Parliament session from July 19th…. Government may avoid PDPB and Crypto Bill

The Monsoon session of the Parliament is expected to take place between July 19th and August 13. Some information on the bills likely to be discussed have appeared in the media

It does not appear that the two key bills which were scheduled to be lead by the MeitY, namely the  Personal Data Protection Bill 2019 and the Banning of the Crypto Currency Bill may not be discussed in this session also.

We may ignore the reasons that are appearing in the press about the Chairman of JPC becoming a minister or that the Crypto bill still needs fine tuning. These are excuses to defer the passage of the bills since there are powerful lobbies which donot want these bills to be passed.

Data driven companies want more time to complete their data laundering business and Criminals want as much time as possible to convert their black money into crypto currencies.

It requires strong willed politicians and bureaucrats to push the bill. Mr R S Prasad made a statement that he would push the passage of PDPB 2019 which cost him the minister ship itself.  The Crypto bill is in the hands of Mrs Nirmala Sitharaman who wants to avoid upsetting the powerful lobbies who want the digital black money to be available for all their nefarious activities.

We hope that there will not be  another major data catastrophe and a ransom ware attack on a Government body to make the Government realize how important are these two legislations.


Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

List of Nodal officers in Intermediaries

We congratulate the team at Root64 which in association with has created a centralized online database of Nodal Officers /Contacts of various intermediaries and service providers.

You can find any Nodal Officer connect through this search engine under the following link.

Find Nodal Officers

We congratulate Mr Amit Dubey, the Chief mentor of Root64 foundation.


Print Friendly, PDF & Email
Posted in Cyber Law | 1 Comment

Rajeev Chandrashekar is the hope of IT in India

One of the major changes that we notice in the Modi cabinet announced on 7th July 2o21 is that Mr Ashwin Vaishnav, has taken over  as the new Minister of IT in place of Mr Ravishankar Prasad. He will be holding the IT ministry along with the heavy weight Railway ministry. Even in the earlier ministry, IT had been clubbed with Law but Law was relatively a lower weight portfolio compared to Railways. Now Mr Kiren Rijiju will be exclusively in charge of Law and Justice.

We may note that Mrs Meenakshi Lekhi who headed the Joint Parliamentary Committee (JPC)  on Personal Data Protection Bill 2019 has been appointed the Minister of State  in the Ministry of External Affairs; and Minister of State in the Ministry of Culture. Mr  Rajeev Chandrashekar who was also in the JPC and a known IT aware person gets Minister of State in the Ministry of Skill Development and Entrepreneurship; and Minister of State in the Ministry of Electronics and Information Technology.

The Ministry of I&B will also have a new face in Mr Anurag Thakur and it is significant that Mr Prakash Javdekar has vacated the ministry.

Our best wishes to all the new ministers.

However, the developments clearly show that Twitter and WhatsApp have won the battle against “Data Sovereignty” for the time being. The removal of both Ravishankar Prasad and Javdekar simultaneously and the allocation of portfolios indicate that the influence of the Twitter-Facebook lobby has ensured that all known faces that were taking a tough stand against the hegemony of the Social media giants have been ousted.

We donot know if the new ministers will be lenient on the principles of Data Sovereignty, Data Protection, Cyber Security etc which were in active discussion in the last few months. We need to wait and see the new policy statements from the incumbent ministers to understand how the scenario unfolds.

India had one global leadership opportunity in the field of IT and it appears that it has not been nurtured. Had a separate ministry been created for IT and Telecom, thrust could have been given for IT in industry with AI, BigData, 3D printing, Robotics, Industry 4.0, Hardware development, Indigenous OS development, Indigenous social media platforms, regulation of Mobile Apps and Gaming  etc., which required close attention.

The opportunity has been squarely missed. The IT therefore has an apparent setback.

The silver lining however is that Mr Ashwin is an MTech from IIT Kanpur and an MBA from Wharton University. Though his experience appears to be more in the manufacturing sector, one can expect that he would be able to bring forth his vast management experience into the discharge of his responsibilities as Minister of IT. It may however require a little time for him to adapt to the requirements of the IT ministry. This could put many of the projects under the IT ministry in the back burner and delay the developments.

Mr Rajeev Chandrashekar being the MOS in MeitY is another silver line and if he can assume stronger  role in the affairs of the ministry, we can expect that there could be continuity in some of the policies related to Data Protection. At least in Rajeev Chandrashekar, we can expect a person who understands IT to the core. He was a successful IT entrepreneur, has an in depth understanding of  technology and has been a member of the JPC as well. He is therefore the hope of Indian IT for the time being. We wish that under Mr Rajeev Chandrashekar, MeitY will be groomed to be an independent ministry in future, as IT is an all pervasive tool that can transform India into a real global giant.

It is time however to hope for the best  and wait.



Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

Webinar on Upcoming Data Privacy Laws…by DNV

Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

PDPB 2019..last minute recommendations

While India is waiting to know if the Personal Data Protection Bill 2019 will be tabled and passed in the next Parliament session, the time for making further changes is running out. While most of the suggestions which have been placed before the JPC may be considered as having been examined, whether they would be accepted or not, new suggestions keep coming up.

These suggestions need to be introduced as amendments when the Bill is actually presented in the Parliament. Any MP whether from the ruling party or others can take up the amendment. However, given the general attitude of the opposition parties, even if individual MPs are good to take up issues of societal good, the party principles prevent them from expressing any opinion in support of any move of the Government. Hence we can only expect some ruling party MPs to suggest the changes as may be necessary.

After submitting my views to the Joint Parliamentary Committee, I have already brought to the attention of the authorities on one other minor change to Section 37 to ensure that Data Fiduciaries established in India and having data processing operations outside the country and related only to the processing of non Indian data subjects are given relief from the overlapping jurisdiction of multiple laws. (Subject to safeguards for preventing misuse which can be provided under the regulations of the DPA.). For this purpose, a small change has been suggested in Section 37  as indicated in the foot note here.

Another Suggestion for Education Sector

I would now like to highlight another amendment that I think would be good to make in the light of the changed circumstances in India arising out of the Covid situation applying to the education sector.

We all know that for the last two years, the Indian educational system has been disrupted and schools have been closed. Most part of the affected students have been minors. However in the process, alternate virtual schools emerged right from Pre-School kids to pre-graduation levels. These virtual education organizations some of which are extensions of the existing educational organizations provided continuity to the education system. These systems will continue even after the physical schools open up.

I recall that about a decade back, I had discussed a concept of “Cyber Vidya” and a  proposal for a pilot project had also been given to the Karnataka Government to conduct all classes upto Standard X through a centralized virtual school. Detailed plan for the development of content, delivery of content and evaluation of students were presented. At that time the network availability was not as good as today and there were no operators like the Baijus etc.

As could be expected, the proposal was shelved. But the relevance of that decade old proposal is now evident in the Covid situation.

In this context, I feel that one of the sections of the proposed PDPB 2019 could hinder the progress of Virtual Education in India.

I refer to Section 16(5) which states as follows

The guardian data fiduciary shall be barred from profiling, tracking or behaviorally monitoring of, or targeted advertising directed at, children and undertaking any other processing of personal data that can cause significant harm to the child.

This provision will prevent the virtual educational organizations from evaluating the students though it is required for promoting the students from one level to another.

The profiling of the behaviour also happens in Games when people are promoted from one level to another. Many sportspersons like Abhimanyu and earlier Vishwanathan Anand who became Grandmasters in Chess were critically evaluated and monitored in their virtual gaming environment.

There is therefore a need to provide for some exemptions under Section 16(5) because the words “Barred” restricts the ability of the DPA to approve any particular processing situations from the operations of this section.

Perhaps replacing the words “shall be barred” with words “May be prohibited” may suffice. The DPA at the time of registering the Guardian Data Fiduciary and the Privacy By Design Policy can clear specific projects where the intention is not to exploit the children for advertisements on Chocolates or Maggie but to be used for other beneficial uses including monitoring of  the educational progress.

Hope some MP like our own Mr Tejasvi Surya or Rajeev Chandrashekar takes up such amendments when the Bill comes for debate in the Parliament.


Footnote: A suggestion made on Section 37 after the closure of JPC proceedings, requested to be taken up during the Parliamentary debate.

Current version:

Power of Central Government to exempt certain data processors.:

“The Central Government may, by notification, exempt from the application of this Act, the processing of personal data of data principals not within the territory of India, pursuant to any contract entered into with any person outside the territory of India, including any company incorporated outside the territory of India, by any data processor or any class of data processors incorporated under Indian law.”

Suggested version:

Power of Central Government to exempt certain Data Fiduciaries or data processors:

“The Central Government may, by notification, exempt from the application of this
Act, the processing of personal data of data principals not within the territory of India,
pursuant to any contract entered into with any person outside the territory of India,
including any company incorporated outside the territory of India, by any data
fiduciary or data processor or any class of data fiduciaries or processors incorporated
under Indian law.”

Another recommendation regarding this section has already been submitted to the JPC as follows:

Provided further that the terms in such contracts shall not contravene any applicable Indian law and No liability under the contract shall be enforceable against the Indian entity except with the prior approval of the Authority.

(Please refer point 16 in this document)

Also refer: 

Recommendations to JPC

Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment to register as a Digital Publisher  today maintains the website of  in which current news and events related to the field of Cyber Law is regularly discussed. also provides a platform for publishing video content for FDPPI and also has recently opened the You Tube channel.

The recently notified Digital Media Ethics code defines a digital publisher and suggests certain compliance measures related to digital publishing activities which are relevant to

For the purpose of the rules

‘publisher’ means a publisher of news and current affairs content or a publisher of online curated content;

‘news and current affairs content’ includes newly received or noteworthy content, including analysis, especially about recent events primarily of socio-political, economic or cultural nature, made available over the internet or computer networks, and any digital media shall be news and current affairs content where the context, substance, purpose, import and meaning of such information is in the nature of news and current affairs content

‘digital media’ means digitized content that can be transmitted over the internet or computer networks and includes content received, stored, transmitted, edited or processed by… a publisher of news and current affairs content or a publisher of online curated content;

‘online curated content’ means any curated catalogue of audio-visual content, other than news and current affairs content, which is owned by, licensed to or contracted to be transmitted by a publisher of online curated content, and made available on demand, including but not limited through subscription, over the internet or computer networks, and includes films, audio visual programmes, documentaries, television programmes, serials, podcasts and other such content;

Part III of the guidelines published on February 25, 2021 is applicable for publishers of news and current affairs content;  and publishers of online curated content.

The compliance requirements include the following

(a) establish a grievance redressal mechanism and shall appoint a Grievance Officer based in India, who shall be responsible for the redressal of grievances received by him;
(b) display the contact details related to its grievance redressal mechanism and the name and contact details of its Grievance Officer at an appropriate place on its website or interface, as the case may be;
(c) ensure that the Grievance Officer takes a decision on every grievance received by it within fifteen days, and communicate the same to the complainant within the specified time:
(d) be a member of a self-regulating body as referred to in rule 12 and abide by its terms and conditions

There is a possibility that unless exempted, we do fall within the definition of the Digital publisher in the rules.

Yesterday, there was an interaction  with the Joint Secretary of MIB, Mr Vikram Sahay and discussed the need for supporting Micro digital publishers and small enterprises and the possibility of organizing a Self regulatory body of publishers (SRB) at Level II of which the digital publishers are to be members. is taking further steps to remain in compliance of this requirement by registering as a Digital media publisher and thereafter catalyzing the setting up of a SRB-Level II to cater to the requirements of Micro and Small digital publishers.


Print Friendly, PDF & Email
Posted in Cyber Law | 1 Comment