India’s lack of PDP laws and attempt to regulate Social Media Platforms


The Lok Sabha and the Rajya Sabha allegedly granted an allowance parliamentary committee to submit its report on the Personal Data Protection Bill, 2019 (PDP Bill) for the fourth time, recently. The previous report suggestion deadline was extended till the latter half of the Budget Session. According to numerous sources, the Committee would present its account as well as the complete draught of the PDP Bill during the Budget Session. Parliament, on the other hand, was adjourned sine die, putting the Budget Session to a close earlier than scheduled. Because informational privacy is of low importance in the legislative flow of business, technology implementation is at an all-time high, and data-driven governance is growing more common by the day, especially during the epidemic. While the government of India is taking steps to embrace technical capabilities in its endeavours, these initiatives are attended by the unrestricted collecting of an insuperable amount of personal data on Indian residents, which is generally unregulated.[1]

The Importance of a Data Protection Law

The basic right to privacy does not specify claims which must accumulate till the case is decided. In the lack of a data protection statute, the courts adopted differing positions on the breadth of fundamental aspects of privacy, such as the right to be forgotten. Because there is no data protection regulation in place, it is hard to tell what rights we have, rendering the fundamental right practically worthless. In addition, the lack of a standardized basis for prerogatives aggravates inconsistency throughout the courts and in our collective perception of this right

Secondly, data protection rules encompass within themselves the capacity to offer powerful felony treatments, provide enamel to the essential proper, and offer disincentives for records fiduciaries to unlawfully acquire private records. Article 12 of the constitution does not include private individuals under its definition. The Indian charter, therefore does not allow writ treatments in opposition to them.[2]

Furthermore, our personal data may comprise a variety of other categories that are expected or suspected to be of delicate nature, such as contact numbers, residential address, political views, religious views, and so on. Although most of these are currently protected by the Bill, the Privacy Rules do not consider them to be “sensitive personal data.” Even in the case of sensitive personal data, despite the fact that section 46 of the IT Act establishes a mechanism for adjudicating complaints, including under section 43A, there have been few recorded cases of individuals successfully claiming compensation.

One of the reasons why there are so few cases of privacy enforcement is because there is little inducement to spend energy and a part of the day filing a complaint under current law. This is due to the fact that the IT Act now only enables persons to “compensation” for actual losses, rather than genuine “damages”. Damages, on the other hand, can conceivably be punitive along with the restorative remedy of compensation. Apart from those constrained redress tools, it isn’t always feasible to convey a writ petition in opposition to the nation whenever a personal actor infringes citizens’ privacy, putting forward that the authorities is accountable for such failure to save you such breaches.

The right to privacy, like any other right, is meaningless unless we can properly enforce it. Thus it remains a toothless right that does not provide enough incentive for corporations or the government to protect our private. The adoption of this concept of our fundamental rights by Indian courts, as well as the imposition of such duty on the state, is not unprecedented.

In the case of Vishakha and Others v. State of Rajasthan and Others[3] which eventually led to the “vishakha guidelines”, the Supreme Court held the state circuitously liable for failing to enact legislation which effectively safeguarded females from sexual harassment at work, a violation of their fundamental right to dignity. The Supreme Court even published its own instructions to fill the legal gap till the Sexual Harassment of Women at Workplace Act passed in 2013.

As each day that passes in the absence of a data protection law, the government fails to fulfil its affirmative commitment to build an agenda which allows the citizens to successfully use the fundamental right to privacy.

The PDP Bill and the Delay

What adds to the delay is that even if the PDP Bill is passed by parliament and receives presidential approval, various clauses will only take effect as and when the Central government notifies them. While introducing a complex law is difficult, enforcing it all at once is even more so; to the advantage of the committee of experts headed by Justice B.N. Srikrishna, an earlier draught of the Bill (PDP Bill, 2018) intended a definite plan within which various provisions will be implemented, a delicate stability must be struck between accounting for managerial authenticities and intentionally seeking to make privacy an actual right.

However, as per the 2019 form of the PDP Bill, it is completely likely that certain provisions will go unnoticed for an indeterminate period of time, consequential in those provisions just existing on paper and never actually being practiced in reality.

Certainly, the government’s excessive postponement in proposing the PDP Bill, as well as its power to further postpone the PDP Bill’s implementation by informing various clauses individually and indeterminately, breaches the right to privacy of citizens. The linking among the due process and postponement, as well as how justice delayed is justice denied, has already been written about extensively.[4]

The contest for a right to privacy has been slow and steady. One is left to ask if, in the four years since we recognised privacy as a basic right, the legislation could have been enacted to aid in its effective realisation.

[1] Ghosh, J., & Shankar, U. (2016). Privacy and Data Protection Laws in India: A Right-Based Analysis. Bharati Law Review, 65-66.

[2] Agarwal, V. (2012). Privacy and data protection laws in India. International Journal of Liability and Scientific Enquiry5(3-4), 205-212.

[3] (1997) 6 SCC 241

[4] Singh, K. (2019). Legal Analysis of Data Protection and Privacy Laws in India. Review of Management9.

Aishwarya Says:

If you are a lawyer or a law student who is looking for a job, then you can find details about the latest openings here.

I have always been against Glorifying Over Work and therefore, in the year 2021, I have decided to launch this campaign “Balancing Life”and talk about this wrong practice, that we have been following since last few years. I will be talking to and interviewing around 1 lakh people in the coming 2021 and publish their interview regarding their opinion on glamourising Over Work.


Do follow me on FacebookTwitter  Youtube and Instagram.

The copyright of this Article belongs exclusively to Ms. Aishwarya Sandeep. Reproduction of the same, without permission will amount to Copyright Infringement. Appropriate Legal Action under the Indian Laws will be taken.

If you would also like to contribute to my website, then do share your articles or poems at

In the year 2021, we wrote about 1000 Inspirational Women In India, in the year 2022, we would be featuring 5000 Start Up Stories.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at

Up ↑

%d bloggers like this: