Data Protection in India

Data protection in India:

  • In a digital world, in a smart city or smart home environment, human life is revolving around data, and law ideally should permit and facilitate every kind of data processing for the growth of digital driven economy

What is Data Protection?

  • Data is the information collected for reference or analysis
  • Data protection is the process of safeguarding data from misuse.
  • Such data could either be concerned with an individual, enterprise or even a government.

Need for data protection Law in India

  • Efficient management of data in the age of Big Data
  • Big data is a term used for voluminous and diverse data; traditional data-processing application software is inadequate to deal with them.
  • One of the major challenges to big data is information privacy which necessitates a robust data protection.
  • Right to privacy is now a fundamental right. The right to privacy encompasses the right to have data protected.
  • Check unauthorized leaks, hacking, cyber crimes, and frauds. Economic cost of data loss/theft is high


Indian laws with respect to data protection:

  • India does not have separate law on data protection.
  • Section 43A of the Information Technology Act provides a measure of legal protection of personal information.
  • Justice A.P. Shah Committee recommended a set of principles. 
  • Personal Data Protection Bill was introduced in Parliament in 2006, 2013 but not passed yet.


Draft data Protection Bill:

  • The Bill regulates the processing of personal data of individuals (data principals) by government and private entities (data fiduciaries) incorporated in India and abroad.  Processing is allowed if the individual gives consent, or in a medical emergency, or by the State for providing benefits.
  • The data principal has several rights with respect to their data, such as seeking correction or seeking access to their data which is stored with the fiduciary. 
  • The fiduciary has certain obligations towards the individual while processing their data, such as notifying them of the nature and purposes of data processing.
  • The Bill allows exemptions for certain kinds of data processing, such as processing in the interest of national security, for legal proceedings, or for journalistic purposes.
  • The Bill requires that a serving copy of personal data be stored within the territory of India.  Certain critical personal data must be stored solely within the country.
  • A national-level Data Protection Authority (DPA) is set up under the Bill to supervise and regulate data fiduciaries.



Challenges for data protection in India

  • India does not have specific law on data protection.A carefully formulated data protection law is necessary and must be cognizantwith international practices.
  • Server of major service providers and social networking sites are outside India.
  • India’s digital economy is largely governed by private data protection policies.
  • Infrastructure for information and data collection is not sufficient for monitoring.







Source: Hindustan Times