India’s privacy and data protection debate  Headed by former Supreme Court judge B.N. Srikrishna, the committee of experts submitted a 176-page report, titled “A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians”, and a 62-page draft Bill, titled The Personal Data Protection Bill, 2018. The draft Bill will become law after public comments are noted and Parliament clears it.

Many businesses, including financial services, use consumer data for analysis of sales patterns and buyer behaviour, or creating a profile to ensure higher effectiveness of targeted marketing campaigns. In the absence of a law, there are no rules on who owned the data and whether a consumer can erase her data from a service provider.

The proposed law aims to solve this problem and gives a consumer control over her own information.  This provides a sense of giving control back to a consumer on how, when and under what provisions do they want their data used.

There are at least three aspects of the proposed law that a consumer, especially a financial services consumer, should know about.


The committee has laid enormous emphasis on consent of the person whose data is being used. The committee has identified passwords, financial data, health data, official identifiers which would include government issued identity cards, sex life and sexual orientation, biometric and genetic data, transgender status or intersex status, caste or tribe and religious or political beliefs or affiliations as sensitive personal data under a data protection law.

The committee says that consent must be “informed”, “specific” and “clear”. Most importantly, consent needs to be capable of being withdrawn as easily as it was given.


If an individual feels that her personal data has been compromised, she has the option to raise a grievance with the data protection officer of the entity handling the data. If the dispute is not satisfactorily resolved at this stage, the individual would have the option to escalate it, even to an appellate tribunal. The process has been defined in Section 39 of the draft Personal Data Protection Bill.


While it would take some time for the draft bill to turn into a law, the compliance by businesses might also take significant time after that.

Easydrafting helps in drafting a suitable data privacy policy in consonance with the applicable law. specializes in drafting of affidavits, Rent agreement, different contracts & agreements and has an expert team of professionals including Lawyers, Company Secretaries and drafting experts.

The main aim of easy drafting is to draft and provide the document without any hassle which we face in our day to day life while dealing with legal matter.

We at easy drafting make this process friendly and provide desired documents and advise to the end user effortlessly and at minimum cost.

Call Now
Scroll to Top