KEMBAR78
PDP Flowchart Unit 2 | PDF | Privacy | Governance
Scribd
Upload
20 views5 pages

PDP Flowchart Unit 2

The Personal Data Protection (PDP) Bill in India aims to regulate the digital ecosystem while addressing data sovereignty and privacy concerns. Key provisions include data localization, definitions of personal and non-personal data, and state exemptions for consent, which have sparked debates over citizen rights and surveillance. The revised Bill reflects conflicting interests between privacy, state power, and economic goals, highlighting the need for a balanced approach to data governance.

Uploaded by

Arushi Tewari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views5 pages

PDP Flowchart Unit 2

The Personal Data Protection (PDP) Bill in India aims to regulate the digital ecosystem while addressing data sovereignty and privacy concerns. Key provisions include data localization, definitions of personal and non-personal data, and state exemptions for consent, which have sparked debates over citizen rights and surveillance. The revised Bill reflects conflicting interests between privacy, state power, and economic goals, highlighting the need for a balanced approach to data governance.

Uploaded by

Arushi Tewari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

1.

Introduction: Data Governance as Political Strategy

The Personal Data Protection (PDP) Bill marks a crucial step in India's attempt to regulate its
digital ecosystem.

The Bill is intertwined with India’s broader strategic and economic objectives, including
resistance to data imperialism and pursuit of data sovereignty.

The governance of technology, particularly personal data, has become deeply political.

The government emphasizes utilizing citizen-generated data for public welfare and national
interest, but civil society warns of the lack of transparency and surveillance risks.

2. Evolution and Background of the PDP Bill

The 2017 Puttaswamy judgment by the Supreme Court recognized privacy as a fundamental
right, triggering legislative urgency.

Subsequently, the MeitY (Ministry of Electronics and Information Technology) set up the B N
Srikrishna Committee to frame the Bill.

The Committee faced criticism from civil society and campaigns like #SaveOurPrivacy for lack of
diversity, limited transparency, and influence of pro-Aadhaar advocates.

Previous attempts at privacy legislation (2011, 2012, 2014) were also initiated but failed to gain
traction.

3. Data Protection and the National Vision

The Srikrishna Committee released the draft PDP Bill in 2018, along with the report A Free and
Fair Digital Economy.

Policies like the Draft E-Commerce Policy and Economic Survey 2019 began to frame data as a
“public good”, “natural resource”, or “community asset.”

This framing promotes data extraction for economic development and AI strategy, with minimal
concern for privacy safeguards.
These documents fail to clearly define the boundary between personal and non-personal data,
risking misuse of anonymized data.

4. Key Provisions and Stakeholder Interests

A. Data Localisation

Sections 40 and 41 mandate data localisation, requiring storage of personal data within India.

Justifications:

Law enforcement access during criminal investigations.

Resistance to data colonialism by foreign Big Tech firms.

Indian corporates like Reliance and PhonePe support it for economic and nationalist reasons.

Foreign firms (Google, Facebook, WhatsApp, Mastercard) oppose it due to costs and restricted
cross-border data flow.

The US government has officially opposed localisation in trade negotiations, highlighting


geopolitical friction.

B. Definitions: Personal and Non-Personal Data

The PDP Bill defines personal data as information identifiable to a person, differing subtly from
the GDPR definition.

Issues:

Defining non-personal data remains unclear.

Mixed datasets and the lack of consent frameworks complicate governance.

The Bill proposes a fiduciary model (as supported by the Srikrishna Committee) versus the
ownership-based model promoted by private firms and government bodies.

C. Consent and State Exemptions


Section 13 allows the state to bypass consent when:

Necessary for legislative functions.

Necessary to deliver welfare services.

Necessary for issuing certifications.

These exceptions are based on the condition that actions must be “authorized by law” and
“necessary.”

Critics argue this erodes citizen control and strengthens state surveillance—a concern ironically
acknowledged by the Committee itself.

D. Surveillance Reform

Although not in its mandate, the PDP Bill touches on state surveillance indirectly through
exemption clauses.

The Srikrishna Committee endorses necessity and proportionality, globally recognized as best
practices for surveillance.

However, lobbying from the Ministry of Home Affairs has led to weaker language like “necessary
and expedient” in the revised Bill.

This reduces judicial oversight and expands state discretion in surveillance activities.

5. Governance of Non-Personal Data

A new committee headed by Kris Gopalakrishnan is drafting governance norms for


non-personal data.

Key questions:

Should non-personal data be publicly owned?

Who has the right to monetize and trade such data?

Influential figures like Nandan Nilekani advocate for “data democracy”—allowing citizens to
trade their data.
Members from Infosys, iSpirt, and government ministries suggest a convergence on
pro-localisation and public data ownership policies.

Civil society voices like Parminder Jeet Singh support restrictions on cross-border data flows
and community-based ownership.

6. Conflicting Interests and Policy Deadlocks

Conflicting interests slow down legislation:

Citizen privacy vs state surveillance.

Data sovereignty vs global data flows.

Start-ups’ compliance costs vs Big Tech’s resistance to regulation.

India’s refusal to join the Osaka Track (WTO e-commerce negotiations) and RCEP e-commerce
chapter shows its hard stance on localisation.

However, the revised PDP Bill (2019) diluted localisation for sensitive personal data only,
indicating that global lobbying influenced policy.

7. Conclusion: The Path Ahead

The revised PDP Bill was sent to a Joint Parliamentary Committee for review.

Major changes include:

Weakened surveillance safeguards.

Inclusion of non-personal data for policy-making.

Broader powers to the state and data protection authority (DPA) to access anonymized data.

The tension between citizen privacy and economic/diplomatic interests continues to shape the
bill.
A meaningful data protection framework must prioritize citizen rights, embed strong consent and
oversight mechanisms, and resist diluting protections under the guise of development.

You might also like