<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=654132&amp;fmt=gif">

India's Joint Parliamentary Committee Announces Recommended Changes to Privacy Bill

Last month, the Indian Joint Parliamentary Committee submitted its report on the 2019 Personal Data Protection Bill after two years of consideration, research, and analysis. The bill, while not a certainty but likely to pass, would replace what some consider to be archaic data protection regulations. Although not finalized, the biggest obstacle if implemented as envisioned is strict data localization. India has been in the group of countries legislating data privacy for decades, culminating in the 2021 JPC report submission. Here’s a look at the history of data privacy legislation in India.


The History of Data Privacy Legislation in India

  • 2000 – Information Technology Act is passed by parliament and signed by President K.R. Narayanan addressing electronic documents, e-signatures, and record authentication.
  • 2017 – The Indian Supreme Court hears Justice KS Puttaswamy vs Union of Indiaand passes a historic judgment affirming the constitutional right to privacy.
  • 2019 – Introduction of the Personal Data Protection Bill and immediately sent to the JPC to be examined.
  • 2021 – JPC submits report on PDP to Indian Parliament revisions.


The long-awaited report submitted December 16, 2021 by the JPC has provided necessary clarification and modifications that seek to enhance the syntax and governance of the bill.


The recommended amendments are as follows:

  • Scope – The bill has a proposed name change to Data Protection Bill and will cover both personal and non-personal data which is unusual as distinction of data type can be difficult when managing mass amounts of data. Clauses also address the deceased and transfer of minor rights (see Clause 16 below).
  • Implementation Timeline – The report outlines a timeline with a 24-month implementation period for data processors to comply.
  • Definitions – The following terms have been defined or revised: consent manager, data auditor, data breach, data fiduciary, data processor, data protection officer, harm, and non-personal data.
  • Clauses 13 & 14 – These clauses apply to consent of personal data processing for employment and legitimate interest, marrying the interests of both the data principal and data fiduciary.
  • Clause 16 – Entities dealing with the data of children must register with the DPA and are required to communicate with the subject 3 months prior to adult age to regain consent and “must continue providing the services to the child unless the child withdraws consent.”


The implementation timeline for the Data Protection Bill is still unknown but will likely be a phased approach. Like California, there is discussion of an oversight committee called the Data Protection Authority of India that would supervise compliance with the proposed law. With the notable amendments to the bill, it’s unlikely we’ll see this come to fruition quickly. Not unlike most proposed privacy legislation, it has been met with dissent and opposition and will have to make its way through the courts of India before becoming law.


All Posts

This New Agent Could Generate More Data Requests for Your Company

Privacy laws and regulations are put in place to protect consumers and their data, encouraging them to manage their information in a way that makes them feel secure. Some consumers may want their information deleted, not to be sold, or may allow businesses to retain their information entirely. Privacy legislation puts control back in the consumer’s hands.

But when a consumer decides they want to make a change, how do they do that? Truyo clients provide their users with simple to use consent and preference management tools, but some organizations don’t have these in place for their users and this is a challenge that a new technology is aiming to solve. When CCPA rolled out in 2020, it encouraged California residents to take into consideration who has their information and how it’s being used. In turn, this propelled said California consumers to seek out ways to make data requests, deletion requests, and do not sell requests.

Here’s where the issues arose. Many consumers were finding it cumbersome to locate where on a company’s website they could submit these requests. In addition, they started to realize they would have to do this for each and every business with which they have interacted or from which they have purchased. According to Digital Commerce 360, online shopping increased 44% in 2020. Consider how many businesses you’ve purchased from in the last year, likely increased from the previous year due to the pandemic and easy access to online shopping. Consumers are aware that with online shopping there is a larger transfer of information compared to an in-person cash transaction.

New Technology Available

A group of UC Berkeley students saw this as a roadblock for consumers and sought to design a solution, according to Consumer Reports. PrivacyBot was the result of their efforts, an open-source project that allows users with a Gmail account, Python 3, pip3 and node on their computer to send data requests in bulk to data brokers and search sites. Not all consumers will have the capability to put PrivacyBot into practice because it has a level of technicality that the average user may not have.

That being said, is this a glimpse into the future? How long is it before consumers have an easy-to-use bulk request system that will inundate businesses with data requests that they’re not equipped to handle? How soon will we see a program that can contact every business with which they’ve completed a transaction and request a change to their data en masse? The biggest mistake we see is companies waiting until the influx happens before instituting a solution. At that point it’s too late to play catch up. We will help you prepare now for the inevitable future as technology increases consumer request capability.

Prepare Your Organization for Incoming Data Requests

Truyo has automated the data request response process to help businesses prepare for when that time comes – and for some, it already has. We saved A national home goods chain $1.1mm in operating costs with CCPA automation. Will you be the next industry or company to be hit with a flood of data requests? It’s not a question of if, but a matter of when. And when you are, you want the Truyo platform in place with comprehensive data mapping and response features that are changing the way companies are managing consumer data privacy.

Ale Johnson
About Ale Johnson
Ale Johnson is the Marketing Content Specialist at Truyo.
Recent Posts

India's Joint Parliamentary Committee Announces Recommended Changes to Privacy Bill

Last month, the Indian Joint Parliamentary Committee submitted its report on the 2019 Personal Data Protection Bill after two years of consideration, ...

Log4J Vulnerability Update

At Truyo we take data privacy and security very seriously. Recently a security vulnerability was reported in the open-source Java library “Log4J” that...

Forrester Wave Announcement: Truyo Named Strong Performer

Report notes Truyo’s “management and fulfillment of individual privacy rights capabilities are some of the best in the market ” PHOENIX (Dec. 09, 2021...

Human Error: The Pitfalls of Manual SAR Response

In the age of information, organizations have increased the amount of consumer data housed in structured and unstructured environments. As consumers b...