Privacy is an actively evolving right in India under the actions of multiple organs of the government - the judiciary, the executive and the legislature. While we still do not have a data protection law, different parts of the executive have been active in conducting consultations on the topic.
On 27 July 2018, Justice Srikrishna Committee released its report and a draft personal data protection bill. Earlier, the Supreme Court of India had passed a judgment recognizing a fundamental Right to Privacy under Article 21 of the Constitution of India.
The Telecom Regulatory Authority of India released its recommendations after an open consultation regarding data privacy and data protection in the telecom sector.
Mr. Baijayant ‘Jay’ Panda, a member of Parliament, tabled a private member’s bill on the issue of data privacy in front of the Parliament.
The Ministry of Health and Family welfare has conducted a consultation on the National Digital Health Blueprint in mid 2019.
Apart from these initiatives, there is the existing body of legislations that affect the right to privacy; primary among these is the Information Technology Act, 2000 and The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 under Section 43A of this Act. This post is meant to provide some clarity for what each organ of the government is doing and what it means for your privacy.
Jump straight to: Judiciary | Executive | Legislature
- The Telecom Regulatory Authority of India ran an open consultation on what should be the future of data privacy and data protection in our country. TRAI released its recommendations on 16 July 2018. Also available for your reading: our comments, our counter-comments and everyone's comments and counter-comments.
- A nine member expert committee chaired by a former Supreme Court judge was formed by the Ministry of Electronics and Information on 31 July 2017. This committee was tasked with identifying key data protection issues in India and recommending methods to address them.
The Committee released a white paper on 27th November 2017, inviting public comments on various topics pertaining to formulate a data protection framework. The Committee accepted comments up to 31 January 2018.
On 27 July 2018, the Committee submitted its Report titled Data Protection Committee - Report (A Free and Fair Digital Economy | Protecting Privacy, Empowering Indians) along with a draft Bill titled The Personal Data Protection Bill, 2018. We've made a summary of the bill and a brief analysis of the bill.
- The Department for the Promotion of Industry and Internal Trade released the Draft National E-Commerce Policy on 23 February 2019. We submitted our comments to DPIIT.
- The Ministry of Health and Family Welfare released a report on National Digital Health Blueprint on 15 July 2019. On 04 August 2019, we submitted our comments to the Ministry.
There are multiple on-going litigations challenging the legality of Aadhaar and its various aspects. Aadhaar is a twelve digit unique identity number for residents of India. This identity contains demographic information such as name, address, date of birth and phone number, and biometric information including iris scans, fingerprints and photograph. The project has been integrated into various government and private programs including banking, health, filing of taxes, obtaining benefits under welfare schemes such as food distribution and gas subsidy, and more than a hundred other things. Over two dozen petitions against Aadhaar are being heard by the Supreme Court of India, and more new cases are being filed regularly. The Supreme Court has been clubbing all petitions challenging Aadhaar with the case of K. S. Puttaswamy and Ors. v. Union of India and Ors. [W.P.(C) 494/2012].
On 24 August 2017 a nine judge bench of the Supreme Court of India passed a judgment in the case of K. S. Puttaswamy recognizing a fundamental Right to Privacy under Article 21 of the Constitution of India.
Privacy had long been a hotly debated issue, with the Government openly declaring that the citizens of India do not have a right to privacy. Previous judgments were conflicted on this issue. This unanimous judgment was delivered by a nine judge bench. In the Indian judicial system, a judgment passed by the Supreme Court of India can be overturned only by a higher number of judges. So, a judgment passed by a nine judge bench can be overturned only if a bench of more than nine judges hears a privacy related case and decides that India does not have such a right. The only other way that the right to privacy can be revoked would be to amend the Constitution of India - an action that would require an extremely strong support from the government, and would still be vulnerable to being challenged in front of the Supreme Court.
Article 21 can be suspended only through procedure established law. Now that this nine judge bench has recognized that there is a right to privacy in India, any law passed by the government or any action taken by the government would have to be made considering the fact that Indians have this essential right, and that the right must be respected. If the government wants to violate this right, then the government needs to consider whether its objectives can be achieved in an alternative way without violating the right to privacy. Privacy can only be violated for a compelling state interest, and even then, the violation of privacy needs to be proportional to the objective of the government. The government has a duty to proactively take measures to protect privacy.
Older legislations, rules, regulations, orders and judgments that violate privacy can now be challenged in court. This has already started happening in the form of a challenge to Section 377 of the Indian Penal Code.
For more information, take a look at our FAQ on the Right to Privacy Judgment.
- Member of Parliament Baijayant 'Jay' Panda on 21 July 2017 introduced a private member's bill in the Lok Sabha - the lower house of the Parliament of India. The bill contains various provisions that strengthen privacy and data protection and follows the majority of the principles laid down in the A. P. Shah committee report. A private member's bill is a bill introduced in Parliament by a member of Parliament that is not a minister. As of 2015, only 14 private members' bills had passed since the India's independence.
- A draft Personal Data Protection Bill was released for public consultation by the Ministry of Electronics and Information Technology in 2018. The Bill has not been tabled in the Parliament yet.