Data protection culture in India adequate?

“The Indian legal system has failed to address data protection and has not even begun addressing privacy laws while the rest of the world has moved way past us.

Published: 01st August 2020 04:31 AM  |   Last Updated: 01st August 2020 04:31 AM   |  A+A-

For representational purposes

As laid down in retired Justice BN Srikrishna’s words, “The Final Privacy Bill could turn India into ‘Orwellian State’.” The economy is slowly recovering from the global pandemic and after much hiccups, the Joint Parliamentary Committee (JPC) held a meeting on Monday to review the issues arising out of the Personal Data Protection (PDP) Bill, 2019.

The Committee had been constituted in September 2019 by the Ministry of Electronics & Information Technology (‘MEITY’) to deliberate on Data Governance Framework. In 2020, India’s active online platform users stands at 1.3 billion and the scenario has obligated the government to establish a data protection law in India to address the lacunas that the Information Technology Act, 2000.

“The Indian legal system has failed to address data protection and has not even begun addressing privacy laws while the rest of the world has moved way past us. Our dependence on such laws which are no more than relics is stifling not only the e-commerce domain but also harming the basic protection that should be offered to consumers too”, an industry expert stated. The Data Protection (Draft), 2018 had too many safeguards, while on the other hand the PDP Bill, 2019 has fewer safeguards, making it even more dangerous in its operability. It essentially gives government the power to access private data or government agency data on grounds of sovereignty or public order.

This raises a huge red flag on how the right to privacy would be guaranteed to all citizens. The data protection problems germane as the Hon’ble Supreme Court on September 26 2018 had delivered a unanimous verdict in Justice K.S. Puttaswamy v. Union of India, affirming that the Constitution of India guarantees each individual a fundamental ‘Right to Privacy’.

The issue which has drawn flak from the citizens pertain to the supreme power bestowed by the government to exempt itself. Clause 35 of the PDP Bill grants government the wide power to exempt any agency of government from application of the Act for the purpose of processing citizens’ data and has also granted liberty to take steps if satisfied that same is ‘necessary and expedient’ for maintaining the integrity and sovereignty of India, or for maintaining friendly relations with foreign states and public order. It draws a stark contrast with the draft presented by retired BN Srikrishna in 2018 as it only exempted the processing of data if it “is in the interests of the security of the state” relying on the conditions laid down in Puttaswamy judgment.

The current proposal seems as if the government is the party, judge and adjudicator of its own cause which dilutes the very purpose of having a centralised privacy act and the road block is not limited to clause35 only. “The problem with respect to clause 35 is that it is opening room for abuse of powers. There is absolutely no transparency and accountability towards the use of the relevant data as the ultimate target/ citizen in question would never know how their personal data is being used by the Government. In a way it is negating the enjoyment of personal privacy and other digital liberties”, an advocate working with a legal firm stated.

Now that the Commi t tee is scheduled for a meeting in August, certain questions still need to be pondered into. What if the exemption is granted to Unique Identification Authority of India (UIDAI), one of the largest collectors of personal data? Wouldn’t be giving unrequited power to government undermine the adjudicating power given to the Data Protection Authority? It’s like all of us are sailing on an anchorless ship, with the captain having no idea about what to do.

The main focus in principle should have been on expanding the scope of privacy rights, rather it looks as if the bill is going the other way around. We need to draw more knowledge from where such laws are already being enforced and take the aid of industrial specialists who are better equipped to handle the legal lacunas we might face. As a country of 1.3 billion citizens, we owe it to ourselves to expect better governance and a reassurance that our constitutional right to privacy will always be protected.

TMT lawyer based out in Delhi

(The writer can be reached at

Stay up to date on all the latest Opinions news with The New Indian Express App. Download now


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp