wordpress blog stats
Connect with us

Hi, what are you looking for?

From user consent to legitimate uses: Here are the rejected amendments to India’s Data Protection Act

Despite scope for discussion on close to 50 proposed amendments proposed by three opposition MPs, the passage of the Data Protection Bill turned out to be anticlimactic.

Ad: India’s Data Protection Bill is here, and your business needs to adapt. K&S Digiprotect, with its team of data protection experts, offers compliance services tailored to help you adapt to the new regulations, safeguard your data and build trust with your customers. Contact us now!

The passing of the Digital Personal Data Protection Bill, 2023 in the Rajya Sabha proved to be anti-climactic with the absence of Opposition MPs during the discussion and voting process. There was much scope for discussion as well considering around 50 amendments were scheduled to be discussed by MPs Dr. John Brittas, Vinay Vishwam and A. D. Singh.

Meanwhile, around 21 amendments were moved with regards to the Bill in the Lok Sabha of which only one amendment moved by Vaishnaw was approved. All the other 20 amendments were moved by RSP MP N.K. Premachandran largely focusing on the treatment of consent in the Bill. His arguments were as follows:

Specifying the need for user consent: The Bill describes personal data breach as “any unauthorised processing of personal data or accidental disclosure, acquisition, sharing, use, alteration, destruction or loss of access to personal data, that compromises the confidentiality, integrity or availability of personal data.” Premachandran moved an amendment to insert “without obtaining consent in writing with signature” at the end of this definition. Similarly, under grounds for processing personal data, Premachandran asked that the user’s consent for processing for data should be given “in writing with signature.”

These amendments put greater onus on entities to ensure user consent before processing data.

Expanding the scope of notice and purpose limitation: Premachandran moved that personal data for “certain legitimate purposes” should only be used “prior notice to the Data Principal and with written consent duly signed by the Data Principal”.

Article continues below ⬇, you might also want to read:

He also suggested that where an entity is allowed to continue processing a user’s personal data until and unless there is a withdrawal of user consent, the scope of the processing should be limited to “the purpose for which consent has been given” in the notice.

Legitimate purpose to be sanctioned by a committee: The Bill allows the processing of personal data without an explicit request of consent in case of performance of state duties, fulfilment of obligations under the law, medical emergencies and employment purposes.

Premachandran asked that all of these situations must first require “prior permission of the three Member Committee consisting of a Retired Judge of Supreme Court acting as the Chairman and two retired High Court Judges as the Members.” This would have ensured that due process of law will be followed.

Limiting data retention provisions: The Bill states that an entity must cease processing of a user’s personal data “within a reasonable time” once consent is withdrawn. The MP asked that “reasonable time” be substituted with “five hours” to ensure a proper time-frame for data retention once consent is withdrawn.

Remove state instrumentalities under legitimate uses: Section 7 of the Bill talks of legitimate uses of processing data without asking for consent and the entities to whom this data may be provided including “the State and any of its instrumentalities.” MP N.K. Premachandran asked that the phrase “any of its instrumentalities” be removed from the situations relating to provision of benefits, performance of state function, etc. Doing so would narrow down the wide-ranging access given to government entities. However, this amendment was rejected.

Narrowing down of processing under medical emergency: As per the Bill, personal data may be processed if there is a legitimate use “for responding to a medical emergency involving a threat to the life or immediate threat to the health of the Data Principal or any other individual.” Premachandran asked that “any other individual” be omitted from this clause.

Narrowing down of processing under safety provision: As per the Bill, personal data may be processed if there is a legitimate use “for taking measures to ensure safety of, or provide assistance or services to, any individual during any disaster, or any breakdown of public order.” Premachandran moved that “or any break down of public order” be removed from this clause.

Provision of Data Protection Officer’s contact: The Bill states that every request for consent shall be presented to a user in a clear and plain language, “providing the contact details of a Data Protection Officer, where applicable, or of any other person authorised by the Data Fiduciary to respond to any communication” from the user. Premachandran asked that “where applicable” be omitted from this clause. This ensures that every consent request compulsorily has contact details of the relevant authority.

Note: The headline was edited at 11:13 AM on August 11, 2023, for brevity.

STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!

Written By

I'm interested in the shaping and strengthening of rights in the digital space. I cover cybersecurity, platform regulation, gig worker economy. In my free time, I'm either binge-watching an anime or off on a hike.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...


Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...


RBI Deputy Governor Rabi Shankar called for self-regulation in the fintech sector, but here's why we disagree with his stance.


Both the IT Minister and the IT Minister of State have chosen to avoid the actual concerns raised, and have instead defended against lesser...


The Central Board of Film Certification found power outside the Cinematograph Act and came to be known as the Censor Board. Are OTT self-regulating...

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ