Shape of Things to Come…The New Data Protection Act of India NDPAI…2 (Preamble)

[This is a continuation of the previous article in the series]

P.S: We are aware that the suggestions made in this series of articles could be completely ignored by the Government which says that it already has a draft in an advanced stage. Nevertheless, let us go through suggesting a version from our side so that Government can save time in completing its exercise. It could at least be helpful in finetuning the version of the Government.

We are also aware that Privacy law is a very complex law and it is not possible to satisfy all stake holders fully. It is for this reason that the framing of this law has remained pending for over a decade. 

The suggestions made here in are work in progress and may be modified and corrected with inputs from others. 

The stakeholders for this law are

  1. Individuals whose Right to Privacy has to be protected 
  2. Business Entities who process data for commercial purpose
  3. Government agencies
  4. Non Commercial organizations

The preamble of the Act has to capture the identity of the stake holders and the objectives of the law.

PDPB 2019 recognized the need to protect Privacy and fostering growth of digital economy. It also recorded the objectives as “Protection of digital Privacy” of individuals, facilitation of the “flow and usage of data”, protecting rights of individuals, laying down norms for social media platforms, cross border transfer, accountability of entities, remedies for unauthorised and harmful processing as well as to ensure the interest and security of the State, establish a data protection authority etc.

The Preamble needs to be reworded to properly capture the objectives of the Act without limiting the scope of the Act.

One suggested draft is as follows:

Where As, the Right to Privacy of an individual is a fundamental right of an Individual in the society, and it is the duty of the Government to protect the Right to Privacy in accordance with established international norms of countries respecting human rights,

Where As it is also the duty of the Government to effectively Govern the society  and  ensure Security of State, Security of individuals in the country, Maintain law and order as well as  harmony in the society, 

Where As for protecting the Right to Privacy  of an individual, it is necessary to protect personal data from unauthorized use causing harm to individuals,

Where As for protecting personal data of Individuals, an appropriate Data Governance mechanism is required to be established for ensuring that data is processed  in accordance with the need to protect the right to privacy of an individual without adversely affecting the the legitimate needs of Business and the Government or any other members of the society.

Be it enacted by Parliament ……

Next article


  1. Introduction
2. Preamble 3.Regulators
4. Chapterization 5. Privacy Definition 6. Clarifications-Binary
7. Clarifications-Privacy 8. Definitions-Data 9. Definitions-Roles
10. Exemptions-Privacy 11. Advertising 12. Dropping of Central Regulatory authority
13. Regulation of Monetization of Data  14. Automated means ..




About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.