<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=654132&amp;fmt=gif">

India's Joint Parliamentary Committee Announces Recommended Changes to Privacy Bill

Last month, the Indian Joint Parliamentary Committee submitted its report on the 2019 Personal Data Protection Bill after two years of consideration, research, and analysis. The bill, while not a certainty but likely to pass, would replace what some consider to be archaic data protection regulations. Although not finalized, the biggest obstacle if implemented as envisioned is strict data localization. India has been in the group of countries legislating data privacy for decades, culminating in the 2021 JPC report submission. Here’s a look at the history of data privacy legislation in India.


The History of Data Privacy Legislation in India

  • 2000 – Information Technology Act is passed by parliament and signed by President K.R. Narayanan addressing electronic documents, e-signatures, and record authentication.
  • 2017 – The Indian Supreme Court hears Justice KS Puttaswamy vs Union of Indiaand passes a historic judgment affirming the constitutional right to privacy.
  • 2019 – Introduction of the Personal Data Protection Bill and immediately sent to the JPC to be examined.
  • 2021 – JPC submits report on PDP to Indian Parliament revisions.


The long-awaited report submitted December 16, 2021 by the JPC has provided necessary clarification and modifications that seek to enhance the syntax and governance of the bill.


The recommended amendments are as follows:

  • Scope – The bill has a proposed name change to Data Protection Bill and will cover both personal and non-personal data which is unusual as distinction of data type can be difficult when managing mass amounts of data. Clauses also address the deceased and transfer of minor rights (see Clause 16 below).
  • Implementation Timeline – The report outlines a timeline with a 24-month implementation period for data processors to comply.
  • Definitions – The following terms have been defined or revised: consent manager, data auditor, data breach, data fiduciary, data processor, data protection officer, harm, and non-personal data.
  • Clauses 13 & 14 – These clauses apply to consent of personal data processing for employment and legitimate interest, marrying the interests of both the data principal and data fiduciary.
  • Clause 16 – Entities dealing with the data of children must register with the DPA and are required to communicate with the subject 3 months prior to adult age to regain consent and “must continue providing the services to the child unless the child withdraws consent.”


The implementation timeline for the Data Protection Bill is still unknown but will likely be a phased approach. Like California, there is discussion of an oversight committee called the Data Protection Authority of India that would supervise compliance with the proposed law. With the notable amendments to the bill, it’s unlikely we’ll see this come to fruition quickly. Not unlike most proposed privacy legislation, it has been met with dissent and opposition and will have to make its way through the courts of India before becoming law.


All Posts

How to Collect Customer Data (The Right Way)

More and more companies today are relying on customer data to help them outperform competitors and improve their services. According to a report from the Business Application Research Center (BARC) companies that used consumer data to drive decisions saw their profits increase by eight percent.

Unfortunately, many high profile security breaches have prompted more data privacy laws that make this collection exercise even tougher. Check out this guide to learn how to collect data that helps comply with privacy laws. You’ll soon see the advantages of compliance with these rules to increase profits as well as protect your customer’s confidential information.

Data Privacy Laws

It's important to be aware of data privacy laws that address what personally identifiable information governments or businesses can collect and store on individuals. Some of the very first privacy laws in the United States were a part of the Privacy Act of 1974. This law balanced the government’s need to collect personally identifiable information with a citizen’s right to privacy.

Today, these principles have inspired procedures that balance a business’ right to keep data and customer rights to privacy. The CAN-SPAM Act of 2003 is a federal law that outlaws collecting email addresses from online sites without the site owner or users permission. In 2015, Vermont passed its Vermont Data Broker Law that regulates the information broker industry.

The European Union's General Data Protection Requirements (GDPR) became law in 2016. This act sets uniform rules for data storage, usage and sharing for companies. The GDPR requires companies to appoint a data protection officer who deletes consumer data when the customer requests that it be deleted.

In 2018, the California Consumer Privacy Act (CCPA) was passed to educate Californians on what personal data was collected about them. The CCPA allows consumers to know what data is collected on them. The CCPA also gives Californians the right to refuse the sale of this information.

Why Should You Collect Data?

There are plenty of ways you can best use customer data. Customer data helps businesses understand their customers’ shopping habits and online behavior. Some of this behavior includes feedback, frequency of purchases, as well as the day or time of year a sale is made.

When they have this information, companies can craft a more personalized sales experience tailored to specific customers. Companies can create customized promotions or special offers that are relevant to consumers because they know what those consumers want. Companies can also use customer data to show them which products should be dropped because they make customers unhappy.

Another valuable use for consumer data is to use it to shape future products and solutions. Customer buying habits and feedback will show you what’s going right and what’s going wrong with your company. When you have their experiences in your hand, you can either create customer-centric solutions or generate products you (and they) know they’ll need next.

How Do Companies Collect Customer Data?

Consumer data is usually collected in at least three different ways. Most businesses use all three of these methods. These ways include:

  1. Asking customers for data;
  2. Tracking customer behavior; and
  3. Buying data from data brokers.

Companies can also observe customer behavior by monitoring their activity on the company’s website and social media pages. Companies can collect an IP address from other devices that visit their web properties. They use this information to build a personalized customer profile and send relevant advertising your way.

Companies will also consult with their support and sales staff. These divisions work together to incorporate previous customer feedback on what they liked or disliked about a service or product.

Companies can also purchase data from an information or data broker. This data comes from both public and private sources. Some of this data includes driving records, change of address records or census data.

What are the Best Ways to Collect Customer Data?

Companies should start collecting consumer data every time they interact with a customer. Some of these interaction sources might include:

Transaction Records

Transaction data describes an event. This data always has a numerical value, time measurement and includes one or more persons or objects. Examples of transaction data include invoices, payments or orders.

Transaction records also include in-store exchanges with sales staff or phone calls with a customer representative. Companies can also collect data from online chats as well.


Companies can also distribute customer polls to ask customers for their input and contact information. These survey results can also be used to create customer profiles and improve services. Customers may be more willing to pass along their contact data your way if they know you genuinely care about making life better for them.


Contests and competitions are other legal ways to collect data on your customers. Offering genuine incentives and prizes will encourage customers to participate. Make sure your contests always come with a required customer detail form for them to fill out if they want to participate.

Privacy Policy

Another helpful support to have when you collect customer data is to develop a consumer information privacy policy. This policy will spell out all your methods for collecting electronic customer data so that there are no misunderstandings down the road. Make this policy easily accessible on your website and social media sites.

Your policy should outline what types of data you collect and how you’ll use it. Your privacy policy should also specify who you will share their data with (if any third party at all.) Be sure your policy also allows customers to elect not to receive future marketing materials from you.

Next Steps

Following these methods can help you move closer to legally collecting and protecting customer data. If you haven't done so already, consider a privacy rights management solution to help automate your customer data subject access requests to take one step out of the burdensome task of data organization and fulfillment.

Using and collecting customer data may seem like a daunting task, but if you do it correctly (and ethically) you'll be equipped with valuable knowledge to improve your products and services. Be sure to tell customers what data you collect, what you’ll do with it and why you’re collecting it. Companies need to stay honest with their customers in order to keep their loyalty.

Your customers have a million options in today’s business world. Use their data wisely so you can be their number one choice.

About Truyo
Powered by IntelⓇ, Truyo is the automated answer for enterprises seeking to deploy truly integrated SAR, consent, and other data privacy rights processing capabilities that scale with your needs, deliver conspicuous compliance, and adapt to new privacy regulations as they emerge.
Recent Posts

India's Joint Parliamentary Committee Announces Recommended Changes to Privacy Bill

Last month, the Indian Joint Parliamentary Committee submitted its report on the 2019 Personal Data Protection Bill after two years of consideration, ...

Log4J Vulnerability Update

At Truyo we take data privacy and security very seriously. Recently a security vulnerability was reported in the open-source Java library “Log4J” that...

Forrester Wave Announcement: Truyo Named Strong Performer

Report notes Truyo’s “management and fulfillment of individual privacy rights capabilities are some of the best in the market ” PHOENIX (Dec. 09, 2021...

Human Error: The Pitfalls of Manual SAR Response

In the age of information, organizations have increased the amount of consumer data housed in structured and unstructured environments. As consumers b...