A complete guide to the Data Protection Bill, 2021

The report of the Joint Parliamentary Committee (JPC) on the Personal Data Protection (PDP) Bill was tabled in both Houses of Parliament on December 16, bringing us one step closer to India’s first data protection law, which will significantly impact how businesses collect data about users and the rights that users have over the data that is collected about them.

MediaNama has prepared a guide to the Data Protection Bill, 2021, that gives you an overview of the Bill, its history, concerns, and what people think about it.

1. The Bills:
   1. JPC Report and Data Protection Bill, 2021 [download]
   2. Personal Data Protection Bill, 2019 [download]
   3. Personal Data Protection Bill, 2018 [download]
2. Summaries of various key sections of the Data Protection Bill, 2021:
   1. Obligations of data fiduciaries [read]
   2. Personal data of children [read]
   3. Rights of individuals [read]
   4. Reporting of data breaches [read]
   5. Role of data protection officers [read]
   6. Data localisation norms and restrictions on cross border data transfer [read]
   7. Powers of the government and government access to data [read]
   8. Data Protection Authority (DPA) [read]
   9. Non-Personal Data (NPD) [read]
3. Key Takeaways From The JPC Report Tabled In Parliament [read]
4. Exclusive interview with JPC Chair PP Chaudhary [read]
5. Dissent notes to the Data Protection Bill, 2021:
   1. All dissent notes [download]
   2. Summaries:
      1. Lok Sabha MP Manish Tewari [read]
      2. Lok Sabha MP Mahua Moitra and Rajya Sabha MP Derek O’Brien [read]
      3. Lok Sabha MP Ritesh Pandey [read]
      4. Rajya Sabha MP Dr. Amar Patnaik [read]
      5. Rajya Sabha MP Vivek Tankha [read]
      6. Rajya Sabha MP Jairam Ramesh [read]
      7. Lok Sabha MP Gaurav Gogoi [read]
6. MediaNama’s Decoding India’s Data Protection Bill Event #NAMA:
   1. MP Ritesh Pandey On Data Protection Bill: Childrens Consent, DPA, Govt Access To Data; Hopes That Judiciary Will Add Checks And Balances [read]
   2. Obligations of Data Fiduciaries:
      1. Lower Age Of Consent, Limit Data Portability, Strengthen Data Breach Rules, And Introduce More Grounds For Processing Data [read]
      2. Financial Data, Non-Personal Data And Algorithmic Transparency Should Be Regulated Separately [read]
   3. Cross-Border Data Transfers 
      1. Restrictions On Cross-Border Data Transfer Will Hurt Indian Start-Ups That Depend On Global Tools [read]
      2. Issues Around Cross-Border Transfer Approval, Data Localisation, Adequacy, And Exemptions To Foreign Data [read]
   4. Data Protection Authority
      1. How Should The DPA Be Set Up And What Functions Should It Have [read]
   5. Government access to data
      1. How Government Access To Data Is Carved Out Of Fiduciary Obligations [read]
      2. How Can We Introduce Accountability For Surveillance Of Citizens? [read]
   6. User Rights
      1. Burden On Users To Establish Harm, Problems In Ascertaining Compensation Amount And More [read]
      2. Possibility Of Misuse Of Right To Be Forgotten, Overlap With Right To Erasure And More [read]
7. Industry impacts:
   1. Online Advertising [read]
   2. Social Media [read]
8. Views: 
   1. Facing The Consequences Of The Data Protection Bill On Children’s Digital Privacy [read]
   2. How Function Of State May Limit Informed Consent: Examining Clause 12 Of The Data Protection Bill [read]
   3. Clause 12 Of The Data Protection Bill And Digital Healthcare: A Case Study [read]
   4. The Data Protection Bill 2021: A Missed Health Opportunity [read]
9.  Statements by industry bodies:
   1. IAMAI: Data Protection Bill Has Changed Fundamentally From 2019 Version, Needs Consultations [read]
10. Personal Data Protection Bill, 2019
    1. A Complete Guide To The Personal Data Protection Bill, 2019 [read]
11. Other key reading material:
    1. Srikrishna Committee Report (on which the 2018 Bill was based) [download]
    2. Dvara Research’s Personal Data Protection Bill [download]
    3. MP Shashi Tharoor’s Data Protection Bill [read]
    4. MP Jay Panda’s Data Protection Bill [read]
    5. SaveOurPrivacy.in bill [read]
    6. TRAI recommendations on privacy [read], [comments]

We will keep updating this post with more resources and developments.

Timeline of the bill’s progress

• July 2018: The PDP Bill is first drafted by an expert committee headed by Justice BN Srikrishna.
• October 2018: Subsequently, the Ministry of Electronics & Information Technology says that it will be drafting the bill.
• December 2019: The bill is referred to a Joint Parliamentary Committee and BJP MP Meenakshi Lekhi is appointed chairperson.
• September 2020: The committee requests and obtains an extension of time for the presentation of their report.
• December 2020: The committee undertakes a clause-by-clause review of the bill.
• March 2021:  Once again, the committee requests and obtains an extension of time for the presentation of their report.
• July 2021: The Lok Sabha Speaker rules out any further extension for submission of the report.
• July 2021: PP Chaudhary is appointed as the new chairperson of the JPC after Meenakshi Lekhi gets elevated to a minister in the Union Cabinet.
• July 2021: Committee is granted extension to present report in Winter Session.
• November 2021: Committee holds meeting to discuss consideration and adoption of its draft report.
• December 16, 2021: Report of the Joint Parliamentary Committee is tabled in the Parliament.

[gravityform id=”1″ title=”true” description=”true”]

Subscribe to MediaNama to get access to our ongoing coverage of the bill. Here is everything we have planned around the report: