Submissions
India's Personal Data Protection (PDP) Bill

India's Personal Data Protection (PDP) Bill

Understanding Concerns of Stakeholders

Key concerns and recommendations about the PDP Bill (2019 draft) are listed below.

Make a submission

Submissions are closed for this project

Bhavani Seetharaman

Bhavani Seetharaman

Review of Definitions under the PDP

Ambiguous definitions for compliance (Clauses 14, 24) more
  • 0 comments
  • Submitted
  • 12 Sep 2021
Bhavani Seetharaman

Bhavani Seetharaman

Data localization and international policy

Competitive Disadvantage - Clause 34 Clause 34 highlights governance over data transfers between different countries, giving exceptions to only certain allowances such as emergencies. By doing so, the ease of doing business with multiple entities1 situated in different countries becomes more complex, resulting in loss of opportunities for Indian businesses to compete on the global stage. United N… more
  • 0 comments
  • Submitted
  • 12 Sep 2021
Bhavani Seetharaman

Bhavani Seetharaman

Costs of compliance

Expensive Hiring Requirements (Clause 30) Clause 30 in the draft PDP 2019 Bill requires hiring a Data Protection Officer (DPO) for implementing grievance redressal mechanisms and for accountability during inquiries in case of non-compliance. There is no clarity about whether such a role can be outsourced to third parties who specialize in such compliance requirements. The European General Data Pr… more
  • 0 comments
  • Submitted
  • 12 Sep 2021
Bhavani Seetharaman

Bhavani Seetharaman

Power of the Data Protection Authority (DPA) over Personal Data Governance

- Lack of stakeholder interaction (Clauses 26,34,53,93, 94) Although Clause 50 mentions that trade associations, among other actors, will be included to conduct stakeholder interactions to develop the code of practices, it is unclear how small organizations, who are not members of these trade associations, can participate in giving inputs about PDP compliance practices. more
  • 0 comments
  • Submitted
  • 12 Sep 2021
Bhavani Seetharaman

Bhavani Seetharaman

Governance of Non Personal Data and Intersection with Other Legislation

Jurisdiction Clause 91 allows for the collection of Non Personal Data (NPD). Members and representatives from the startup and investor community in India have shared strong opinions that India needs a PDP Bill first before NPD regulation can be considered 1. more
  • 0 comments
  • Submitted
  • 12 Sep 2021
Bhavani Seetharaman

Bhavani Seetharaman

Conclusion and recommendations

Broad recommendations for smaller organizations: For smaller organizations to comply with PDP, two suggestions have been made: more
  • 0 comments
  • Submitted
  • 12 Sep 2021
Bhavani Seetharaman

Bhavani Seetharaman

Glossary

CDO: Chief Data Officer DF: Data Fiduciary DPA: Data Protection Authority DPO: Data Protection Officer GDP: Gross Domestic Product GDPR: General Data Protection Regulation (European Union Regulation, 2016) JPC: Joint Parliamentary Committee on the Data Protection Bill 2019 MSME: Ministry of Small and Medium Enterprises NPD: Non Personal Data (framework) PDP: The Personal Data Protection Bill (201… more
  • 0 comments
  • Submitted
  • 12 Sep 2021
Make a submission

Submissions are closed for this project

Hosted by

Privacy Mode is a forum for discussions on privacy, data security and compliance. Participate and collaborate with India’s pioneering privacy-tech community. Industry surveys: In 2020, Privacy Mode executed two surveys: more