Print Friendly, PDF & Email

New draft digital data protection bill: How it compares with the older version and laws elsewhere

GS Paper 2

Syllabus: Government policies and issues arising out of it


Source: TH

 Direction:  Previously we have seen the key provisions of the new Bill. These are extra points and will help in understanding how the new Bill differs from its older version and data protection laws around the world.

 Context: The draft Digital Personal Data Protection Bill, 2022, was recently opened by the Union Ministry of Electronics and IT (MeitY) for public comments.


How the 2022 Bill differs from its older version:

 2022 Bill2019 BillConclusion
Personal dataCompletely inapplicable to data processed manuallyOnly excluded data processed manually specifically by small entitiesThe new Bill provides a lower degree of protection
Data localisationRelaxes data localisation rules and permits data to flow to certain global destinations, based on their data security landscapeMandated enterprises to keep a copy of sensitive personal data within India and prohibited the transfer of critical personal data from the countryThe new Bill made the changes to address the concerns expressed by IT firms
Regulation of social media and non-personal dataDrops provisions to regulate non-personal data (information that does not reveal the identity of an individual) and social mediaIncluded 
The right to post-mortem privacyIncludedNo such provisionIt would allow the data principal (users) to nominate another individual in case of death or incapacity
Territorial application of the lawExcludes data processing by Indian data fiduciaries that collect and process personal data outside India, of data principals who are not located in IndiaIncludedImpact statutory protections available for clients of Indian start-ups operating overseas, thus impacting their competitiveness
PenaltyThe focus is more on financial penaltiesCriminal conviction


Data protection laws in other geographies:

  • EU model:
    • In the EU, the right to privacy is enshrined as a fundamental right, protecting an individual’s dignity and her right over the data she generates.
    • The General Data Protection Regulation (GDPR), a comprehensive data protection law, has been criticised for being stringent, but it serves as the model for most legislation produced globally.
  • US model: Privacy protection is largely defined as “liberty protection” focused on the protection of the individual’s personal space from the government.
  • China model: New Chinese laws on data privacy and security gives Chinese data principals new rights as it seeks to prevent the misuse of personal data.


Conclusion: Though the new data protection bill of India is significantly simpler this time excluding non-personal data, it will require several modifications before it is practical.


Insta Links:

New draft digital data protection bill tabled for comments


Mains Links:

Q. Critically analyse the provisions of the Data protection bill. Mention the changes suggested by various committees on the data protection bill.