Pegasus has given privacy legislation a jab of urgency

ForumIAS announcing GS Foundation Program for UPSC CSE 2025-26 from 26th June. Click Here for more information.

Source: Livemint

Relevance: Impact of the Pegasus spyware issue

Synopsis: Pegasus has shown just how easy it now is for governments to spy on people. Such tools being in wide use has given rise to calls for legislative action to keep them under democratic supervision.


In light of the Pegasus spyware issue, a need has widely been felt for legislation to deal with data protection and privacy in India. This issue is especially significant given that in the Justice K.S. Puttaswamy vs Union of India case of 2017, held the right to privacy to be an intrinsic part of the right to life and personal liberty under Article 21, and as part of the freedoms guaranteed by Part III of the Constitution of India.

Must Read: Pegasus spyware issues – Explained, pointwise
About Personal Data Protection Bill

Although the Indian government had introduced the Personal Data Protection Bill on 11th December 2019, it is yet to become law.

The bill is a diluted version of what that BN Srikrishna committee had proposed, as it exempts agencies of the central government from its application and empowers the government to direct data fiduciaries to submit personal as well as non-personal data of Indian citizens to it under Section 91.

  • Definition of data: What constitutes ‘personal data’ is defined under Section 3(28) of the bill to mean data that directly or indirectly identifies a natural person, or relates to any characteristic, trait or attribute of such a natural person, but there exists no definition for non-personal data.
  • Sections related to personal data breaches: Personal data breaches are addressed under Section 25, which imposes a duty on the data fiduciary to inform the Data Protection Authority of India (DPAI) in case of any breach of personal data that may cause harm to the data principal.
  • Duties of the DPAI: The duties of the DPAI have been laid down under Section 41, which are to protect the interests of data principals, prevent any misuse of personal data, ensure compliance and promote awareness about data protection.
  • Independence of DPAI: Despite the safeguards, there exist concerns about the independence of the DPAI.
Read here: Analysis of PDP Bill
Way forward

With advancing technology, the ability of governments and private actors to intrude into the private lives of individuals will expand further. Additionally, on the pretext of terrorism and national security, governments around the world have blurred the lines of reasonable surveillance and data collection.

Hence, in the larger scheme of things, states need to adopt national laws that not only deal with data protection and privacy, but also educate people of risks related to identity theft and fraud in the digital world.

Terms to know:

Print Friendly and PDF