Home » Data Privacy and India’s Emerging Data Policies

Data Privacy and India’s Emerging Data Policies

In today’s world, the usage of electronic devices has increased manifold, which has also caused subsequent increase in the amount of data available in electronic form. This data can include personal information such as name, age, religious or political views, sexual orientation, passwords, bank details etc collected from various individuals online which generally, anyone will refrain from sharing with strangers in real life. This list is not exhaustive, and each and every bit of information online is stored by a party who is not the actual owner of that information. 

Data Analysis is emerging as one of the most sought-after career options worldwide. A lot of companies derive their business from analysing ‘Big Date’ – ie, huge amounts of data collected from various individuals. For instance, targeted advertisements online are a result of the acquisition and processing of the target individuals’ data. Therefore, it becomes the responsibility of the party collecting and using any data of a sensitive nature from various individuals, to do it with proper authorization and permission from them. Also, the onus of any breach, deliberate or accidental, must lie on these collectors. This strategy is being followed in various parts of the globe, particularly in industrialized regions like the EU, where stricter policies regarding privacy are made and implemented.


For instance, in the European Union (EU), the General Data Protection Regulations or the GDPR are in place. These regulations for data protection reforms have been followed in the EU since 2018. The main objectives of these regulations are that organizations collecting and managing personal data should do it under strict conditions, thereby preventing the misuse and respecting the rights of individuals. Not doing so results in them facing penalties. Global giants such as Google and Facebook have faced penalties under these regulations.

In India, the Right to Privacy has been recognized as a fundamental right since a nine-judge bench decreed so in Puttaswamy v. Union of India in 2018. In 2019, the Personal Data Protection (PDP) Bill was introduced in the parliament by Ministry of Informatics and Information Technology, but it has not been passed yet. The bill was greatly influenced by the EUs’ GDPR framework, with similar objectives and strategies. It was, however, widely criticised for giving excessive power in the hands of government. Justice B. N. Srikrishna, the head of the advisory draft committee of the bill, has himself stated that as per the final bill, the “government can anytime access private or public data in the name of sovereignty and this can have dangerous implications.” The bill was also criticized at the international level, with allegations that it was a method to stifle the opposition, journalists, activists, and other individuals questioning the government.

The very recent case filed by WhatsApp against the Government of India in Delhi High Court in a related matter is an interesting addendum. The New IT Rules, 2021 (which passed in February 2021 and came into effect on 26 May 2021) require instances where WhatsApp will be mandated to trace the origin of certain messages, which contradicts WhatsApps’ end-to-end encryption policy and requires WhatsApp to store huge amounts of data, thus raising the infrastructural costs. Tracing the origins of a message will also infringe on the right to privacy of people as well, thereby violating an established fundamental right. In addition, critics argue that these measures will have a chilling effect on free speech, and that it could be used by the government against dissenting voices.

WhatsApp may have come forward to raise the issue for reasons of its’ own, but this gives us new grounds and ways to examine existing and proposed laws. It is imperative that citizens are made aware of new legislations being proposed and passed in the country and the benefits and troubles they may thrust on the general public. A fair balance must be maintained between allowing the state to combat cyber-related crimes and allowing democratic citizens to voice their opinions, however critical it might be.

Author: Imran Rizvi, Legal Intern at PA Legal.

In case of any queries, kindly contact us here.