January 27, 2021

Volume XI, Number 27

Advertisement

January 27, 2021

Subscribe to Latest Legal News and Analysis

January 26, 2021

Subscribe to Latest Legal News and Analysis

January 25, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

India’s Committee of Experts Releases Draft Personal Data Protection Bill

On July 27, 2018, the Government of India’s Committee of Experts released a draft Protection of Personal Data Bill. Together with an accompanying report, the draft bill moves India one step closer towards enacting a comprehensive data protection regime.

Last year, the Supreme Court of India issued a landmark decision holding that privacy is a fundamental right under India’s Constitution. In that opinion, the Court invited the Government of India to formulate “a regime for data protection.” As a result, the Government established the Committee of Experts “to study various issues relating to data protection in India, make specific suggestions on principles underlying a data protection bill and draft such a bill.”

In November 2017, that Committee released a White Paper that outlined its views on data protection and solicited public comments. The draft bill incorporates those comments as well as the Committee’s own analysis.

As the Committee’s report explains, the draft bill outlines an approach to data protection that is “distinct from the approaches in the US, EU and China and represents a fourth path.” That said, much of the content of the draft bill resembles the European Union’s General Data Protection Regulation (GDPR).

If enacted, the 67-page bill would:

  • Grant rights to data principals (the equivalent of “data subjects” in EU nomenclature), including the right to access, the right to portability, and the right to be forgotten;
  • Require that certain organizations hire Data Protection Officers, perform Data Protection Impact Assessments, and notify regulators in the event of a data breach;
  • Establish a Data Protection Authority (“DPA”), with the power to investigate, enjoin, and fine non-compliant entities;
  • Mandate that organizations store copies of personal data in India (“data localization”), and;
  • Provide for significant penalties, including fines of up to 4% of total worldwide turnover and criminal penalties for intentional, knowing, or reckless violations.

The Committee has submitted the draft bill to India’s Ministry of Electronics and Information Technology (“MeitY”), which will review the proposal and consider next steps.

Advertisement
© 2020 Covington & Burling LLPNational Law Review, Volume VIII, Number 211
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Kurt Wimmer, Data privacy and cybersecurity lawyer, Covington
Partner

Kurt Wimmer is the U.S. chair of our Data Privacy and Cybersecurity practice, and is past chair of the Privacy and Information Security Committee of the American Bar Association’s Antitrust Section. He is rated in the first tier by Legal 500, designated as a national leader in Chambers USA, and is included in Best Lawyers in America in four areas. Sources for Chambers USA describe him as "a leading person in the field" and "extremely gifted at what he does."

Mr. Wimmer represents major social media companies, global technology...

202-662-5278
Advertisement
Advertisement