Vulnerabilities to Data privacy not just constrained to State players

ForumIAS announcing GS Foundation Program for UPSC CSE 2025-26 from 10th August. Click Here for more information.


  • The apex court recently held that dangers to privacy in an age of information can originate not only from the state but from non-state actors as well.
  • Capacity of non-state actors to invade the home and privacy also poses an alarming threat

What is Data Protection under the Indian legal system?

  • The Indian constitution has provided the law relating to privacy under the scope of Article 21. Its interpretation is found insufficient to provide adequate protection to the data.
  • In the year 2000, effort has been made by our legislature to embrace privacy issues relating to computer system under the purview of IT Act, 2000.
  • This Act contains certain provisions which provide protection of stored data. In the year 2006, our legislature has also introduced a bill known as ‘The Personal Data Protection Bill’ so as to provide protection to the personal information of the person.

Does India have a Data Protection law in place?

  • Data protection law in India is currently facing many problem and resentments due the absence of proper legislative framework.
  • The theft and sale of stolen data is happening across vast continents where physical boundaries pose no restriction or seem non-existent in this technological era.
  • India being the largest host of outsourced data processing in the world could become the epicenter of cybercrimes this is mainly due absence of the appropriate legislation.

Why is Data protection crucial?

Growing Prominence

  • There is an unprecedented amount of personal data available with Government and Private Sector Players.
  • Digital India, Aadhaar and Demonetization drives have added to the already growing pool of personal data with various public and private players to pursue their activities

March of digitization

  • With rising cybercrime and data breaches, and absence of strong data protection regulatory framework ensuring consumer protection and right to recourse, individuals tend to resort to non-electronic means for transactions.
  • With the Digital India roll-out, push on digital payments, rising e-commerce penetration, and an unprecedented number of platforms and services transacting PII of individuals, a stronger data protection regime is a must to foster trust in the data ecosystem

Insufficient regulatory protection

  • The Information Technology (IT) Act 2008 Section 43A Reasonable Security Practices and Procedure rules are not a substitute for a data protection regime.
  • Most government departments and agencies are not “body corporate”, and hence beyond the remit of Section 43A compliance requirements.

Share in global digital trade

  • Cross-border data flows are increasingly becoming a key determinant for claiming a country’s share in the global digital trade.
  • Countries are enacting new data protection regulations or amending existing laws, developing multilateral trade agreements concerning data flows (Trans Pacific Partnership, Transatlantic Trade and Investment Partnership).
  • Nasscom-DSCI’s vision to establish India as a cybersecurity hub or as a cloud hub could be constrained because of an inadequate data protection regime.

How is Government dealing with the Issue?

  • The Information Technology Act, 2000 has recently been amended to meet challenges in cyber crime, the amended Act is yet to come into force, it has introduced two important provisions that have a strong bearing on the legal regime for data protection.
  • The Government of India is cognizant of the growing importance of data protection in India. The need to ensure growth of the digital economy while keeping personal data of citizens secure and protected is of utmost importance
  • The Supreme Court said the introduction of a “carefully structured” data protection regime and its contours were matters policy matters to be considered by the Centre.
  • The government has already indicated in the court that the committee would be framing a data protection Bill similar to the “technology-neutral” draft Privacy Bill submitted by an earlier expert committee led by former Delhi High Court Chief Justice A.P. Shah to the Planning Commission of India in 2012.
  • Ministry of Electronics and Information Technology would work with the panel and hand over all necessary information to it, after which the panel will start its discussions.


  • India needs to have a legal framework that meets with the expectations, both legal and of a public nature, as prevail in the jurisdictions from which data is being shipped to India.
  • In practical terms the biggest hurdle is for India to have its framework of domestic data protection laws officially ruled and publicly perceived as “passable”
  • The data protection law should be equally applicable on public and the private sector
  • Personal information is not only being held by the Government. It is increasingly being held by private players such telecom companies, banks.
  • The law should ensure that the service providers providing a medium of exchange of data for personal reasons shall be bound not to disclose or use such information.
  • There is a need to have standards for maintenance of records with respect to processing of data, method of notification of data breach and standard operating procedure in case of such breaches.
Print Friendly and PDF