• Legal Armor

Analyzing Data Protection In India

Updated: Jan 18


Law talks about privacy and ownership of the legal person’s life, their rights, etc. The moment we are born, or, even before we are born, the data starts to attach to ourselves, whether it be our parent’s name, our date of birth, time, and even our death. Such data guards the rights of an individual, thus protecting them against abuses, and the safety is ensured by the boundaries of the law. First, it was only limited to the physical world, but now we live in an era where people usually have dual lives; the one in natural reality and the other in the virtual reality.

We have no idea about the amount of digital footprint that we create once we enter the Internet. The series of information is left leaving behind the Internet while using it and includes what we’ve said, what people wrote about us, what we saw, where we went etc. Everyone has a social media account, an e-mail ID and as the technology improvises, most of them also have an electronic wallet or online banking. We are being tracked by our device with the location been identified every time, as the apps take our permission to use the microphone, our contact details, phonebook, etc. Avoiding the Internet is unimaginable. The series of questions raised here is that who owns our data? How is it being handled? What is the purpose if someone collects it?

Data Protection In India

The platforms that we allow access to, by clicking those terms and conditions’ tiny boxes without due considerations can shift the ownership from us to those respective websites and apps. The protection of data is surely taken care of by most of them but there should be some legal curtailments by which we can limit its usage and decide its rightful processors. In India, these areas have been left to be dealt with in vague ways. We have our Information Technology Act, 2000 to provide legitimacy to the cyber world and define cyber-crime. However, Data protection and confidentiality requirements are regulated only by a patchwork of sector-specific regulatory requirements. There’s a potpourri of things left unattended. The European Union's data protection laws have long been regarded as a gold standard all over the world. The purpose is to protect the fundamental rights and freedoms and to ensure the protection of personal data, which is being recorded by website cookies, web log files every second. Further-, online profiling is done to make money from it. There couldn’t be a better example than the E-commerce websites which immediately capture your online behaviour and start displaying ads all over the web pages you visit afterwards.

In India, on 17th August 2017, the Supreme Court proclaimed the Right to Privacy as the fundamental right and went ahead to include information privacy as its subset. This created coercion to bring about Data Protection Framework. The proposed law called the Personal Data Protection Bill, 2019 incorporates many elements of the EU’s General Data Protection Regulations. This includes taking consent before the collection of data, stating the purpose of its collection (Collection limitation), data localization, data portability, and appointing a person as head to oversee all this. If this becomes an Act, it has the potential to regulate all the current problems and set the liabilities for every organization to collect only the required amount of data because hoarding won’t help them much. This would make them accountable to the individual to which the data belongs.


There have been a few amendments in the bill and still, it hasn’t been passed. It is a bit controversial amendment, as the government is taking a keen interest in it and was criticized by few for making the Bill less citizen-centric. The Srikrishna Committee, under which the bill was headed, has tried to balance the fundamental rights and protection of data and the Hon’ble Srikrishna.J said “Categories around personal data must be hardwired and not be subject to the discretion of the government. If you don’t have that, you are creating an Orwellian state ".


Anushka Singh is currently pursuing Masters in cyber law and information security at NLIU, Bhopal.

They can be contacted at anushkagg09@gmail.com or http://www.linkedin.com/in/anushka-singh-598aa5179

Edited By: Swathi. Ashok. Nair


We at Legal Armor do not endorse the Authors' views and are in no way responsible for the said views. We are just publishing the Write-ups as blogs with just light editing, and are in no way responsible for any legal claims. Legal Armor shall not be liable for any plagiarized content.