The “New Reasonable Security Practice” under Section 43A of ITA 2000 is PDPA 2018 draft bill

Blood pressure is raising for some activists who have been opposing the present draft of the Personal Data Protection Act 2018 (PDPA 2018)  with the news that the Government has stuck to its commitment by re-presenting the Bill as recommended by the Justice Srikrishna Committee.

This was first presented on July 27, 2018 but since the Parliament was dissolved, it needs to be re-presented again.

In the meantime public comments were obtained by the MeitY and also some select discussions were held with some key stake holders. The revised version could be presented now. It is unlikely that it will be significantly different from the earlier version but officially, it will be a new version which will go into debate in the Parliament.

The main opposition was from the industry which opposed the Data Localization provisions. But the Government has re-iterated its “Data Sovereignty” principle and may not deviate much from the original draft. Without waiting for the next move of the Government, some activists are already raising their voices in opposition of the Bill which is grossly unfair.

We urge all professionals to wait for the final bill to be placed before the parliament before making any further comments.


Where as, we already have Information Technology Act 2000 (ITA 2000/8) in place

Where as ITA 2000 has defined  the concept of “Due Diligence” and “Reasonable Security Practices”

Whereas the intention of the Government to replace Section 43A with PDPA 2018 (or a modified version) has already  been indicated

it may be considered that the current draft bill will be a “Due Diligence” requirement under Section 43A as part of the Reasonable Security Practice.

Hence PDPA 2018  may be considered as being already in place and responsible companies cannot deny the fact that PDPA 2018 is the “New Reasonable Security Practice under Section 43A of ITA 2000).


Analysis of the draft bill by PRSindia



A Brief introduction on PDPA:

This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.