(This is the first part of a two-part article series which analyses and explores the various facets of the proposed Personal Data Protection Bill in the pipeline. The first part explores the backdrop in which the Bill was proposed, and the second part analyses the specific provisions of the Bill to assess whether it is an effective legislation.)
Since the beginning of time, human growth has been driven by technological progress. From the invention of the wheel to the creation of the internet, humans would have been unable to accomplish the heights they have achieved today without technology. Every generation has seen the staggering growth of technology and its far-reaching consequences on societies. The advent of the 21st century saw the markets being flooded with cellular devices coupled with the internet. This resulted in more and more people entering the "cyberspace". As internet and cellular devices got cheaper, the exodus of people into the "cyberspace" only increased. Today, we are at a point where these technologies are omnipresent. Gmail, Google Maps, WhatsApp, YouTube, our numerous shopping and food delivery apps, life would be unimaginable without them. The heavy reliance on these technologies has resulted in them knowing everything about us: tiny details which we do not share with anyone, behavioural tendencies which we are not even conscious of, things which the human eye usually misses out on, everything! These apps record it all, process it, and then use it to influence our behaviour a specific way (usually towards consuming more of what they have to offer). For example, the previews which you may see for any given movie on Netflix would be different from the preview we would see.1 This is because Netflix uses a complicated algorithm to determine what each individual user is most likely to click on and then depending on that, sources person-specific images from any given movie to create its preview.
The availability of such excruciating amounts of "personal data" about everyone, therefore, also makes these technologies omniscient. Because personal data is data which relates to characteristics, traits, or attributes of identity, which can be used to identify an individual, it can be used in several different ways to influence millions of people, as we have just seen with the Netflix example. Elections can be swung by focusing on pressure points of individuals based on their behavioural tendencies; Governments and organisations can influence people to act a certain way, this could involve being inclined towards buying specific products, or believing in the existence of a certain narrative, etc. All of these are rather bleak scenarios, but that is precisely the amount of power which our data can put in the hands of any individual or organisation. For these reasons, countries around the globe are moving towards stringent data protection laws.
The shortcomings of the framework prompted the Ministry of Electronics and Information Technology to set up a Committee of Experts in July, 2018. This Committee, chaired by Justice B.N. Srikrishna, was tasked with the job of examining the various issues related to data protection in India. Their job became all the more relevant and important a month later when in August, 2017 the Supreme Court declared privacy to be a fundamental right guaranteed under Article 21 of the Indian Constitution.8 The Justice Srikrishna Committee submitted its report, along with a Draft Personal Data Protection Bill, 2018 ["PDP Bill 2018"] to the Ministry in July 2018. In December, 2019 the Government introduced in parliament the Personal Data Protection Bill, 2019 ["PDP Bill 2019"]. The Bill seeks to put in place a comprehensive data protection framework, governing the processing, transfer, and usage of data by both, Government and other organizations. It further seeks to put in place the Data Protection Authority of India ["DPAI"] entrusted with the job of making sure that the regulations are being adhered to, and to provide further rules and regulations pertaining to personal data.
(The second part of this article discussed the intricacies of the Bill and the pros & cons of the same.)
2. Justice Srikrishna Committee Report, available at:
3. Rule 4, IT Rules 2011.
4. Rule 5, IT Rules 2011.
5. Rule 6, IT Rules 2011.
6. Rule 7, IT Rules 2011.
7. Rule 8, IT Rules 2011.
8. K.S. Puttaswamy v. Union of India, (2017) 10 SCC 1.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.