availability of data, and correction, and observe them by investigating authorities. Several individuals were concerned about the growing popularity of Aadhar. Several petitions have been brought to the Supreme Court, alleging threats to privacy as a result of data breaches, etc.

Soon after recognising the need for such data protection laws in India, the authorities of India’s Ministry of Communication and Information Technology developed a group of ten specialists led by Justice B.N. Sri Krishna, a former member of the Supreme Court, within July 2017 to look into the problem-solving of the desire for laws governing data protection. The B.N. Krishna Committee of the Supreme Court published its report on July 27, 2018.

Immediately following that, on December 11th, 2019, the Indian Parliament accepted the Drafted Personal Data Protection Bill, 2019. The primary purpose of this legislation is to address rising data security and confidentiality issues by promoting an environment that encourages the growth of a democratic and equitable digital economy while protecting Indians’ right to privacyg an environment that encourages the growth of a democratic and equitable digital economy while protecting Indians’ right to privacy. This Data Privacy Bill 2019 creates an independent Data Security Authority (DPA) to oversee data protection issues and allows for specific exclusions and their justifications.


The Department of the Ministry of Information Technology and Electronics proposed a new law, the Digital Personal Data Protection Bill 2022, on November 18, 2022. If approved by Parliament, it will substitute for the 2011 rules as well as some elements of the current legislation. The bill intends to impose requirements on corporations that establish the aims and methods of data processing (referred to as “data fiduciaries”). Organisations that collect identifiable information from users for the purpose of selling and delivering groceries, for example, conclude that the aim of collection is to assist with the purchase and shipment of goods. It also attempts to govern firms that process this kind of information (known as “data processors”) in accordance with the companies’ decisions.

For instance, if an application employs the services of an internet storage provider to keep sensitive data, such a provider would only operate on orders from the corporation. Aside from that, the bill specifies the legal rights of the people to whom personal data relates (referred to as “data principals”).


In accordance with the PDP Bill, 2019, personal information refers to any data that can be used to either directly or indirectly pin down any natural person, whether or not online or offline, containing every characteristic, trait, characteristic, or feature that establishes one’s identity in regard to a natural person, and in any of these combinations that can be utilised in determining a person, it will be categorised as “personal data” and thus fall under the authority of the Personal Data Protection Bill.

Personal data processing by trusted third parties or data processors that are not present on Indian territory if such handling is in conjunction with any business that is carried out in India or any continuous activity of supplying products or services to data protagonists on Indian territory

This regulation is intended to govern the collection and use of individual information that has been acquired, released, exchanged, or otherwise processed inside the territory of India. Personal data processing by the government of India, any Indian enterprise, any Indian citizen, or any other individual or body of individuals incorporated or constituted under Indian law.


The necessity for a poll emerged since Tsaaro wanted to hear from privacy specialists on the Proposed Personal Data Protection Bill, 2019. Tsaaro hopes to gain significant insights on the draft that portrays the people’s position through this poll.

We designed our poll so that we could engage with folks and, via a series of inquiries, learn what they believe is required and what needs to be done to guarantee that our law meets worldwide standards.

We developed the poll using web-based tools and sent the information to privacy professionals via social media and personal mail. Tsaaro thoroughly researched the future law and the issues of interest. We prepared a survey, in which we collected comments from over two hundred privacy advocates in order to examine how individuals working in the field have responded to the forthcoming statute.

The survey was made up of four steps, which were as follows:

  • Tsaaro began by thoroughly researching the 2019 bill on the protection of personal data and developing the questionnaire appropriately.
  • The poll was handed out over several channels in the second stage to achieve maximum participation.
  • The final phase included individuals taking the survey and providing useful feedback.
  • Tsaaro researched the insights extensively and created a report to portray the participants’ positions in the fourth phase.

The principal conclusions of the private information protection poll were that the majority of participants are worried that the bill fails to provide data subjects with the same rights as privacy legislation such as the GDPR does.


The Indian government recommended a personal data protection measure that would force firms to retain personal data in India, raising security and governmental access to data issues. Some businesses supported the bill, claiming it would improve law enforcement accessibility and give the Indian government greater flexibility in taxing internet giants. Civil society businesses, on the other hand, criticised the open-ended prohibitions for government monitoring and pointed out that encryption keys may still be within the grasp of national authorities. The measure was opposed by IT behemoths and industry groups, who feared a fractured internet and protectionist rules that would damage young startups and larger corporations that process international data in India. Due to the response and the demand for reform, the measure was eventually dropped.


The Personal Data Protection Bill, 2019, was later abandoned and the Indian government has since submitted the Drafted Personal Data Protection Bill, 2022 in November 2022.

In comparison to existing law, the bill gives individuals significant rights and gives them greater information awareness, decisional autonomy, and control over their personal information, while also requiring companies to respect individuals’ rights and provide operational redressal mechanisms, with serious consequences of up to Rs 50 crore for infringing on individual rights. The proposed law takes significant steps towards ensuring the rights of digital users by granting people actionable rights, requiring corporations, and proposing the establishment of the Privacy and Data Protection Board to serve as an adjudicatory authority for the settlement of user disputes. While the consultation with the public is still ongoing, it remains to be seen whether the bill will be introduced during the Budget Session.

Click Here : Draft Personal Data Protection Bill 2019