Data Protection Bill UPSC – Personal Data Protection Bill 2022

By BYJU'S Exam Prep

Updated on: November 14th, 2023

Data Protection Bill is India’s first attempt to legislate on the matter of data protection domestically. Data is a massive collection of information yielded by different means and stored on digital platforms. The Personal Data Protection Bill is also referred to as the Privacy bill, which aims to protect individual rights by handling the collection, movement, and processing of personal data that can recognize an individual.

The bill has emanated its motivation from an older drafted version formed by retired committee head Justice B N Srikrishna. The 3 classifications of Data produced by the Data Protection Bill include personal data, Sensitive personal data (SPD), Critical personal data, and Non-Personal Data. Data Protection Bill UPSC notes are important from the perspective of Government exams preparation.

What is Data Protection Bill?

PDP, or the Personal Data Protection Bill (2019), was submitted to the Lok Sabha and is presently known as a joint select committee. This bill is being crafted to outline the rights and tasks of digital citizens while applying the approach for data collection when it comes to businesses.

The Personal Data Protection Bill draft provides for:

  • The requirement to process personal data for legal purposes and related or unexpected issues.
  • The processing of personal data in a way that identifies the right of people to safeguard their personal data.

Data Protection Bill 2022

Data Protection Bill or as widely called the Digital Personal Data Protection Bill 2022 now, was introduced in Parliament three months after the previous Personal Data Protection Bill of 2019 was withdrawn. It is the revised form of the old bill.

The Data Protection Bill is mainly based on the principle of digital privacy. The Ministry of Electronics and Information Technology put forward a revised law in November 2022 which is termed the Digital Personal Data Protection Bill 2022. It mentions the provisions related to the usage of personal data of the citizens by other organizations for various purposes and to what extent it should be used.

Highlights of Data Protection Bill 2022

The Data Protection Bill 2022 is a bill related to privacy and access to people’s personal information and data that is fed into the database through various channels. It works on different principles. It monitors the usage of data throughout and keeps a check on the processing of digital data in various languages with respect to the citizen’s right to privacy.

It provides citizens with the right to access basic information from the internet as per the 8th schedule of the constitution. It also aims to keep an eye on data sharing among various organizations.

Seven Principles of the 2022 Data Protection Bill

The Digital Personal Data Protection Bill 2022 works on seven main principles. All these principles are linked with the protection and processing of the personal data of individuals which are stored digitally on various platforms. The seven principles of the 2022 Data Protection Bill are as follows:

  • The first principle says that the use of the personal data of citizens by foreign organizations should be done in a proper and legal manner & the people concerned should be well aware of the same.
  • The second principle talks about the fairness of the procedure and that the data should not be used for any third party or illegal purpose of which the individual is unaware.
  • The third & fourth principle talks about the minimization and accuracy of data respectively.
  • The fifth principle of the Data Protection Bill 2022 restricts the permanent storage of personal information automatically and that the storage should also have a particular time duration.
  • The 6th & 7th principle of the Bill mentions that the data processing should be done with prior authorization and the concerned person should be answerable for any unwanted consequences later.

Importance of Personal Data Protection Bill

Data Protection Bill is an important law with significance. The law was necessary as it prevented undesirable advertisements and the violation of privacy.

  • It became valuable as it could be utilized to discover the most effective methods to broadcast online for Governments, political parties, and enterprises.
  • Information about people and their online practices has become a crucial profit source.
  • Even it is regarded as a possible route for conquering their privacy as it exposes their personal stuff.

Features of Personal Data Protection Bill

The data protection bill aims to offer the protection of the private data of people. The Bill manages the processing of personal data with the aid of the Government, international companies dealing in India, and firms incorporated in India.

Grounds for Processing Personal Data:

The personal data protection bill permits data processing by financial persons only if approval is provided by the individual. In the following situations, private data can be analyzed without consent.

  • For any lawful proceedings.
  • To answer to a medical extremity.
  • To offer allowances to individuals by the State.

Commitments of Data Fiduciary:

The personal information of a person can be processed solely for a clear, detailed, and legal goal. All financial agents or fiduciaries should tackle this with clarity and responsibility measures which include:

  • Creating Grievance Redressal Mechanisms to preach people’s complaints.
  • They must also form methods for age validation and parental authorization when processing the sensitive, confidential data of minors.
  • Executing security protection actions like stopping data abuse and data encryption.

Rights of the People:

People’s rights should be maintained by limiting continuous exposure of their personal data or information by a fiduciary person if it is not so important and approval is drawn.

  • Only on specific occasions should personal data be transferred to another data fiduciary agent.
  • Pursue correction of incomplete, incorrect, or outdated personal data.

Benefits of Personal Data Protection Bill

Several financial stakeholders believed that localization or restricting the service to a particular population could increase the capability of the Government to charge internet giants.

  • Every personal data of a person offline or online (like attributes, qualities, particulars, or features) shall demand precise clearance to whom it belongs before gathering or subjecting any form of research.

The advantages of the data protection bill are given below.

Domestic-born technology companies:

Numerous domestic technological organizations act as a pillar for localization and reserve their data solely in the country. One such example is PayTM, which unfailingly supports the process.

Reliance Jio vigorously debated that regulation of data privacy and security will bear little value without localization, reaching prototypes in Russia and China.

Data localization:

Localization of data will aid in law-imposition access data for explorations and applications. Till now, most data transfer across borders is supervised by separate bilateral mutual legal assistance accords, a procedure in which the agreement of all stakeholders is unmanageable.

Additionally, advocates emphasize security against foreign invasions and administration, recollecting impulses of data freedom.

Section 6 and 7 of Data Protection Bill

Section 6 of the Data Protection Bill states that only a particular piece of data should be collected, which is necessary to process such confidential data.

  • Section 7 declares that it is mandated to offer notice to the individual whose data is being assembled about its nature and type of private data and the intention for processing it.
  • It makes it difficult for institutions to flourish in processing and monetizing data they have compiled from people.

Influence of Personal Data Protection Bill on Organizations

Users beyond a prescribed threshold in social media businesses and big organizations (based on annual turnover, data volume, etc.) will possess extra responsibilities.

  • It conducts data protection impact checks defined by controllers for distinct tasks, routine security audits, and designating a data security officer.
  • Social media platforms would be needed to allow users to voluntarily verify their social accounts, for example, by attaining a blue tick on Twitter.
  • Private associations will perform various responsibilities like operating technological changes in engineering architecture and revising corporation methodologies.
  • These organizations would be required to set limits on collecting, processing, and storing data, along with other important elements.
  • There should be built-in technical protection safeguards, including de-identification to prevent one’s identity from being accidentally revealed and encryption.
  • The regulator should be informed and reported in case of data infringement.

Considerations Regarding Data Protection Act

Technological networks like Google and Facebook and their enterprise bodies having substantial ties to the US have fling heavy counterblast.

  • Several are concerned with a damaged Internet where the domino influence of the protectionist approach will lead to other policies following the claim.
  • Much of these feelings listen to the values of a globalised, competitive internet marketplace, where expenses and rates determine data flow instead of nationalistic boundaries.
  • Permitting the Government to push firms to share non-personal data expands serious intellectual property considerations and can still risk users even if they’re not singly recognised.
  • The groups of civil society have criticized the unrestricted peculiarities offered to the Government in the personal data protection law, allowing for leadership.

What are GDPR and PDP Bill?

GDPR is a General Data Protection Regulation that requires companies to save citizens’ personal data and privacy for marketing within member states. The PDP bill covers mechanisms for the security of personal data and offers the putting up of a Data Protection Authority of India.

Comparison between GDPR and PDP Bill

It is important to know the fundamental comparisons between GDPR and PDP Bill. Both permit data processing for the prevention, analysis, detection, or prosecution of prohibited crimes.

Rights of Individual:

GDPR and PDP Bill give equal rights to individuals, including the right to data portability, the right to revision, and the right to be overlooked. The right to oppose profiling is in the GDPR, not the PDP Bill.


The PDP Bill and the GDPR are established upon the notion of permission. Data processing should be permitted when the person allows it, and approval holds similar definitions with free, distinctive, and instructed terms.

Fiduciaries’ Responsibility:

Data Protection Authority in the PDP Bill and The European Data Protection Board in the GDPR have equivalent tasks, such as conduct and conflict resolution principles.

GDPR and PDP Bill place accountability on the fiduciaries for constructing products that retain privacy by their composition and clearness about their data-related concerns.

Differences between GDPR and PDP Bill

The table below illustrates the fundamental differences between GDPR and PDP Bill. One notable difference is the framework for determining whether data can escape the country.

Criteria GDPR PDP Bill
Automated Decisions Directly preaches personal harm. It needs an inspection in issues of large-scale profiling, wherein citizens cannot object except children.
Transfer of Data Overseas More apparently spreads out the judgment parameters. Give the government the power to decide if data transfers can occur.

Data Protection Bill 2021

A new draft bill attended the Joint Parliamentary Committee or JPC Report, named the Data Protection Bill 2021, that integrated the proposals of the JPC. Yet, the Bill was removed in August 2022. Now, the Government has introduced the new Digital Personal Data Protection Bill, 2022.

Data Protection Bill UPSC

The data protection bill is considered an essential topic of Current Affairs for the IAS Exam 2023. It is the portion of the Governance section of the GS 2 Syllabus and also is a segment of the Security part of the General Studies Paper III.

Data Protection Bill UPSC PDF

Candidates must be well versed with the Data Protection Bill UPSC questions. Students should be familiar with the personal data protection bill 2019 and the modifications made in the Bill in 2021 and 2022, along with its features, merits, impact on organizations, and more.

Important Notes for UPSC
British Colonialism in India Indira Point
Moplah Rebellion Indian Agriculture
Third and Fourth Anglo Mysore War Climate of India
Miniratna Companies in India Second Anglo Maratha War
Subordinate Court How to get Home Cadre in IAS?
Our Apps Playstore
SSC and Bank
Other Exams
GradeStack Learning Pvt. Ltd.Windsor IT Park, Tower - A, 2nd Floor, Sector 125, Noida, Uttar Pradesh 201303
Home Practice Test Series Premium