PDPB (Personal Data Protection Bill, India)

This is a bill in India which proposes the establishment of a Personal Data Protection Authority. The Personal Data Protection Bill (PDPB), 2018, is a comprehensive piece of legislation proposed by the Indian government to safeguard the privacy and autonomy of individuals in relation to their personal data. The bill is designed to regulate the processing of personal data by both public and private entities, establishing a set of obligations and standards for data fiduciaries and processors.

Gov website:

The Personal Data Protection Bill, 2019

PRS Legislative Research

The PDPB applies to the processing of personal data collected, disclosed, shared, or processed within the territory of India. It also applies to data processed by the Indian State, any Indian company, any Indian citizen, or any person or body of persons incorporated or created under Indian law. Furthermore, it applies to the processing of personal data by data fiduciaries or data processors not present within the territory of India if such processing is connected with any business carried on in India or any systematic activity of offering goods or services to data principals within India.

The bill sets forth several key principles and obligations for data processing, including fair and reasonable processing, purpose limitation, collection limitation, lawful processing, notice, data quality, data storage limitation, and accountability. It also establishes specific grounds for processing personal and sensitive personal data.

The PDPB also outlines the rights of data principals, including the right to confirmation and access, right to correction, right to data portability, and the right to be forgotten. It mandates transparency and accountability measures such as privacy by design, transparency, security safeguards, personal data breach, data protection impact assessment, record-keeping, data audits, and the appointment of a Data Protection Officer.

The bill also provides for the establishment of a Data Protection Authority of India to oversee processing activities, and it outlines penalties and remedies for unauthorized and harmful processing. The PDPB is currently under consideration and may undergo changes before it is enacted into law. As such, keeping abreast of its progress and potential amendments is crucial.