Data Privacy


Privacy of information is one of the most important things in today’s world. The possibility of our private information being extremely vulnerable is very real. The data might be online, financial, medical, residential or personal. Data privacy is important as theft of data may cause huge monetary losses. Data Privacy or Information privacy is a part of the data protection area that deals with the proper handling of data focusing on compliance with data protection regulations. It is centered on how data should be collected, stored, managed, and shared with any third parties, as well as compliance with the applicable privacy laws.

According to United Nations Conference on Trade and Development 128 out of 194 countries have put in place legislations to secure the protection of data and privacy. In India Personal Data Protection Bill seeking to provide for the protection of personal data of individuals and establish a Data Protection Authority for the same, was brought in Parliament in 2019 and was referred to the Joint Committee for further scrutiny.

Under Article 21 of the constitution of India (Right of life and personal liberty) and Article 19(1) (a) (Freedom of speech and Expression) the courts have read Right to privacy. Recently in the landmark case of Justice K.S. Puttaswamy (Retd.) &Anr vs. Union of India &ors [writ petition civil no.494 of 2012], AIR 2017 the constitutional bench of honorableSupreme Court has held Right to privacy as fundamental right. The Information Technology Act 2000 deals with issues relating to compensation and punishment incase of wrongful disclosure and misuse of personal data. Information Technology Rules 2011, deals with protection of ‘sensitive personal data or information of a person’ including passwords, financial information, physical, physiological and mental health condition, sexual orientation, medical records and biometrics.

The government had a committee of experts under the chairmanship of Justice B.N. Shrikrishna, former judge, Supreme Court of India to deliberate on data protection framework for India. The committee has supported its report and a draft Personal Data Protection Bill in July, 2018. The committee had examined wide gamut of issues in relation to protection of personal data. Summary of report submitted by the committee:

(a) Personal data is the data from which an individual may be identifies or identifiable, either directly or indirectly.

(b) The Bill sets out certain rights of the individual:

(i) Right to obtain confirmation from the fiduciary on whether its personal data has been processed,
(ii) Right to seek correction of inaccurate, incomplete, or out-of-date personal data, and
(iii) Right to have personal data transferred to any other data fiduciary in certain circumstances.

(c) The Bill provides for the establishment of a Data Protection Authority. The Authority is empowered to:

(i) Take steps to protect interests of individuals,
(ii) Prevent misuse of personal data, and
(iii) Ensure compliance with the Bill

(d) Processing of sensitive personal data is allowed on certain grounds:

(i) Based on explicit consent of the individual,
(ii) If necessary for any function of Parliament or state legislature, or, if required by the state for providing benefits to the individual,
(iii) If required under law or for the compliance of any court judgment.

(e) The Bill makes consequential amendments to the Information Technology Act, 2000. It also amends the Right to Information Act, 2005, and to permit non-disclosure of personal information where harm to the individual outweighs public good.

However this didn’t satisfied the people hence Indian Privacy code was drafted by 13 groups. It was highly influenced by the GDPR (General Data Protection Regulation) which was made by European parliament and the Council of European Union. It had 7 principles:

1) Individual rights are at the center of privacy and data protection
2) A data protection law must be based on privacy principles
3) A strong privacy commission must be created to enforce the privacy principles
4) The government should respect user privacy
5) A complete privacy code comes with surveillance reform
6) The right to information needs to be strengthened and protected
7) International protections and harmonization to protect the open internet must be incorporated

The Personal Data Protection Bill, 2019 was introduced in Lok Sabha by the Minister of Electronics and Information Technology, Mr. Ravi Shankar Prasad, on December 11, 2019. The Bill seeks to provide for protection of personal data of individuals, and establishes a Data Protection Authority for the same. The bill amis to provide for protection of the privacy of individuals relating to their personal data, specify the flow and usage of personal data, create a relationship of trust between persons and entities processing the personal data, protect the fundamental rights of individuals whose personal data are processed, to create a framework for organizational and technical measures in processing of data, laying down norms for social media intermediary, cross-border transfer, accountability of entities processing personal data, remedies for unauthorized and harmful processing, and to establish a Data Protection Authority of India for the said purposes and for matters connected there with or incidental thereto.

With the tremendous increase in data theft a bill for the same is the utmost necessity. According to UN’s report on Roadmap for Digital Cooperation 2020 more than 7,000 data breaches were recorded in 2019 exposing more than 15 billion records. Data is the oil of 21st century. In wrong hands data could spread hate speech, fake news and influence elections. India being one of the largest data generating country needs proper and affirm laws. Criminals can use personal data to defraud or harass users. Entities may sell personal data to advertisers or other outside parties without user consent, which can result in users receiving unwanted marketing or advertising. When a person’s activities are tracked and monitored, this may restrict their ability to express themselves freely, especially under repressive governments. As technological advances have improved data collection and surveillance capabilities, governments around the world have started passing laws regulating what kind of data can be collected about users, how that data can be used, and how data should be stored and protected. With so many online services in common use, individuals may not be aware of how their data is being shared beyond the websites with which they interact online, and they may not have a say over what happens to their data.


In many jurisdictions, privacy is considered a fundamental human right, and data protection laws exist to guard that right. Data privacy is also important because in order for individuals to be willing to engage online, they have to trust that their personal data will be handled with care. Organizations use data protection practices to demonstrate to their customers and users that they can be trusted with their personal data. The Personal Data Protection Bill, 2019 was introduced in Lok Sabha by the Minister of Electronics and Information Technology, Mr. Ravi Shankar Prasad, on December 11, 2019 for the same.

There should be limits to how much personal data can be collected. Personal data, when collected, should be accurate and related to the purpose it is being used for, for example: Uber is a transportation service and requires the location of its user in order to function and complete the task however if the application asks for contacts or access to gallery it is an unnecessary requirement. The use for personal data should be specified and data should not be used for purposes other than what was specified.

Data should be kept secure, personal data collection and usage should not be kept secret from individuals. Individuals have a number of rights, including the right to know who has their personal data, to have their data communicated to them, to know why a request for their data is denied, and to have their personal data corrected or erased.

By- Jyotshna Bhatt
Invertis University, Bareilly

Author: Jyotshna Bhatt,

Leave a Comment