Search Your Queries Related To Trilegal


Technology, Media & Telecommunications Law: Legal Milestones in 2019 and a Look Ahead

28 Feb 2020

2019 was a busy year for this sector as the Government of India introduced several regulatory measures and policy initiatives which is likely to have a long-term impact on the sector. This update summarises some of the major developments in the past year and gives a brief overview of what can be expected in 2020.


The year 2019 saw many changes in terms of regulatory and legislative measures by the Government as well as judgments by the Supreme Court. The introduction of the Personal Data Protection Bill, 2019 before Parliament was a watershed moment in the history of privacy rights in India. Further, as a direct result of the Supreme Court’s ruling on Aadhaar, the Government introduced changes to the legislative scheme surrounding Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (Aadhaar Act) to put in place more robust mechanisms for identity verification. Additionally, the Government rolled out regulatory initiatives relating to e-commerce, regulation of information technology intermediaries, and consumer protection.

The year 2019 also saw the introduction of a foreign direct investment (FDI) cap of 26% for circulation of news and current affairs through digital media. While it is not yet clear how this will affect news aggregators and intermediaries, it nevertheless is an important development in the regulation of online news media by the Government.

Government bodies also undertook consultation processes in various fields such as artificial intelligence, non-personal data, provision of cloud services, and other service providers (OSP) whose potential impact remains to be seen. The involvement of stakeholders in formulating recommendations on these subjects is a step forward in policymaking in the technology and telecommunication sector in India.


  • Technology and Data Protection
    • Personal Data Protection Bill 2019

      The existing legislative framework in India to address issues of privacy of citizens’ data comprises of the Information Technology Act, 2000 (IT Act) and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011. It covers some basic tenets for the collection, storage and processing of information about certain identified categories of ‘sensitive personal data or information’ of natural persons such as financial information and health data.

      However, after the Supreme Court recognised the privacy of individuals as a fundamental right under the Constitution of India and highlighted the need for privacy legislation in 2017, the Government set up a committee of experts (Committee) to look into the contours of such a law. The Committee came up with a draft Personal Data Protection Bill (2018 Bill) after expansive consultations in 2018. The 2018 Bill introduced the concepts of ‘data fiduciaries’ and ‘data principals’, as opposed to the more commonly used terms ‘data controller’ and ‘data subject’. It envisages a fiduciary relationship between the data fiduciary and data principal wherein the data fiduciary must act in the best interest of the data principal. Any natural person whose personal data is collected was referred to as the ‘data principal’ and the entity that determines the purpose or means of processing this data was referred to as the ‘data fiduciary’.

      After the 2018 Bill, the Government conducted a series of consultations and a revised Bill (2019 Bill) was released in December 2019 and is currently placed before a joint parliamentary committee for examination and stakeholder consultation is underway. The 2019 Bill introduced several important changes to the 2018 Bill, as follows.

      Data Localisation

      The 2018 Bill required the storage of a serving copy (which can be interpreted as a live copy) of all personal data (PD) covered by the Bill, on a server or data centre located in India. It also mandated the processing of ‘critical personal data’ (CPD) only in India. Further, even data that did not fall within this category could only be transferred outside India subject to satisfaction of specific conditions. However, the 2019 Bill does not mandate localisation of PD that does not qualify as sensitive personal data (SPD) or CPD. Moreover, it provides that with the explicit consent of the data principal and the satisfaction of specific conditions, SPD may be transferred outside India for processing. However, such SPD will have to be stored in India as well.

Download PDF to read more

Subscribe to our Knowledge Repository

If you would like to receive content directly in your inbox from our knowledge repository, please complete this subscription form. This service is reserved for clients and eligible contacts.


    Under the rules of the Bar Council of India, Trilegal is prohibited from soliciting work or advertising in any form or manner. By accessing this website,, you acknowledge that:

    • You are seeking information about Trilegal of your own accord and there has been no form of solicitation, advertisement or inducement by Trilegal or its members.
    • This website should not be construed as providing legal advice for any purpose.
    • All information, content, and materials available on this website are for general informational purposes only.
    • Any information obtained or material downloaded from this website is completely at the user’s volition, and any transmission, receipt or use of this website is not intended to, and will not, create any lawyer-client relationship.
    • Information on this website may not constitute the most up-to-date legal or other information. Trilegal is not liable for the consequences of any action taken by any person based on any material or information available on this website, or for any inaccuracy in or exclusion of any information or interpretation thereof.
    • Readers of this website or recipients of content or information available on this website should not act based on any or all such content or information, and should always seek advice of competent legal counsel licensed to practice in the appropriate jurisdiction.
    • Third party links contained on this website re-directing users to such third-party websites should neither be construed as legal reference / legal advice, nor considered as referrals to, endorsements of, or affiliations with, any such third party website operators.
    • The communication platform provided on this website should not be used for exchange of any confidential, business or politically sensitive information.
    • The contents of this website are the intellectual property of Trilegal.

    We prioritize your privacy. Before proceeding, we encourage you to read our privacy policy, which outlines the below, and terms of use to understand how we handle your data:

    • The types of information we collect and why we collect them.
    • How we use your information to provide a personalized experience.
    • The measures we take to ensure the security of your data.
    • Your rights and choices in managing your personal information.
    • How we may share information with trusted partners for specific purpose.

    For more information, please read our terms of use and our privacy policy.

    Up arrow