ISSN (Print) - 0012-9976 | ISSN (Online) - 2349-8846

A+| A| A-

Protecting Employees’ Personal Data

The Legislation

The draft of India’s Digital Data Protection Bill, 2022 has been criticised for diluting the provisions and safeguards provided in previous drafts. This article analyses the draft bill from an employment perspective, examining provisions such as consent waivers for employment purposes and their potential consequences. It raises concerns about the legality of data–mining practices in general and the gig economy in particular.

While the Digital Data Protection Bill, 2022 has now been passed by Parliament as the Digital Data Protection Act, 2023, the overall argument regarding the draft bill applies to the provisions of the new legislation as well. The author gratefully acknowledges the funding support from the Indian Institute of Management Calcutta. 

The draft Digital Data Protection (DDP) Bill, 20221 was released on 18 November 2022 along with an explanatory note2 for comments and suggestions. It seeks to provide an overarching framework for formulating clear and transparent rules and regulations regarding when and how personal data can be accessed and processed by various entities, including the government. The bill has received enough criticism for diluting the provisions and safeguards in the 2019 draft bill and the subsequent 2021 joint parliamentary committee (JPC) report on it (Mathi 2022). This article analyses the bill from an employment and employee data perspective. First, it discusses the implications of Section 8(7), deemed consent, for emp­loyment purposes, especially for workers in the platform economy. Then, taking the example of two government agency websites containing employee data, it discusses the importance of imp­roving privacy provisions and safeguards.

As per the DDP Bill, 2022, “personal data” encompasses any information that can be used to identify an individual. The person with whom personal data is ass­ociated has been referred to as the “data principal.” The “data fiduciary” is the ­entity (individual, company, firm, state, etc,) that determines the purpose and methods of processing an individual’s personal data. Section 7 of the bill mandates data fiduciaries to seek consent, “agreement to the processing of her personal data for the specified purpose.” It gives the data principal the right to choose any language specified by the Eighth Schedule of the Indian Constitution for the consent request. The bill also provides a right to withdraw consent at any time.

Dear Reader,

To continue reading, become a subscriber.

Explore our attractive subscription offers.

Click here


To gain instant access to this article (download).

Pay INR 50.00

(Readers in India)

Pay $ 6.00

(Readers outside India)

Updated On : 4th Sep, 2023
Back to Top