This site is under development, some of the functionalities may not work properly.

Data Privacy Laws and Policy in India

By Lawfarm Team April 02, 2017

Need for Data privacy

We deal with an overwhelming amount of data every single day of our lives. A lifestyle centered on broadcasting one’s every act means that we’re now in a generation where no information is too much information and social networks are a way of life. The merits and demerits of such a lifestyle are not for this post to debate. Instead, we shall look at the effect this has on the privacy of our data. Is your private data truly private? Does the “End to end encryption” notification inside your Whatsapp chat window mean that your data will never be shared with anyone?  The answer to most of these questions is ambiguous at best. More often than not, it depends on what kind of privacy you expect. Truecaller makes your phone numbers visible to practically anybody with an internet connection. Google shares your usage statistics across the internet to ad service providers. On August 24, 2016, popular messaging app Whatsapp announced that it would share user data with its owner company, Facebook, which in turn is already home to vast amounts of personal data. The mobile operating system Android, which is used by over a billion people as of 2015, thrives on advertising revenue. The rise of neural networks which are a sort of quasi-artificial intelligence built upon analyzing and learning from personal data also means that your data is used by third parties.

How is the data used for advertising?

As the saying goes, there is no free lunch. None of the products mentioned above charge any fee for using them and yet provide unmatched social networking experiences. The caveat is that your data and usage history across the internet is tracked and used by these content providers to target you with specific advertisements tailor made for you. Have you ever looked at a product on, Amazon or Flipkart and then seen advertisements for the same product across multiple platforms including Facebook and Android? That’s good old targeted advertising at work. This raises the question of just how private our data really is and whether we have any laws in place to regulate such data privacy. The short answer is no. The longer answer, in true legal fashion, is that it’s a complicated situation.  Unlike the European Union which has taken a very strict and regulative approach to the privacy of user data, the Indian scenario is a bit of a mess.

Is data privacy essential?

A popular counter argument to why data privacy is important has taken the unusual form of “If you are doing nothing wrong, why should you care?” The problem lies in the fact that such a question presumes that only criminals would actively seek out privacy for themselves and that ordinary law abiding citizens have no use for data privacy. This is odd, considering how even the Apex court of the land has time and again debated on the right to privacy being a fundamental right. Data privacy is not a refuge meant exclusively for criminal elements seeking to plan their next act of crime. On the contrary, data privacy is important for every single person out there for the simple reason that their data is their own and the Government or any private body has no right to own or use such data unless due process of law is followed. When the Government seeks to make the Aadhar Card mandatory, it effectively demands to hand over of personal data which will then be stored in a collective database at which point it is practically asking for hackers to have fun with the personal data of the second most populated country in the world. The safety standards of the Aadhar database have been repeatedly questioned and one has to keep in mind that this is a time of extensive international cyber warfare, with limited scope for fixation of liability. We certainly require efficient legislation to regulate affairs as they are right now.

Legal safeguards to data privacy:

The Information Technology Act, 2008 should ostensibly cover such matters since we don’t have a data privacy specific law. However, it falls short of its motive as it provides a few clauses that aren’t comprehensive or extensive enough. Also, it covers only illegal access of data and doesn’t deal with data legally accessed by the companies mentioned earlier. Section 43 A of the act does allow one to claim damages in case sensitive data is mishandled by a company dealing with such data, but only if it leads to a wrongful loss or gain.  On the encryption side of things, the situation isn’t much better either. India came up with a draft encryption policy in 2011 that was so convoluted and self-contradictory that it was withdrawn in haste. The draft policy proposed that companies ought to present their encrypted communications to the authorities upon request and that such data would then be stored in plain text for up to 90 days. Yes, unencrypted and in plain text storage. The ridiculousness speaks for itself. India isn’t completely devoid of laws, however. The "Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011" exists to cover usage of sensitive data and privacy policies. On the flip side, however, the effectiveness of such rules under the IT Act upon companies based outside India is questionable at best.


The problem with such ambiguous and open-ended laws are that it leads to an environment of general insecurity and mass confusion. In a time when our Government is actively trying to present India as a go-to hub for foreign investment, does it bode well that we have no policy measures in place to ensure that confident client information belonging to corporates will remain safe and secure? If India is to reassure its citizens and investors that they will not be unfairly snooped on, it needs to come up with a detailed data privacy law that will protect its subjects both in India and abroad.



Tags: data privacy , law , hacking , email hacking , cyber lawyer

Default avatar
By Lawfarm Team
Licensed for years

Comments 0

Please Login or Register to Submit Comment

You may also want to read


RERA ,   Real Estate Regulation Act ,   builder dispute ,   delay of possession by builder ,   flat cancellation ,   refund ,   builder delay ,   law ,   RERA legal helpline ,   delay in service ,   deficiency in service ,  

What is RERA?

Real Estate Regulatory Authority popularly known as RERA is a newly implemented law - THE REAL ESTATE (REGULATION AND DEVELOPMENT) ACT, 2016 to ensure sale of plot, apartment of building, in an efficient manner and to protect the interest of consumers in the real estate sector. It...

By Lawfarm Team December 29, 2017