Scroll Top

Need for Data Protection Bill in 2023


As India continues to embrace the digital age and the government pushes initiatives such as the “Digital India” campaign and the recent “DigiYatra” biometric boarding pass system for air travel, it is becoming increasingly important to address the issue of data privacy. With the amount of personal data being collected by the government and private companies on a daily basis, it is crucial that there be strong laws in place to protect the privacy of individuals. The DigiYatra app, developed by the Indian government, is designed to streamline the airport check-in process for passengers. However, concerns have been raised about the app’s impact on privacy.

One concern is the amount of personal information that the app requires users to provide. This includes full name, date of birth, gender, and passport details, as well as a government-issued identification number and a photograph. This information is collected and stored by the app, and it is not clear how it will be used or who will have access to it.[1]


The concept of data privacy refers to the protection of personal information from unauthorized access, use, or disclosure. This includes information such as name, address, phone number, email, and financial data. With the increasing reliance on technology and the internet in our daily lives, this personal information is being collected and stored by a wide range of entities, including government agencies, social media platforms, and online retailers.

In India, the current legal framework for data privacy is the Information Technology Act, 2000[2], which was enacted before the widespread use of social media and the proliferation of personal data collection by private companies. As a result, this legislation is largely inadequate in addressing the current issues of data privacy in the digital age.

One major concern with the current state of data privacy in India is the lack of control that individuals have over their personal information. Private companies are often capable of gathering and utilizing personal information without the users’ knowledge or consent. This can include everything from tracking online activity for targeted advertising to selling personal data to third parties. Another issue is the lack of penalties for companies that violate data privacy laws. Without strong consequences for companies that misuse personal data, there is little incentive for them to protect the privacy of their customers.


The government’s new “DigiYatra” biometric boarding pass system is a prime example of the need for stronger data privacy laws in India. While the system may have the potential to improve the efficiency of air travel, it also involves the collection and storage of biometric data, such as fingerprints and facial scans, of all passengers. This sensitive personal information is vulnerable to misuse or abuse by both government agencies and private companies.

There are also concerns about the app’s ability to track the movement of users. The app verifies the identity by Face Recognition. The Airport operator will have real-time information on Passenger load and resource planning becomes better. Airlines will be benefitted by knowing the passenger position in the airport.[3] This means that the app can potentially record and store a significant amount of data about a user’s travels.

In addition to the risks posed by private companies, there is also the concern of government surveillance. In the absence of strong data privacy laws, the government may be able to access and use personal data for purposes beyond those for which it was originally collected. This lack of oversight and accountability can lead to abuses of power and erosion of civil liberties.


The EU’s only meaningful law governing data protection is the General Data Protection Regulation (GDPR).[4] It applies to all companies operating in the EU and those operating outside the EU that provide goods or services or keep an eye on, individuals who reside in the EU. A variety of rights are granted to individuals about their personal data under the GDPR, including the ability to access, amend, and delete that data. The GDPR lays out tight guidelines for the acquisition, use, and storage of personal data.

The Digital Personal Data Protection Bill, 2022[5] could be India’s main data protection law. Although it has not yet become legislation, this bill is now being debated in the Indian parliament. When it is put into effect, it will apply to all businesses operating in India as well as to businesses operating outside of India who sell products or services to or keep an eye on, Indian data subjects. In accordance with the Personal Data Protection Bill, which lays out guidelines for the collecting, use, and storage of personal data, people have a number of rights about their personal information, including the ability to see, update, and delete it.

Overall, both the GDPR and the Personal Data Protection Bill are designed to protect the personal data of individuals and give individuals control over their personal data. There are some differences in the specific provisions of each law, but the general principles are similar.[6]


It is clear that the current legal framework for data privacy in India is inadequate to protect the personal information of individuals in the digital age. The government must prioritise the implementation of stronger data privacy laws that give individuals control over their personal information and hold companies accountable for violations. This could include measures such as requiring explicit consent for the collection and use of personal data, establishing clear penalties for companies that violate data privacy laws, and setting up an independent body to oversee the protection of personal data.[7] The implementation of strong data privacy laws is not only necessary to protect the rights and privacy of individuals, but it is also crucial for the overall development of the digital economy in India. Without the trust of consumers, the growth of online businesses and the wider adoption of digital technologies will be hindered.


In conclusion, the need for data privacy laws in India is more pressing than ever. With the increasing amount of personal data being collected and stored by both government agencies and private companies, strong laws must be put in place to protect the privacy of individuals. Without these protections, there is a risk of misuse and abuse of personal information, which could have serious consequences for both individuals and society as a whole. Overall, the Digi Yatra app raises serious privacy concerns. While the app may offer convenience for travellers, it is important for the government to address these concerns and ensure that user privacy is protected. This could include implementing stronger security measures and being transparent about how personal data will be used and who will have access to it.

Author(s) Name: Savyasanchi Khare (School of Law, Narsee Monjee Institute of Management Studies, Indore)


[1] Saransh Jauhari & Citrakshi Kapgate, ‘The Digital Data Protection Bill, 2022 and the Concerns Associated’ (Live Law, 14 December 2022) < > accessed  08 January 2023

[2] Information Technology Act 2000

[3]Ankita Chakravarti, ‘Digi Yatra does offer the smoothest passage through Delhi Airport. At least for now’ (India Today, 15 December 2022)  <> accessed 20 January 2023

[4]General Data Protection Regulation 2016

[5]Digital Personal Data Protection Bill 2022

[6] Anil Sasi & Soumyarendra Barik, ‘What India’s draft digital privacy law says — and how it compares with data protection laws elsewhere’ (The Indian Express, 22 November 2022) <> accessed 08 January 2023

[7] Shwweta Punj, ‘Why India Needs to Strengthen Data Protection Laws without Stymieing Industry’ (India Today, 15 September 2022) <> accessed 08 January 2023