You are on page 1of 8



The statement of problem for the issue that is being researched in this dissertation is that the
absence of any concrete Data Protection and Data Privacy legislation in India. This dissertation
mainly focuses on the Privacy (Protection) Bill, 2013 drafted by Center for Internet and Society.
This dissertation has critically analyzed the merits and demerits of the mentioned bill and how
its a giant step if enacted in filling the void presently created by absence of any such statute.


The postulate conceptualized in this dissertation is the absence of any enactment pertaining to
Data Protection and Data Privacy in India. The problem perceived has varying consequences on
the Indian economy. India, in the early 1990s liberalized its economy which led to increase in
trade and commerce. And with the age of digitalization, e-commerce became a trend. This
generally is transfer of sensitive data from one country to another. For India, to be part of
international trade and commerce has to project an image of a country where data protection is a
prime concern. Since India right now is not a country where there is any data securitization,
hence there is urgency for such enactment to attract countries towards India which are
apprehensive about conducting business here.

Due to absence of such data privacy laws, cyber crime is also a growing menace. To curb cyber
crimes, interception of communication and unlawful usage of data by government we need to
have a stable act that defines all this and provides adequate remedies for such offences.


The main objective is to highlight the issue of inadequate Data Protection Laws in India by
studying the existing laws prevailing. The second objective is to present recommendations that
will set the image of India as a Data secure nation and where Data Privacy is valued. The third
objective of this project is effectively outlining the need for a concrete legal framework to
facilitate trade from foreign countries. The fourth objective of this project is to present
amendments in already existing Data Privacy and Data Protection enabling laws so that they
stand at par with legislations of other countries and are effective in nature.


The form of methodology used in this dissertation is Doctrinal Research. The data protection and
data privacy laws form the backbone of this research hence the existing Indian laws have been
scrutinized in this project to reach a conclusion that they are inadequate and India needs a stable
legislation on Data Protection and Data Privacy.

Once assessing the applicable regulations, a full overview account of both notified regulations as
well as regulations proposed by non-governmental authorities
have been kept in mind.
Further the privacy principles have been discussed and the critical analysis of regulations has
been done from its perspective since it is the fundamental structure of the postulate being
researched in this project.

In the course of researching on the issue at hand all the forms informal administrative structure,
precedents, customs and views or suggestion of the general public were kept in mind.
Researcher has tried to justify the postulate and reach the desired conclusion.

Researcher hopes, since there is very less research done on this particular essential issue, his
work would help in providing some effective solution.

Draft Privacy (Protection ) Bill, 2013 by Center for Internet and Society


The conclusion has been divided into two parts: - Challenges faced by India due to absence
of Data Protection and Data Privacy legislation and Reforms that could be introduced in
various spheres of business to secure data.


5.1.1. Legal Challenges

As per Indian setting there is an absence of adequate privacy protection enactment due to
which it is greatly troublesome to guarantee insurance/protection of privacy rights. At the
same time without particular regulations there are some substitute enactments or
occurrence protects which the administration is utilizing for privacy reason. Some
legislative framework that gives aberrant backing to privacy concerns in India, in the
same way are:

Article 21[13], Indian Constitution,
IT Act 2000 ,

Indian Contract Act 1872,

Indian Penal Code,

Indian Copyright Act,

IT Act 2000, Gazette of India Part 2 Section 1,
Indian Contract Act 1872, ACT No. 9, 1872
The Indian Penal Code 1860, ACT No. 45, 1860
Indian Copyright Act 1957
Consumer Protection Act 1986 ,
Specific Relief Act 1963
Indian Telegraph Act.

Ambiguities in the legal frame work for privacy in India:
There is not any adequate law which deals with the privacy issue in details and provide
safeguards for the same, rather privacy issues are still dealt through the backing of certain
proxy/substitute laws.There is no proper division of Data as Sensitive Data, Personal Data,
Public Data.
None of the existing regulations discuss in relation to the responsibility for
personal,sensitive, delicate data There is no defined technique of making, preparing
transmitting and putting away the data. Absence of particular rules that characterizes the Data
standards, Proportionality and Data Transparency. No structure or arrangements to deal with
the problem of cross-border transfer of data from one country to another.

In this time of data innovation and information technology such clauses in codified
enactments can't be overlooked and can prompt some extreme weakness loss for an
individual and Nation as well.

5.1.2. Technical Challenges

Globalization and digitalization in India has brought changes in the species of information
and data definitely. Now data is more readily available, versatile and helpful. In the Present
scenario not only corporate area but the government segment as well as every individual need
to be dexterous and brilliant. Despite the fact that it has made our life simple, quick and
developed , however there are certain adversities presents that act like some unforeseen
pandemonium and uncover our private life.

A rundown of technological advancements that have certain affect that they can alter privacy
Biometrics (Radio frequency identification (RFID)
Smart cards
Voice over Internet Protocol (VoIP)
Wireless technologies
Location detection technologies (like Global Positioning Systems)
Data-matching and data mining technologies
Surveillance Technologies

With the evolution of Computer Technology, the capacity to save unlimited measures of data
but additionally the capability to consequently bifurcate, concentrate and differentiate
information. Data matching is the methodology of data mining i.e. taking a look at specific
things of data or at pattern inside data as pointers of a specific trademark or characteristics,
propensity or conduct. Data-matching represents a specific danger to personal privacy in
light of the fact that it includes examining data about extensive amounts of individuals
without former reason for suspicion. This space gets more significant when information ware
houses are overseen by outsiders like BPO and so forth.

Various specialists pertaining to the stream of Internet security and privacy say that "There is
no such thing as security; "Protection is overrated need to find better solution" and the
reason being Web instruments like cookies, internet loggers and hackers can make the
personal data easily accessible thereby creating a helpless situation.

5.1.3. Political and Social Challenges

Every innovation requires solid backing of assets for its fruitful and advantageous usage. In
political challenges I am discussing individuals variable who are stakeholder for a given
technology. Information Technology regulations suggests that individuals are the most
susceptible connection in data Security.

In the Indian situation, individuals role is most important and fundamental part, individuals
are the makers of the policy. They choose to immediate the way for any advancement.
Despite the fact that to establish the safeguards for personal data is not at zenith in our
surroundings, in light of the fact that individuals dont make a big deal about their security or
privacy and till now there is not a single scam that straightforwardly affect on privacy or
protection however there is very old and true saying that its better to be safe than sorry.

Significant outsourcing work of various corporate cells are from that countries that have
actualized codified regulations and administrative structure as arranged statutes like all
Europeans nations take after Data Protection Act, 1998. They work together in India simply
on the grounds that venture expense is low.

There majority of disputes are still in process in district courts on grounds of violation of
right of privacy and blatant disregard for trust.

The mass media assume a paramount part in vote based system to make individuals mindful
about data identified with government arrangement and what the problems individuals suffer
from. However, now on daily basis the print media, television media, they all infringe on
private lives of the people , nobodys private data is safe anymore.


India now has resorted to unique innovations by adopting the new pattern of interfacing
individuals utilizing long range interpersonal communication locales like Orkut, Facebook,
Twitter and so on and on these platforms we discover individuals of same vested party such
as group or society. These groups/societies comprise individuals impart the data of most
recent occurrence; they express their perspectives and also reprimand on specific grievances.
All these exercises can lift delicate issue, which may prompt transferable, lopsidedness in the
general public. Blogs are progressively well known in today's reality. In writing web
journals, individuals tend to voice their feelings and perspectives in broad daylight and under
administered area. So its a possibility that personal data can be altered and its unique
expectation may be lost.

In the Indian work culture it is very necessary to adopt a legislation which clearly defines the
guidelines for information in different phases. A kind of legislation which covers all the
important measures and safeguards meanwhile considering the threat to privacy and also try
to remove vulnerability and lacuna existing in the system.
This proposed framework will not only reduce the risk to privacy to the appetite level but
also reduce its impact. This framework for privacy protection can be categorized in four
phases such as Data Access, Data Process, Data Security and lastly Data Collection.
The initial step of privacy protection start with data collection which should be implemented
by the top most authority further the duly appointed agency should only collects the
information, and it should be collected for lawful purpose only, the personal data should be
relevant and adequate and not unnecessarily excessive and should also mention the purpose
of information.
Secondly, after data is positively collected it shall be accurately stored and should also be
updated on a regular basis and appropriate technical and organizational measure should be
taken in view. Media is one of the most active medium that circulates data on hourly basis.
This a matter of concern and there should be laws to regulate the quantity of personal data to
be aired.
After liberalization, India has become one of the fastest growing economy in the world
attracting large amount of outsourcing work. Hence there should be regulations for secure
transfer of data from one country to another. Also the corporate house should be bound by
laws where they have to take proper and due care of data. Employees personal data should
be protected. With the advent of technology, even medical science has grown by leaps and
bounds. In medical field persists a variety of sensitive data the needs protection. There is an
urgent need to protect DNA data of individuals and there accessibility of it to others should
be limited.
One of the best features of the growing Indian economy is that majority of its business are
now being conducted electronically. Therefore to facilitate this mode of business, there needs
to be legislation that effectively defines and outlines how such transfer of data should occur.
Cultural heritage of India is vast and therefore attracts a huge amount of tourists. There shall
be regulations which safeguard the personal details of the people visiting in India. People
should have a choice to have their personal data be erased at will. Their personal data should
be futher passed or used for illegal purposes. Information pertaining to their vital financial
statistics should guarded safely or removed from databases when such tourists leave
India.The most important sector for reform is the surveillance conducted by government.
There is should be strict guidelines in the enactment and it should solely not be governed by
constitution. Government should not resort to collecting personal data of citizens at every
instance claiming national threat. There should be set proper guidelines.