<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=654132&amp;fmt=gif">

India's Joint Parliamentary Committee Announces Recommended Changes to Privacy Bill

Last month, the Indian Joint Parliamentary Committee submitted its report on the 2019 Personal Data Protection Bill after two years of consideration, research, and analysis. The bill, while not a certainty but likely to pass, would replace what some consider to be archaic data protection regulations. Although not finalized, the biggest obstacle if implemented as envisioned is strict data localization. India has been in the group of countries legislating data privacy for decades, culminating in the 2021 JPC report submission. Here’s a look at the history of data privacy legislation in India.


The History of Data Privacy Legislation in India

  • 2000 – Information Technology Act is passed by parliament and signed by President K.R. Narayanan addressing electronic documents, e-signatures, and record authentication.
  • 2017 – The Indian Supreme Court hears Justice KS Puttaswamy vs Union of Indiaand passes a historic judgment affirming the constitutional right to privacy.
  • 2019 – Introduction of the Personal Data Protection Bill and immediately sent to the JPC to be examined.
  • 2021 – JPC submits report on PDP to Indian Parliament revisions.


The long-awaited report submitted December 16, 2021 by the JPC has provided necessary clarification and modifications that seek to enhance the syntax and governance of the bill.


The recommended amendments are as follows:

  • Scope – The bill has a proposed name change to Data Protection Bill and will cover both personal and non-personal data which is unusual as distinction of data type can be difficult when managing mass amounts of data. Clauses also address the deceased and transfer of minor rights (see Clause 16 below).
  • Implementation Timeline – The report outlines a timeline with a 24-month implementation period for data processors to comply.
  • Definitions – The following terms have been defined or revised: consent manager, data auditor, data breach, data fiduciary, data processor, data protection officer, harm, and non-personal data.
  • Clauses 13 & 14 – These clauses apply to consent of personal data processing for employment and legitimate interest, marrying the interests of both the data principal and data fiduciary.
  • Clause 16 – Entities dealing with the data of children must register with the DPA and are required to communicate with the subject 3 months prior to adult age to regain consent and “must continue providing the services to the child unless the child withdraws consent.”


The implementation timeline for the Data Protection Bill is still unknown but will likely be a phased approach. Like California, there is discussion of an oversight committee called the Data Protection Authority of India that would supervise compliance with the proposed law. With the notable amendments to the bill, it’s unlikely we’ll see this come to fruition quickly. Not unlike most proposed privacy legislation, it has been met with dissent and opposition and will have to make its way through the courts of India before becoming law.


All Posts

A Global Perspective: What Is Data Privacy Like in Other Countries?

107 countries have data protection rules in place to secure data privacy.

Even if all you are doing is collecting email addresses for your newsletter, you may get required in many countries to inform your audience of the facts and policies that pertain to your site. If you don't follow data privacy regulations, you could end up with huge fines or legal action from website visitors.

What is data privacy, and how will it affect your customers both domestically and internationally? Let's take a look.

1. The United States

In short, data privacy is a branch of security connected with the handling of data. It deals with how you store and collect data, as well as how information gets shared with third parties. Data privacy policies may require you to disclose how you will use the information before people share it with you.

In the United States, the Federal Trade Commission regulates privacy laws. The Federal Government, however, leaves the details up to each state.

The data privacy bill in California, for example, requires businesses to disclose what information they collect, what business purposes they collect it for, and which third parties they share it with. Businesses must comply with official consumer requests to delete the data.

Data is an important aspect of any organization. Loss of information can lead to direct losses in the form of sales, fines, or monetary judgments. Privacy laws in your area are therefore of utmost importance. 

2. The United Kingdom

Data privacy in the UK gets regulated by the Information Commissioner's Office. The law requires transparency about why you are collecting personal data and how you plan to use it.

If you use browser cookies, you need to clearly explain how you will use them. The law requires the informed consent of your users. UK policies focus on data protection fees, data offenses, the protection of children, and law enforcement.

3. The European Union

The General Data Protection Regulation became enforceable in 2019 in all countries in the European Union. These include Belgium, German, France, and Italy.

The GDPR protects citizens of the EU from unlawful data collection. It increases consent requirements.

Businesses who collect data are required to supply users with privacy policies that are easy to understand. It imposes punishments on any who violate its requirements.

Personally identifying information, such as names, emails, passport information, and bank details get regulated by GDPR. Sensitive personal data, such as health, political, ethnic, and religious information, also gets protected.

Under the GDPR, individuals are required to give informed consent about how their data gets processed. Companies need to implement clickwrap methods that utilize checkboxes and clearly labeled buttons. If you use cookies, you will probably need customer consent.

Companies get required to report data breaches within seventy-two hours, including the nature of the breach, consequences, and proposed measures taken.

Data protection assessments are required when data processing poses a threat to the rights and freedoms of a person. This may happen when a company possesses a lot of specialized personal data, or when they use new technology.

4. Brazil

Brazil is one example of a country that was inspired by the GDPR in the European Union. Its new General Data Privacy Law, which took effect in 2018, is nearly identical in terms of its scope, applicability, and penalties for noncompliance. 

5. Australia

Australia's Privacy Principals (APP) is a collection of thirteen principals related to the handling of personal information.

The law details how and why you may collect personal information, as well as how individuals can access that information. In order to avoid complaints, the APP requires businesses to have a clear and accurate privacy policy that includes all requirements laid out by the APP. Larger organizations must disclose data breaches within thirty days.

6. Canada

Canada’s Personal Information Protection and Electronic Data Act governs how you collect, store, and use information about users online. Privacy policies must get made readily available to customers.

7. China

The Standardization Administration of China unveiled the final version of its privacy bill in 2018. It contains provisions related to transparency and personal rights over data and consent.

The law is similar to the GDPR. It contains guidance on user consent, data protection, data access, and obligations for disclosure. 

8. Japan

In Japan, the Personal Information Protection Act protects the rights of individuals when it comes to their personal data. The definition of personal data in Japan is very broad, and it even applies to information found in public directories.

In order to share personal information with a third party in Japan, you must obtain third-party consent. The law also contains provisions for third-party transfers, record-keeping, anonymity, and breaches.

Japan has created a "white list" of EU countries that use sufficient caution when handling personal information.

9. India

In India, The Information Technology Act requires every company to have a privacy policy on its website. The privacy policy is required to describe what data you collect, the purpose of the data, any third parties it could get disclosed to, and what security practices are used to protect the data.

There is some private information that cannot get collected without the consent of the user. This may include passwords or financial information.

What Is Data Privacy?

What is data privacy? It is one of the most important decisions you will make regarding your business. The security, trust, and future business of your customers depend upon your ability to keep their personal information secure.

For more information on streamlining your data privacy policy, request a demo today.

About Truyo
Powered by IntelⓇ, Truyo is the automated answer for enterprises seeking to deploy truly integrated SAR, consent, and other data privacy rights processing capabilities that scale with your needs, deliver conspicuous compliance, and adapt to new privacy regulations as they emerge.
Recent Posts

India's Joint Parliamentary Committee Announces Recommended Changes to Privacy Bill

Last month, the Indian Joint Parliamentary Committee submitted its report on the 2019 Personal Data Protection Bill after two years of consideration, ...

Log4J Vulnerability Update

At Truyo we take data privacy and security very seriously. Recently a security vulnerability was reported in the open-source Java library “Log4J” that...

Forrester Wave Announcement: Truyo Named Strong Performer

Report notes Truyo’s “management and fulfillment of individual privacy rights capabilities are some of the best in the market ” PHOENIX (Dec. 09, 2021...

Human Error: The Pitfalls of Manual SAR Response

In the age of information, organizations have increased the amount of consumer data housed in structured and unstructured environments. As consumers b...