The Consumer Protection Act, 2019: An Overview

Reading time : 6 minutes


A customer is the most important visitor on our premises. He is not dependent on us. We are dependent on him. He is not an interruption in our work. He is the purpose of it. He is not an outsider in our business. He is part of it. We are not doing him a favor by serving him. He is doing us a favor by giving us an opportunity to do so.”—Mahatma Gandhi.

Today’s generation is highly dependent on technology for their day-to-day tasks. And this includes our consumers, who are rapidly adapting to these modern technologies. The Consumer Protection Act, 1986, though provided easy access to justice and was cost-effective, failed to serve our modern and technology-dependent customers.

Mr. Ram Vilas Paswan, Minister of Consumer Affairs, Food and Public Distribution, proposed the Consumer Protection Act, 2019 in the Lok Sabha on July 8, 2019 which came into force on 20th July 2020. The President of India gave his assent to the Consumer Protection Act, 2019 on 9th August, 2019. The Consumer Protection Act of 1986 is repealed by this Act.

What is Consumer Protection Act, 2019?

The Act aims towards empowering consumers and helping them in protecting their rights through various rules such as Consumer Protection Councils, Consumer Disputes Redressal Commissions, Mediation, Product Liability and punishment for manufacturing or selling products containing adulterant / spurious goods.

Some key features of the act are as follows:

Definition of customer

Section 2(7) of the new Act defines a “customer” as a person who “buys any goods for a consideration which has been paid or promised or partly paid and partly promised, or under any system of deferred payment and includes any user of such goods other than the person who buys such goods for consideration paid or promised or partly paid or partly promised, or under any system of deferred payment, when such use is made with the approval of such person, but does not include a person who obtains such goods for resale or for any commercial purpose” or “hires or avails of any service for a consideration which has been paid or promised or partly paid and partly promised, or under any system of deferred payment and includes any beneficiary of such service other than the person who hires or avails of the services for consideration paid or promised, or partly paid and partly promised, or under any system of deferred payment, when such services are availed of with the approval of the first mentioned person, but does not include a person who avails of such service for any commercial purpose.”

As a result, a customer will thus be regarded as anyone who “purchases any goods” or “hires any services,” which includes both online and offline transactions, teleshopping, direct selling, and multi-level marketing.

Consumer’s Rights

The most essential component of the new Act is undoubtedly the consumer’s rights under Section 2(9), which include:

  • the right to be protected from the promotion of goods, products, or services that are harmful to one’s health or property;
  • the right to information regarding the quality, quantity, potency, purity, standard, and pricing of commodities, products, or services, as applicable, in order to protect consumers from unfair trade practices;
  • the right to be assured, whenever possible, of competitive access to a wide range of goods, products, or services;
  • the right to be heard and the assurance that the interests of consumers would be taken into account in appropriate forums;
  • the right to seek remedies in the event of unfair commercial practices, restricted trade practices, or unscrupulous consumer exploitation; and
  • the right to consumer awareness.

The terms “defect” and “deficiency” are defined in the Act’s sections 2(10) and 2(11).

Defect” means any fault, imperfection or shortcoming in the quality, quantity, potency, purity or standard which is required to be maintained by or under any law for the time being in force or under any contract, express or implied or as is claimed by the trader in any manner whatsoever in relation to any goods or product and the expression “defective” shall be construed accordingly; whereas “deficiency” means any fault, imperfection, shortcoming or inadequacy in the quality, nature and manner of performance which is required to be maintained by or under any law for the time being in force or has been undertaken to be performed by a person in pursuance of a contract or otherwise in relation to any service and includes— (i) any act of negligence or omission or commission by such person which causes loss or injury to the consumer; and (ii) deliberate withholding of relevant information by such person to the consumer.

E-commerce” Section 2(16), “electronic service provider” Section 2(17), and the required responsibilities in relation to internet frauds are among the new additions in the Act. This has enlarged the Act’s reach, ensuring that e-consumers’ rights are better protected and that they are able to take action against e-commerce websites in the event of any infringement or violation.

Definition of Unfair Trade

In Section 2(46) of the new Consumer Protection Act of 2019, the concept of “unfair contract” is defined as, “contract between a manufacturer or trader or service provider on one hand, and a consumer on the other, having such terms which cause significant change in the rights of such consumer, including the following, namely: —

  • Requiring manifestly excessive security deposits to be given by a consumer for the performance of contractual obligations; or
  • Imposing any penalty on the consumer, for the breach of contract thereof which is wholly disproportionate to the loss occurred due to such breach to the other party to the contract; or
  • Refusing to accept early repayment of debts on payment of applicable penalty; or
  • Entitling a party to the contract to terminate such contract unilaterally, without reasonable cause; or
  • Permitting or has the effect of permitting one party to assign the contract to the detriment of the other party who is a consumer, without his consent; or
  • Imposing on the consumer any unreasonable charge, obligation or condition which puts such consumer to disadvantage.”

Unfair consumer contracts, such as these, are now covered by this Act, and a customer can submit a complaint in this regard. Many enterprises, particularly real estate developers, would benefit from this, as they frequently demand helpless consumers to sign unjust contracts and accept their standard terms before providing services.

Central Consumer Protection Authority (CCPA)

CCPA is one of the provisions of the Act which aims to promote, protect, and enforce the rights of the consumers. It will deal with issues such as consumer rights violations, unfair trade practices, and deceptive advertising. The CCPA will have an investigation wing, led by a Director-General, that will be able to undertake investigations or inquiries into such offences.

The CCPA will have the following responsibilities:

  • Investigating and prosecuting violations of consumer rights;
  • Issuing instructions for hazardous goods to be recalled or services to be withdrawn, as well as price reimbursement and the end of unfair commercial practices, as outlined in the bill.
  • Providing orders to the concerned trader/ manufacturer/ endorser/ advertiser/ publisher to either stop or change a false or misleading advertisement;
  • Imposing penalties; and
  • Issuing consumer safety alerts about harmful goods and services.

Simplified Dispute Resolution Process

  • It gives the State and District Commissions the authority to review their own order;
  • it allows consumers to file complaints electronically and in Consumer Commissions that have jurisdiction over their area of residence;
  • It allows videoconferencing for hearing and deemed admissibility of complaints if the question of admissibility is not decided within the specified period of 21 days.

False And Misleading Advertisements

The term ‘misleading advertisement’ for any product or service has been defined in the Act as, “an advertisement, which falsely describes such product or service, or gives a false guarantee to, or is likely to mislead the consumers as to the nature, substance, quantity or quality of such product or service, or conveys an express or implied representation which, if made by the manufacturer or seller or service provider thereof, would constitute an unfair trade practice, or deliberately conceals important information.”

The new Act stipulates severe penalties for false and misleading advertisements.

E-Filing and hearing of Complaints

In an approach towards aiding consumers, the Act also facilitates e-filing of complaints and allows consumers to seek video conference hearing of the case by the Commission.

Only Merit-Based Decision

The new Act eliminates the Commission’s discretionary power to dismiss a case in default and requires that the complaint be decided on the merits only if the complainant fails to appear on the scheduled hearing date.


  • It provides an Alternate Dispute Resolution mechanism of Mediation to simplify the adjudication process.
  • A Consumer Commission will send a complaint to mediation if there is a scope for an early resolution and the parties agree.
  • Mediation will take place in the Mediation Cells that will be constructed under the Consumer Commissions’ auspices.
  • No appeal against settlement through mediation.

Product Liability

The manufacturer, product service provider, or the product seller to be held liable for injury or damage caused by a defective product or a service deficiency.

For the manufacture or sale of adulterant/spurious goods, a competent court may impose a penalty. The penalties include:

  • In first conviction—suspension of license issued to the person for a period of up to two years
  • In second or subsequent conviction—cancellation of license. 

Second Appeal and Review

The new Act gives the National Consumer Disputes Redressal Commission the power of a second appeal, which is provided under Section 51 (3), subject to the resolution of a material point of law in the case. While the National Commission retains the authority of review, the Act tries to incorporate the power of revision within the State Commission.

The District Commission, State Commission, and National Commission have each been given the power of review under Sections 40, 50, and 60 of the Act, respectively.

Rules and Regulations


According to Rule 5, e-commerce entities are required to provide information on return, refund, exchange, warranty and guarantee, delivery and shipment, modes of payment, grievance redressal mechanisms, payment methods, payment security, charge-back choices, and so on, as well as the country of origin.

Consumer complaints must be acknowledged within 48 hours of receipt, and the issue must be resolved within one month of receipt. They would also be required to establish a grievance officer to handle customer complaints.

If the goods or services are defective, deficient, or delivered late, or if they do not meet the description on the platform, sellers cannot refuse to accept returns, withdraw services, or refuse reimbursements.

The rules also ban e-commerce entities from modifying the pricing of goods or services in order to make a disproportionate profit.


  • No fee for filling cases up to Rs. 5 Lakh.
  • Complaints can be filed electronically
  • Amount due to unidentifiable consumers to be credited to Consumer Welfare Fund (CWF).
  • The State Commissions is required to report vacancies, dispositions, case pending status, and other items to the Central Government on a quarterly basis.
  • Jurisdiction of CDRC:
  • District CDRC—Where the value of products and services does not exceed Rs one crore.
  • State CDRC—Where the value of goods and services is more than Rs one crore but does not exceed Rs ten crore.
  • National CDRC—Where the value of goods and services exceeds Rs ten crore.


The Central Consumer Protection Council Rules are established for the Central Consumer Protection Council, led by the Union Minister of Consumer Affairs, Food and Public Distribution, with the Minister of State as Vice Chairperson and 34 other members from other sectors.

Ministers-in-charge of consumer affairs from two states from each region (North, South, East, West, and NER) will serve on the Council, which will have a three-year term. There’s also the option of forming working groups from among the members to complete specific tasks.

Offences And Penalties

The Central Authority, under Sections 21(2) and 89 of the 2019 Act, has the jurisdiction to impose a penalty on a manufacturer or endorser who makes a false or misleading advertisement. It can impose a penalty of up to ten lakh rupees on the manufacturer or endorser by order.

Apart from that, a new chapter (Chapter VII) for offences and penalties has been added, with comprehensive penalties and punishments for non-compliance, as well as manufacturing for sale, storing, selling, distributing, or importing adulterated or spurious items.

Concerns Regarding the Bill

The new Act is being praise by many consumer activists for broadening the definition of consumer by including those who engage in multi-level and telemarketing transactions both offline and online. However, some key improvements have yet to be implemented either directly in the Act or through parallel adjustments to the existing system. The following are a few of the significant issues:

  1. To promote, preserve, and develop consumer rights, the Central Consumer Protection Authority (CCPA) was established. The headquarters will be in the NCR, and the government will decide on regional offices. The authority is responsible for enforcing consumer rights, unfair trade practises, and deceptive advertising. The government’s task of enforcing and enhancing this authority will be committed, and its implications will undoubtedly be significant for the 2019 Act. Following are the concerns regarding CCPA:
  2. While this is a commendable initiative, it is unclear how this authority will operate, particularly in terms of investigations and inquiries.
  3. When examining the investigative wing and search and seizure functions, there is some overlap between the director general’s functions.
  4. The CCPA has the authority to mandate product recalls, price reimbursements, and directives, as well as penalise producers and endorsers. Surprisingly, the only way to appeal such orders is to go to the national Commission. The circumstances or criteria under which the National Commission will consider such instances are still unknown. Because of the shift in pecuniary jurisdiction, it’s uncertain whether current cases will be moved.
  5. According to the new Consumer Protection Act, the District Commission must determine which cases are suitable for mediation and then refer them to a mediator. Personal discretion and delay will be introduced as a result of this. As a first alternative, the complaint should be offered the opportunity to ask for mediation. The dispute should only move to the commission if the opposing party refuses to accept mediation. Conciliation should be made available in the CPA. This will help to reduce the amount of cases that end up in commissions.
  6. The new Consumer Protection Act, 2019 overburdens District Consumer Commissions with large claims of up to Rs1 crore. As a result of the delays in obtaining justice, customers with minor claims for low-cost consumer durables such as mobile phones, televisions, refrigerators, music players, washing machines, and so on will be unable to fight for their rights. Regardless of the compensation sought, the new Act determines jurisdiction and charges court fees based on the consideration paid. This will lead to the filing of inflated and exaggerated claims in order to profit from a service deficiency.[1]

Role of Indian Judiciary

Consumers are the heart and soul of any developing nation. Consumer Courts are established for the special purpose of aiding our consumers. Below are some landmark judgments issued by our courts under the Consumer Protection Act, 1986, which has since been repealed, but the rules established in those cases aided in the formulation of the current Consumer Protection Act, 2019.

Horlicks Ltd. v. Zydus Wellness Products Ltd.[2]

While examining the idea of advertisement, the Delhi High Court ruled the above matter. On the basis that the advertising comparing Complan to Horlicks was misleading and disparaging, the High Court issued an interim order prohibiting Zydus from broadcasting it. Various judgements on misleading advertisements, disparagement, and the law governing the publication of commercials on television were cited by the Court. Major decisions were as follows:

  1. Dabur (India) Ltd. v.  Colortek (Meghalaya) (P) Ltd.[3]

The Delhi High Court analyzed the concepts controlling advertising disparagement and concluded:

On the basis of the law established by the Supreme Court, the guiding principles for us should be the following:

  1. Article 19(1)(a) of the Constitution protects advertisements as commercial expression.
  2. False, misleading, unfair, or deceptive advertising is prohibited.
  3. Of course, there will be some grey areas, but they should not be treated as serious representations of fact, but rather as a way to promote one’s own product.

Article 19(1)(a) of the Constitution provides protection to this extent, in our opinion. If, however, an advertisement goes beyond the grey zones and becomes a false, misleading, unfair, or deceptive advertisement, it will almost probably be unprotected.

  • Pepsi Co. Inc. v. Hindustan Coca Cola Ltd.[4] 

In Pepsi Co., it was held that when ruling on the subject of disparagement, certain factors had to be considered. These were the factors:

  1. The intent of the advertisement – this can be understood from its story line and the message sought to be conveyed;
  2. The overall effect of the advertisement – does it promote the advertiser’s product or does it disparage or denigrate a rival product?

In this context, it is important to remember that when advertising a product, the advertiser may make an unfavourable comparison to a rival or competing product, but this may or may not alter the story line and message of the marketed product or have that as its overall effect.

  1. The manner of advertising – Is the comparison generally accurate, or does it unfairly criticise or trash a competitor’s product? While accurate criticism is acceptable, untruthful criticism is not.

Connaught Plaza Restaurants Ltd. Kapil Mitra[5]

As part of Mc Donald’s well publicized “Mc Donald’s Mein Khao Har Bar Prize Le Jao” scheme, the complainant/respondent placed two separate orders totaling Rs 81. The complainant claimed that Connaught Plaza Restaurants Ltd., a franchisee running Mc Donald’s Restaurant indulged in unfair trade practices. 

The NCDRC found that the complaint had not provided proof that CPRL had collected SMS costs or that it had an arrangement with the Telecom Company/Service Provider for SMS charge sharing. As a result, the State Commission’s order could not be upheld on those reasons. Connaught Plaza Restaurants Ltd, on the other hand, was found to have engaged in an unfair trade practice by implementing the scheme. The concurrent findings of the District and the State Commission have established this fact. The complainant, as well as other similar customers who may not have filed a complaint, must be given remedy. The NCDRC partially upheld the appeal, reducing the compensation to Rs. 30,000 and the costs to Rs. 70,000.

Ernakulam Medical Centre P.R. Jayasree[6]

The discharge of a dead body by a hospital to an unaffiliated third party is unquestionably a “deficiency in service” under Section 2(1)(g) and (o) of the Consumer Protection Act, 1986, according to the National Commission Dispute Redressal.

Union of India N.K. Srivastava[7]

Recently, an appeal from an order of the National Consumer Disputes Redressal Commission was dismissed by the supreme court. Sarvodaya Hospital and Safdarjung Hospital were accused of medical malpractice in the complaint. The amendment of Sarvodaya Hospital was approved by the NCDRC. While absolving it of the medical negligence charge, it did hold Safdarjung Hospital liable to pay the State Consumer Disputes Redressal Commission’s compensation of Rs 2 lakhs.


Only when customers in a country are takes a stand for their rights will sellers and manufacturers take precautions to ensure that they are never involved in disputes over violations of consumer rights. The Consumer Protection Act, 2019 primarily focuses on providing timely and effective administration for settlement of consumer’s disputes and protection of their interests. This act covers e-consumers, broadening the act’s purview and putting additional responsibility on them for the goods and services they sell and offer. It also tries to solve concerns that CPA 1986 didn’t fully address, such as customer interests as a class, among other things. Since digitalization has changed how a consumer performs in the twenty-first century, the new Act was much needed.


[1] Jehangir B Gai, Why the new Consumer Protection Act is a Death Knell of Consumer Rights, available at (Visited on July 15, 2021).

[2] (2020) SCC 873.

[3] (2010) SCC 391.

[4] (2003) SCC 802.

[5] (2020) SCC 192.

[6] (2020) SCC 490.

[7] (2020) SCC 636.

Author: Chetna Meena, University School of Law and Legal Studies, Guru Gobind Singh Indraprastha University

Editor: Kanishka VaishSenior Editor, LexLife India.


Reading time : 12 minutes

  • Introduction

In recent past, the question related to privacy of personal data became matter of concern, globally, whether it is in the field of law or political imagination. As held in the case of Puttuswamy v India (2017)[1], privacy is a fundamental right. When some landmark cases, such as MP Sharma v. Satish Chandra (1954)[2] and Kharak Singh v. Uttar Pradesh (1962)[3], came before the Supreme Court, there was no constitutional right to privacy in and of itself, the judges had declared that while in certain circumstances the privacy of individuals was to be protected. But, in this concern, certainly a Supreme Court ruling is not sufficient. In particular, the implementation of the Aadhar biometric programme and persistent development of global technology, have created the necessity to take a new approach towards the legal stance of privacy in India.

As illustrated in Aadhar case or many other landmark cases, today, the main area of concern of privacy, is data, an intangible product that carries staggering political capital and forms the basis of much of the world economy. The rise in the importance of data has pushed over 80 countries to pass national laws which protects the collection and use of their citizen’s data by the government, companies and many other. In coming times, India will also join the hand of other countries for this major concern as the Personal Data Protection Bill 2019 (DPB) is currently under consideration by a parliamentary committee. The PDP Bill was referred to a Joint Parliamentary Committee (“JPC”) on December 12, 2019 for recommendations.

The bill establishes a number of rules and regulation for companies to follow, and also for large international tech firms that wish to operate in territory of India. The current draft of the PDP Bill prescribes compliance requirements for all forms of personal data, broadens the rights given to individuals, introduces a central data protection regulator, as well as institutes data localization requirements for certain forms of sensitive data. The PDP Bill applies extra territorially to non-Indian organizations in the event certain nexus requirements are met, and also imposes hefty financial penalties in case of non-compliance.

 In coming future, bill will have great impact on commercial and political consequences. According to Ernst and Young, by the year 2025, emerging high technologies in India will create $1 trillion in economic value and much of this economic value will be founded on the use, sale, and creation of data, and here the bill will have great implications as hi-tech firms scramble to meet new privacy regulations.

The Bill also declares that users who provide data are, in effect, the owners of their own data. As European internet-users have “right to be forgotten”, so, this has major implications, suggesting that users in India also be able to control the data, and may request firms to delete it, just and have evidence of their online presence removed. But the bill does not protect citizen against the government as it stipulates that “sensitive” personal data, related to matters of national security, must be accessible to the government for the protection of national interest.

The bill outlines the establishment of a Data Protection Authority, which will be charged with controlling data collected by the Aadhaar programme. It will be led by a chairperson and six committee members, appointed by the central government on the recommendation of a selection committee. Unlike similar institutions, such as the Reserve Bank of India or the Securities and Exchange Board, the DPA will not have an independent expert or member of the judiciary on its governing committee. The UIDAI, for its part, has a chairperson appointed by the central government and reporting directly to the Centre.

After the Aadhaar programme controvercy, the most latest concern is Aarogya Setu contact-tracing app, developed to track the spread of the COVID-19 pandemic. Experts related to technology criticised the app due to lack of adequate data protection measures. Where are these data stored and who has access to them remain open questions.


The characteristics of the PDP Bill:

  1. It provides for storage of all SPD within Indian territorial limit. Data may be transferred outside India but subject to appropriate safeguards as are laid down. 
  2. It provides for ‘consent managers’ who shall be responsible for bridging the gap between the the Data Fiduciary and the Data Principal.
  3. It confers on the Data Principals, the right to data portability and the right to access, correction, the right to be forgotten and erasure of personal data. 
  4. It provides for the establishment of a Authority for Data Protection which shall be a cross-sector regulatory authority for data protection. It shall be responsible for the implementation of the PDP Bill.
  5. Their lays down obligation on a Data Fiduciary to send a data breach notification in any case of breach to the Data Principal.

The preamble of Bill identifies three key points:

  • “The right to privacy is a fundamental right and it is necessary to protect personal data as an essential facet of informational privacy”
  • “It is necessary to create a collective culture that fosters a free and fair digital economy, respecting the informational privacy of individuals, and ensuring empowerment, progress and innovation through digital governance and inclusion.”
  • “The growth of the digital economy has expanded the use of data as a critical means of communication between person”
  • Main Provisions of the Bill

The main purpose of bill is to regulate the processing of personal data of individuals which is processed by the Government, Companies registered in India and Foreign Companies according to Information Technology Act, 2000.

 Some key provisions under the bill are as follows –

  1. Definition of Personal Data

Personal Data under the bill is defined[4] as the data relating to a natural person with regard to the characteristic, trait, attribute or any other feature which helps in the identification of that person. The bill also distinguishes between Sensitive Personal Data and Critical Personal Data.

  1. Data Fiduciary

Data fiduciary is any entity or any individual which determines the purpose and means of processing personal data. The bill enumerates certain obligations relating to the Data fiduciary, some of them are as follows –

a. Personal Data should be processed only for clear and lawful purposes.

b. The privacy of Data Principal i.e. the person to whom the data belongs, should be ensured

c. The Data Fiduciary is required to furnish a notice of the Data Principal for the purposes of collecting personal data.

d. The bill imposes restrictionon the Data Fiduciary with respect to the retention of the personal data collected.

e. The Data Fiduciary is also made accountable8 to comply with the provisions of the bill in relation to the processing of data.

3. Rights of the Data Principal

The bill also provides for rights that can be exercised by a data principal such as the right to seek information regarding the manner or processing activities undertaken by the data fiduciary with respect of the personal data. The bill also gives an opportunity to the data principal to correct and erasure any personal data.

4. Social Media Intermediaries

The bill defines Social Media intermediaries as intermediaries which allow 2 or more users to share, upload, disseminate, create information using its services. This will allow the government to notify them as data fiduciary subjecting them to comply with the provisions of the Bill.

5.Transfer of Personal Data outside India

The bill imposes certain restrictions on the transfer of sensitive and critical personal data outside India. Sensitive personal data may be transferred outside India based on certain conditions such as –

a. The transfer is made pursuant to a contract or intra-group scheme which should be approved by the Data Protection Authority.

b. The transfer is allowed by Central Government after consultation with the Authority.

6. Offences and Penalties

The bill imposes hefty penalties. A fine of INR 15 crores or 4% of the annual turnover of the data fiduciary, whichever is higher is imposed for processing or transferring personal data which is in violation of the Bill. In case, the data fiduciary fails to conduct data audit a fine amounting to INR 5 crores or equivalent to 2% of the annual turnover of the data fiduciary, whichever is higher is imposed.

Data can be classified broadly into two types: personal and non-personal data.  Personal data pertains to traits, characteristics or attributes of identity, which can be used for identification of an individual. Non-personal data includes aggregated data through which individuals cannot be identified. Data protection refers to policies and procedures seeking for personal data to minimise intrusion into the privacy of an individual caused by collection and usage of the data. 

  • The Bill cdemandsfr the creation of an independent regulator Data Protection Authority, which will oversee assessments and audits and definition making of personal data.
  • Each company will have a Data Protection Officer (DPO) who will liaison with the DPA for grievance redressal, recording maintenance, auditing and many more.
  • The Bill proposes  “Collection limitation” and “Purpose limitation” clause, which limit the collection of data to what is needed for “clear, specific, and lawful” purposes.
  • It also grants individuals the ability to access and transfer one’s own data and right to data portability. It also grants individuals the right to data portability, and the ability to access and transfer one’s own data.
  • Finally, it legislates on the right to be forgotten. With historical roots in European Union law, General Data Protection Regulation (GDPR), this right allows an individual to remove consent for data collection and disclosure.
  • The Bill stated the penalties as: Rs 5 crore or 2 percent of worldwide turnover for minor violations and Rs 15 crore or 4 percent of total worldwide turnover for more serious violations.
  • The Bill includes exemptions for processing data without an individual’s consent for “reasonable purposes”, including security of the state, detection of any unlawful activity or fraud, whistleblowing, medical emergencies, credit scoring, operation of search engines and processing of publicly available data.

Government of India constituted a committee (“NPD Committee”) to explore the governance of non-personal data (“NPD”). The terms of reference of the NPD Committee were to:

(a) study various issues relating to non-personal data; and

(b) to make specific suggestions for considerations of the Central Government on the regulation of non-personal data.

Currently, processing NPD is not regulated under law. Further, “anonymized data” is specifically excluded from the applicability of the current draft of the PDP Bill.

The NPD Committee released a revised version of their report in January 2021 for clarifying certain aspects. The revised NPD Committee report expands on the recommended NPD framework and PDP Bill would function, clarifying that it is only anonymised data that will fall under the NPD framework. Amongst other things, the revised version have details of  the types of NPD that may be collected, delves into public and private rights that may subsist in such data, as well as provides for a detailed data sharing mechanism that exempts transfers between private entities.

 The report provides separate guidelines for ‘Data Businesses’, or data collecting entities that meet certain thresholds, calls for the separate treatment of certain ‘High Value Datasets’, and also calls for the creation of a separate regulator that would function independently.

However, as discussed above, other reports indicate that the JPC may be looking to broaden the scope of the PDP Bill to include NPD as well. These reports run contrary to the NPD Committee’s recommendation for all NPD-related provisions in the PDP Bill to be removed.


 NITI Aayog released a draft framework on the Data Empowerment and Protection Architecture (“DEPA”) in August, 2020 with consultation with a few industry regulators, banks and tech players. Main aim of DEPA is to build over existing regulation by the RBI on ‘Account Aggregator’ models, through which citizen will be able to share their financial data across banks, insurers, lenders, mutual fund houses, investors, tax collectors, and pension funds in a secure manner. Through DEPA, NITI Aayog aims to institute a mechanism for secure consent-based data sharing in the tech sector, which they believe will be “a historic step towards empowering individuals with control over their personal data”.[5]  While this document released by NITI Aayog is totally focused on the implementation of DEPA in the sector of finance alone, now, DEPA is also proposed to be introduced as a similar framework beyond just financial data, and across all sectors, beginning with the health and telecom sectors.

For the full implementation of DEPA, the ministries and government regualtors would be required to release a detailed document that lays down the processes for the information flow in DEPA. DEPA was open for public comments until November 30, 2020, and there has been no further update till date.


The Central Government of India along with Ministry of Health and Family Welfare announced a National Digital Health Mission (“NDHM”) which was published in a blueprintin 2019 recommending the creation of a National Digital Health Ecosystem (“Ecosystem”) which allows for interoperability of digital health systems at the hospital, patient and ancillary healthcare provider level. On December 14, 2020 the ministry has given the approval to a Health Data Management Policy (“HDM Policy”)largely based on the PDP Bill which will  govern data in the Ecosystem. The HDM Policy recognises entities in the data processing space, i.e. data fiduciaries (similar to data controllers under GDPR) and data processors similar to the PDP Bill, and establishes a basic framework for processing personal data.


Certain type of transactions are exempted from the applicability of the PDP Bill, ther are:

 (a) to small businesses or

 (b) data collected for purpose of domestic use.

 A small business shall be qualified as such by the Data Protection Authority depending on the the purpose of collection of the data, business turnover or the volume of data processed. The Central Government also exempted outsourcing agencie from certain obligations under this system. Additionally, the Central Government of India has wide powers with respect to its obligations, which may be relaxed on various grounds of public interest and may exempt agencies operating under it. This ground of discretion is fairly broad and gives the government significant discretionary power.

  • Under Article – 21 of the Constitution, Right to privacy is a fundamental right. This was held by a nine-judge bench of the Supreme Court in Justice K.S. Puttaswamy vs Union of India[6] in its landmark judgment dated 24th August 2017 wherein they declared ‘the right to privacy’ as an integral part of Part III of the Constitution of Constitution of India. In 2017, a bench of five judges in the Supreme Court which was hearing the Aadhaar Card case and  the right to privacy, said that they wanted a nine-judge bench to first decide if privacy is a fundamental right, before deciding on the main Aadhaar case.
  • In the case of Subhranshu Rout @ Gugul v. State of Odisha[7],The High Court of Odisha observed in its order on November 23, 2020 the requirement and importance of the right to be forgotten of an individual and how it remains unaddressed in legislation. The case involved objectionable content related to a girl that was posted online. While the victim of the case had not made any arguments regarding to the permanent removal of her data, the court encouraged the victim to seek appropriate orders for the protection of her fundamental right to privacy even in the absence of an explicit right to be forgotten. The court held that recognizing such a right by law would help in safeguarding woman’s rights online, thus highlighting the importance of strong individual privacy rights. The court was cognizant of the fact that the current draft of the PDP Bill if passed as law, would introduce a right to be forgotten in India.
  • In case of Balu Gopalakrishnan v. State of Kerala [8]The High Court of Kerela passed an interim order on April 24, 2020 on the export of data related to COVID-19 by the State Government of Kerala to a US-based entity, Sprinklr, for data analytics.In this case the High Court held that certain measures were to be implemented by the State Government before granting Sprinklr access to the data. These measures include obtaining specific consent from citizens, ensuring the return of data once contractual obligations end and anonymizing the data. The High Court also barred the commercial exploitation and advertisement of the data by Sprinklr. This judgment emphasizes the accountability of the State in handling data of its citizens and established very essential benchmark for all public-private partnerships in the post COVID-19 era in the field of data protection.
  • Various cases of cyberattacks and surveillance will be checked.
    • Recently, many WhatsApp accounts were hacked by an Israeli software called Pegasus.
  • Social media is being used to spread fake news, which has resulted in national security threats and lynchings, which can now be monitored, checked and prevented in time.
  • Data localisation can help law-enforcement agencies access data for investigations and enforcement.

    • As of now, much of cross-border data transfer is governed by individual bilateral “mutual legal assistance treaties”.
    • Accessing data through this route is a cumbersome process.
  • Data localisation will also increase the ability of the Indian government to tax Internet giants.
  • A strong data protection legislation will also help to enforce data sovereignty.
  • Many contend that the physical location of the data is not relevant in the cyber world. Even if the data is stored in the country, the encryption keys may still be out of reach of national agencies.
  • National security or reasonable purposes are an open-ended terms, this may lead to intrusion of state into the private lives of citizens.
  • Technology giants like Facebook and Google have criticised protectionist policy on data protection (data localisation).

    • They fear that the domino effect of protectionist policy will lead to other countries following suit.
  • Protectionist regime supress the values of a globalised, competitive internet marketplace, where costs and speeds determine information flows rather than nationalistic borders.
  • Also, it may backfire on India’s own young startups that are attempting global growth, or on larger firms that process foreign data in India.

The year 2020 has laid down the basic structure for enhancing focus on the privacy and data protection front. While we may see the main aim of the PDP Bill broadly before it is presented in the Parliament in 2021, we could also expect significant rules on the ownership aspect and  economic and commercial usage of non-personal data. The PDP Bill may also be made available for stakeholder comments and discussion after the revised version is released. The position on data localization and cross border sharing of data is yet not finalized, which is a policy decision that will directly impact most businesses operating in India. However, in the backdrop of the PDP Bill, we expect to continue to see industry-specific data policies and regulation by sectoral regulators such as drone-related policies which may give rise to new issues including cybersecurity and mandatory disclosure to the Government. It is also clearly visible that the Indian judiciary is more cognizant of privacy rights than ever before, which is a sign of a strong data protection regulation ahead


The Personal Data Protection Bill, 2019 main purpose is to protect data relating to individuals. The bill categorizes personal data broadly into three parts which allows for greater accountability in relation to processing of data by data fiduciaries. The adaptation of a regulatory body will help automatically help technology driven startups in their starting stage since it will exempt them from the complex procedure and compliance of the provisions of the bill. When enacted, The Bill will have far reaching impact on the MNCs and business in India since they will have to ensure that the data processing done by them is in compliance with the provisions of the bill. According to the Supreme Court in the Puttaswamy judgement (2017), the right to privacy is a fundamental right and it is necessary to protect personal data as an essential facet of informational privacy, whereas the growth of the digital economy is also increasing for socio-economic growth. In context with this, the government policy on data protection must not deter from framing any policy for the growth of the digital era, till the extent that it doesn’t impinge on privacy of personal data.

[1] (2017) 10 SCC 1.

[2] 1954 AIR 300, 1954 SCR 1077.

[3] 1963 AIR 1295, 1964 SCR (1) 332.

[4] Clause 2(28) of the Bill.

[5] Ibid.

[6] ibid

[7] BLAPL NO.4592 OF 2020

[8] Writ Petition(Civil) no..of 2020


Editor: Kanishka VaishSenior Editor, LexLife India.

National Policy on Software Products, 2019

Reading time: 8-10 minutes.

A national policy on Software products was passed by the Union Cabinet, chaired by Prime Minister Narendra Modi in 2019. It is implemented by the Ministry of Electronics and Information Technology. The government had allotted a fund of Rs. 1, 500 crore for a period of 7 years and aimed to create employment of 3.5 million by 2025.

The Covid-19 pandemic brought a halt to India’s economy. After the lockdown the officials of MietY are ready to revamp the economy. They intend to propose a 5000 crore detailed use to the finance ministry for the Software Product Development Fund (SPDF) and deploy those into daughter funds. The ministry aims to invest funds from its home capital leading India on its way to become “Atma-Nirbhar”. These daughter funds will in turn invest in the software products startup.

Salient features of the policy

  1. Indian software registry – to protect their innovation using intellectual property
  2. Single window platform – address concerns over policy
  3. Tax incentive – set off tax on the investment made in Research and development.
  4. Government procurement – a way to include these start-up in government area and create a market
  5. Encouraging Entrepreneurship – introducing incubator for at least 10000 product startup, setting a fund of 1, 000 crore, an outlet of Rs. 500 crore to support software educational bodies, setting up a sector to promote design and development.
  6. Creating 3 million skilled people – in collaboration with over 1, 000 educational institutions.

How/why was it introduced?

Looking at the talent we have in India and the massive strides on the digitalization we have made in the past 5 years the current figures which show that the IT industry contributes to the National GDP of the country, have a potential to increase many folds. The National policy on Software Product shoves India to develop and progress from services to products. Such that the IT product become an equitable partners in the revamping IT economy. It is not that without introducing the policy there would have been no product based IT industry but by introducing the policy it will accelerate the growth with more precision and labor. The policy aims at providing both the money and opportunities to private startup.

Developments around it

  1. The share of the Indian company in the global software product market will increase thereby helping increase exports growth.
  2. Motivating entrepreneur to develop software products will be a big boost to the start-up eco-system in the country and may go a long way in tackling the brain drain issue which India faces.
  3. It is hoped that the general condition of the software and IT infrastructure in India improves thereby making networks across the country more secure.

Relevant legal provisions

Often India, referred to as an IT superpower but that’s not true. There are much more forceful and majestic IT nations out there. India is a country which is at best the software outsourcing economy. We are not product oriented rather we are simply outsourcing by coding a western country design.  The policy will nurture new and innovative design. This shift aims that the Intellectual property remains in India. According to NASSCOM’s Strategic Review 2019 the growth in the domain product of IT industry was largest in 2019.There is a need for protecting innovative pieces and ideas with relevant tools.

The Intellectual Property regime is one such tool which aim at protecting these software’s.

  1. Copyright Law: This covers the artistic, literary and dramatic work which are unique and original. The software’s fall under the literary work making them copyrightable. For the piracy of software, which is an original work of intellect the offender is liable to pay punitive as well as compensatory damages.
  2. Patent law: The software is per se not patentable but if there are other things like ‘ancillary to’ or ‘developed thereon’ the computer programme is patentable. A profusion of cases show that patents are granted if the covers the part of technical effect.

Probable way forward

  1. India being a service oriented country contributes little by way of software products. It is rather a software importer nation. This policy aims to make India self-reliant and rather contribute to the export of software services. If we look at the banking market, it comprises of services. The services have led to the success of banking products. Which means basically that the productization of services. It’s not about growing only but also protecting the services from external shark companies from acquiring us.
  2. The formulation of National Software Products Mission will monitor the whole policy and ensure that corrective measures are taken. This will help in revolutionize the sector.
  3. The Ministry of Corporate Affairs should look into creating market access to the startups via this policy because that is what they lack. The ecosystem of small startups with Research and Development funding in Artificial Intelligence and ML will create a pool of many startups. This ecosystem can leave a trail for other larger startups outside the ecosystem of software products to follow. This example can henceforth be extend to other start up arenas as well.


The vision in the policy is very clear to provide incentive to software sector startups which will create an ecosystem of startups who could collaborate together to formulate bigger products. It seems to be a part of “Make in India” movement aiming to increase employment and make India sustainable. It brings along with it mentoring and other market access too.  The government however should keep in mind that the It sector and Cyber industry are dynamic in nature. They are never static and are in a constant state of flux and therefore amends the policy from time to time keeping such changes in mind. Also, the legal protection provided by law also faces many loopholes like not covering non-literal works such as design, structure, and composition. By the time the creator gets the relief he has only incurred losses. The stealing and misuse of software products constantly reminds us that with more and more startups establishing there is a need to provide a sense of security by providing legal protection.

The main concern is that this policy aims to create 10, 00, 000 skilled IT professionals and 1, 000 leaders. With a similar aim UPA government in its previous policy aimed to create 5, 00, 000 cyber security professionals and even after the passage of more than 10 years it has not been able to create even 1000 professionals.

At the end it is important to have a policy which is implementable in reality and not just papers. It should be stable to the disruptions generally faced by the new startups. This will enable to create directly and indirectly job opportunities by creating a software hub under the Digital India Program.

Author: Aarcha Gupta from Symbiosis International (Deemed University).

Editor: Silky Mittal, Junior Editor, Lexlife India.

A Critical Overview of the Population Regulation Bill, 2019

Reading time: 4-5 minutes.

Undeniably, population proliferation has been a major challenge faced by India for years. As a measure to deal with the issue, recently, the Population Regulation Bill, 2019 has been introduced in the Upper House by the Member of Parliament Rakesh Sinha in the month of July. Interestingly, the private member’s bill which lays down the penal provisions against people with more than two children has triggered a debate and is now witnessing the divergent responses of the populace. While some are seen welcoming the move with zeal and zest, others are calling it out for the potentially detrimental outcomes.

What are the various facets of the Population Regulation Bill, 2019?

The Population Regulation Bill, 2019 also popularized as the two-child norm, does not only suggest putting a legal restriction on the number of children one is supposed to have, but it also puts forth some punitive actions against the so-called offenders. Parallel to a deprivation of financial benefits, stern provisions of the aforesaid law would also shut the doors of politics as a career for those offenders. Moreover, there would be a notable cutback in benefits under the public distribution system for those who procreate more than a couple of children.

Apart from the above penalties, the offenders would also see a surge in the rates of interest while availing loan from any financial body. It is interesting to note that along with the legal retribution, certain obligations have also been proposed under the Bill. Under the newly introduced Bill, it would be mandatory for any government employee to provide an undertaking that he would not procreate more than two children. Interestingly, there are some benefits listed out for those public or central sector employees who abide by the norms and go for the sterilization willingly. These benefits would also be extended if the spouse of any public or central sector enterprise employee undergoes sterilization.

Economic survey controversy

According to the Economic Survey 2018-19, India is undergoing a sharp decline in the population growth rate. Introducing the new regulation a few days after the release of the above-mentioned report sparked the controversy regarding the problematic nature of the former.

As per the findings of the survey, “India is set to witness a sharp slowdown in population growth in the next two decades. Although the country as a whole will enjoy the ‘demographic dividend’ phase, some states will start transitioning to an ageing society by the 2030s. It will surprise many readers to learn that the population in the 0-19 age bracket has already peaked due to sharp declines in total fertility rates (TFR) across the country.”

The report also states that the total fertility rate is likely to go below the replacement level by the year 2021. In fact, many of the states have already seen a marginal decline in the total fertility rate, thereby bringing it beneath the replacement level.

“TFR is now below the replacement level. Fertility in 13 out of the 22 major states. In fact, TFR has reached as low as 1.6-1.7 in states such as Delhi, West Bengal, Tamil Nadu, Andhra Pradesh, Telangana, Punjab and Himachal Pradesh. Even high fertility states such as Bihar, Jharkhand, Rajasthan, Madhya Pradesh, Chhattisgarh, Uttar Pradesh and Uttarakhand have seen a sharp decline in TFR over the years.”

In terms of age distribution, there would be a possible rise in the working population and a decline in the number of elementary school going children.

The challenging aftermath

While it is irrefutable that population surge is a pressing issue, it can also not be denied that the proposed law is likely to impact the marginalized strata of the society adversely. Here are some of the challenges which the proposed bill could bring-

  • Aged population: In the long run, when the growth rate of the population is already declining according to the aforementioned survey, such regulations could result in a situation where the percentage of aged population increases as against the youth. This phenomenon is also known as the negative population growth. Economically, this would result in higher expenditure and lower production.
  • Attack on poor and marginalized: Those who are ostracized, deprived and unaware of the exigencies of the situation, would be the major prey of the penalties put forth under the Bill.  Moreover, a deprivation of benefits under the public distribution system signifies a denial of anti-poverty scheme of availing food and other products of basic necessity at subsidized rates.
  • Condition of women: Bringing in this regulation in the areas where there is an exigency of social awareness could wreak burden on the women. There is a likelihood of rough consequences for women in the tightly patriarchal families where procreating a male child is of utmost priority. The regulation intertwined with the aforesaid social evil could result in even more unfavourable circumstances for women.

 The example of China

In the year 1979, in order to control the burgeoning population, China introduced the one-child policy. The policy, however, did not only receive widespread criticism but it also brought various socio-political challenges for the country.

With the one child norm, China witnessed a striking increase in gender disparity, sex selective abortions, abandonment and out adoption of the female child. The major factor behind this had been the socio-cultural preference for the male child.

Now, it is interesting to note here that numerous parts of India have also been undergoing the similar son meta-preference scenario.  Looking at the above instance and the current demographic statistics of India, there is a need to question if such policies are actually required by the nation.

Awareness campaigns and family planning

It will not be out of place to mention that the root cause of population increase in India has been lack of education and awareness. Instead of a legal deterrent, there is a need to launch awareness campaigns explicating the meaning and significance of family planning. While it is true that a massive population is challenging for any nation and its resources, it is also important to address the issue with all its intricacies and depth.

-This article is brought to you in collaboration with Yashda Garg, Advocate at District and Sessions Court, Sector 12, Faridabad.