The Committee of Experts entrusted with creating a data protection framework for India released India’s long-awaited draft Personal Data Protection Bill, 2018, on 27 July. The draft bill proposes a comprehensive data protection framework to protect data privacy specifically in the digital economy. The committee, chaired by BN Saikrishna, a retired Supreme Court judge, was constituted in August 2017 by the Ministry of Electronics and Information Technology, and held over a year of deliberations and public consultations.

Obligations for data fiduciaries

The highlights of the draft bill include its extra-territorial applicability, making it applicable to foreign data processors/fiduciaries insofar as they have a business connection in India or carry on activities involving profiling of individuals in India. These obligations are to be imposed on the basis of criticality of data, distinguished as personal data, sensitive personal data and critical personal data. The term “data processor” and “fiduciary” have been defined to include any person (natural/juristic) including the state. However, the term “data principal” has been defined to include a natural person only. The draft bill introduces extensive rights for the data principal such as data portability, right to be forgotten, and right to correction, confirmation and access of the data.

You must be a subscribersubscribersubscribersubscriber to read this content, please subscribesubscribesubscribesubscribe today.


The business law digest is compiled by Nishith Desai Associates (NDA). NDA is a research-based international law firm with offices in Mumbai, New Delhi, Bengaluru, Singapore, Silicon Valley, Munich and New York. It specializes in strategic legal, regulatory and tax advice coupled with industry expertise in an integrated manner.