Authors: Rishab Bailey and Trishee Goyal
The Personal Data Protection Bill, 2018 (PDP Bill) uses the concept of a fiduciary relationship to protect personal data of individuals. However, this requires significant stretching of the concept to enable its use as a generic data protection framework. While the PDP Bill does cast various obligations on entities that could be seen as being similar to the duties in a fiduciary relationship, the standards of loyalty required by the draft law are extremely low, there being no requirement for the data fiduciary to act in the interests of or for the benefit of the data subject. Overall, the fiduciary framing in the draft law appears largely cosmetic. The law does not deem data processing entities to be fiduciaries, and further does not implement any particularly novel rights or obligations that draw from the fiduciary concept.