India has been waiting for its general data protection legislation for many years. The Justice Srikrishna Committee report recommended approximately 90 substantive and drafting amendments to the 2019 Data Protection Bill and a proposed draft of the Data Protection Bill for 2021 while balancing the interests of many stakeholders.

Key Recommendations

  1. Recommends limiting entities’ ability to share or transfer personal data as part of their business transactions, except where authorized.
  2. All data security officers must be key managerial people, thereby reducing an already limited pool of staff, and that social media platforms be considered as publishers and forced to establish local operations, thus complicating their operation even further.
  3. It proposed broadening the concept of injury to include psychological manipulation that undermines the individual’s liberty.
  4. Data fiduciaries can no longer refuse data portability, even if it reveals trade secrets, and must allow it where possible.

The modifications in the 2021 Bill that propose rigorous conditions for cross-border transfers of sensitive personal data are of critical importance to international business. Sensitive data transfers are not permitted if they contradict public or state policy. This regulation may necessitate individual authorisation from the Data Protection Authority (DPA), resulting in delays and considerable economic impact. The prohibition on sharing transferred data with foreign governments or agencies may force the hard localisation of all sensitive personal data. Luckily, the 2021 Bill retains a provision that allows transfers where the central government has authorised transfers to a particular nation on the condition that the data will be adequately protected after consulting with the DPA. However, it now expressly states that sensitive data may not be exchanged with a foreign government or agency unless authorised by the central government.

The new Bill has been suggested to be implemented gradually, with a maximum length of 24 months to enact all of its provisions. If the Bill is passed in its current form, it will be a major goal to establish a data equivalency and sharing arrangement between India and Singapore, allowing for the free and fair flow of data on a predictable and reasonable basis.

To get the latest updates on various cyber-related events & other things, you can join our Whatsapp group ( /Telegram Channel (

-Adv. Sabrina Bath

(Content Writer, WCSF)

error: Content is protected !!
Share This