Q.2)The issues related to privacy in social media have been a major concern. Critically analyze how the Personal Data Protection Bill can help in addressing the issue.

Why this question:

Recent change by WhatsApp in its privacy policy has made the Personal Data Protection Bill a need.

Key demand of the question:

Importance of the Personal Data Protection Bill.


Critically analyze- The key to tackling this question is providing ample evidence to support the claims. Ensure that the analysis is balanced by shedding light on, and presenting a critique of, and alternative perspectives. Present extensive evidence taken from a varying range of sources.


Give a brief introduction about the current laws governing the data privacy currently in India.


In the first part, mention the need for data privacy laws highlighting examples like the Whatsapp privacy policy.

In the next part, mention how the Personal Data Protection Bill addresses the key issues of data privacy highlighting the core provisions of the Bill.


Conclude with a way forward.

Model Answer

The Personal Data Protection Bill, 2019 seeks to provide for protection of personal data of individuals, and establishes a Data Protection Authority for the same. It will safeguard the rights of Indians and data will not be taken without their consent. It derives its inspiration from a previous draft version prepared by a committee headed by retired Justice B N Srikrishna. Currently, there are no express legislations in India w.r.t. data protection and the Personal Data Protection Bill is the first attempt to do so.

Salient features of the Bill

  1. The bill classifies data as 3 types:
  • Personal Data- from which an individual can be identified like name, address etc.
  • Sensitive Personal Data- personal data like as financial, health, sexual orientation, biometric, genetic, transgender status, caste, religious belief, and more
  • Critical Personal Data- Anything that the government at any time can deem critical, such as military or national security data. It must be stored and processed in India.
  1. It removes the requirement of data mirroring (in case of personal data). Only individual consent for data transfer abroad is required.
  2. It requires sensitive personal data to be stored only in India. It can be processed abroad only under certain conditions including approval of a Data Protection Agency (DPA).
  3. It requires social media companies, which are deemed significant data fiduciaries based on factors such as volume and sensitivity of data, to develop their own user verification mechanism.
  4. It includes exemptions for processing data without an individual’s consent for “reasonable purposes”, like security of the state, whistleblowing, medical emergencies, etc.
  5. Creation of an independent regulator Data Protection Authority, which will oversee assessments and audits and definition making.
  6. It grants individuals the right to data portability and the ability to access and transfer one’s own data.
  7. It legislates on the right to be forgotten i.e. allows an individual to remove consent for data collection and disclosure.

Recently, we have seen cases of violation of data privacy increasing all over the world. A very good example in this context is the latest update by Whatsapp in its privacy policy. Such situations highlight the need of a firm and clear law on personal data protection.

The above Bill is in line with the 2017 Puttaswamy Judgement of the Supreme Court that declared Right to Privacy as a fundamental right of citizens  of India which has a population of over a billion and more than 500 active internet users.