top of page

Data Protection in India


Information Protection cites to the arrangement of, strategies, security laws and systems that plan to limit the interruption into one's privacy brought about by the collection, storing and circulating personal information. Personal information in general refers to data or information which can identify with an individual or who can be recognized by that data or information which was taken by any Govt or any private association, or any other third party.

The Constitution doesn't obviously acknowledge the right to protection of data. But, courts have included the right of privacy to already existing FR (Fundamental Rights) , ie, freedom of speech/expression under the 19(1)(a) Article right to life and individual freedom under the 21st Article of the Constitution. Notwithstanding, the rights mentioned above under the Constitution of India are relied on sensible restrictions given under 19(2) Article of the Constitution. Recently, in the final decision of Justice K S Puttaswamy and Anr. v/s Association of India and Ors., the Hon'ble SC has held that the Right to Privacy is principal right. But it is a subject to few sensible restrictions.

India is not a part of any organisation on data protection which is comparable to the General Data Protection Regulation or the Data Protection Directive. In any case, India had adopted other global associations like the UDHR (Universal Declaration of Huma Rights) and the International Covenant on Civil Rights and Political Rights, who perceive the privacy right of an individual.

While the IT Act, 2000, contains arrangements in regards to digital and related IT laws and rules in India shows the extent of how much access that a persons or organisations data might be on the PC, The framework or organization, the rules of the IT Act don't acknowledge the requirement of rigid information security rules/law to be set up.

India has likewise not yet authorized legislation on protection of data. Nonetheless, the Indian lawmaking body revised the IT Act, 2000 to incorporate section 72A & 43A, which mentions ‘right to be compensated’ in instances of unethical publishing of private data. The central governing body accordingly gave the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (the "Rules") under Section 43A of the IT Act. A report for the above-mentioned rules was given on 24th Aug, 2011. These rules which were added have forced extra necessities on businesses in India which recognises with the collecting & disclosing of personal data which are a bit same with the General Data Protection Regulation and the DPD.

The IT Act, 2000 has lately amended to address difficulties in cyber crime, the changed Act is yet to come into play, it’s been presented two important sections which have a solid bearing on the legitimate system for protection of data. These are segments 72A & 43A, embedded into it by the updated Act.

Data protection in India

Information Protection is essentially the act of setting up certain principles and guidelines to ensure the individual data and ensure that the information is shielded from outside sources. The sharing of that specific information relies on the proprietor or the overseer of the information and nobody can mediate in the middle. The inquiry here emerges that whether the public authority ought to have the power to get to the personal information of any person in lieu of National security or should it be dependent upon sensible limitations. These inquiries are chosen via authorizations by the enactment. It merits referencing here that since the innovative headways are creating with a speed, the laws should be refreshed consistently and a specific existing law can't fulfill the needs of the day.

Before 2019, India was not having a legitimate lawful structure as the IT Act, 2000 and the Personal Data Protection Bill of 2006 were not that good to satisfy the necessities since it depended on the European Union Data Privacy Directive, 1996. The real necessities of the Data assurance of the clients just as taking into note the protection as a principal perspective, it was in 2018 that the Private Data Protection Bill was presented in house.

important provisions presented via the Data Protection Bill are as per the following Section-14 expresses that the individual information can be prepared just whenever ordered by any law made by the parliament or any request or judgment of the court/council. Classifications of personal information have additionally been examined under Section-22 of this Act.

Reality of Data Protection

The IT Act, 2000 looks after with cybercrimes yet it doesn't explicitly make reference to information protection or security, which brings about an enormous proviso for cyber crimes. The display of cloning and stealing information from a gadget is referenced and is punishable by the law yet the act doesn't state anything about the web platforms that house information of its clients. Besides, no part of the Indian governing body makes reference to information protection or online information security in explicit, and it never really guarantee the security of information of the people on the web. Everything in this way relies upon the generosity of the suppliers.

In this way, entities have a likely way out if the official get included and there is a urgent requirement for an underlying arrangement. On careful analysis, it will turn out to be certain that dangers to information security are developing dramatically. The amount of information penetrates are rising and the chance of them diminishing isn't in sight. The assaults are from outside substances as well as from within also. Insider assaults are the sixth most noteworthy in number when information security infringement are noticed. This happens on the grounds that the workers can peruse each and everything, and the eyes of the organization are everywhere on your information. Indeed, even the most confided in platforms and search engines aren't protected any longer. In this way, information must be secured when just the client can have eyes over the information. Something else, with expanding innovation tech into our regular day to day existences, information security is only a worldwide myth.

Right to Privacy

Right to privacy is a major right, mentioned in 21st Article of the Constitution. This was certified by a bench of 9 judges of the SC in Justice K.S. Puttaswamy v/s UoI in the noteworthy decision dated 24th Aug, 2017. Where they proclaimed 'the right to privacy' as a necessary piece in Part 3 in the Constitution.

In any case, it added that according to all settled legal decree, "no Fundamental Right, including the Right to Privacy, is supreme and it is dependent upon sensible limitations. The necessities in the Intermediary Guidelines relating to the primary originator of data are an illustration of a particularly sensible limitation."

On this issue, IT minister Ravi Shankar Prasad has said, "the Government of India is focused on guaranteeing the Right of Privacy to every one of its residents and yet it is likewise the obligation of the public authority to keep up lawfulness and guarantee public safety."

One would ask why whether or not the privilege to protection could be a a principal right, it carried before a bench of nine-judges. In 2017, a bench of five judges in SC which was hearing on the Aadhaar Card case and its privacy, they said they needed a bench of 9-judges to initially choose whether data security is crucial, prior to settling on the case of aadhar card. The Attorney General of India in the Aadhaar card case had then contended a few SC decisions had perceived the privacy as a right, but, they wouldn't acknowledge the privacy rights was a major in the final decision given in the Kharak Singh case which was given through a bench of six-judges in the 1960 & M.P Sharma decision conveyed by a bench of eight-judges in the year 1954. Thus, it was important to comprise a bench of nine-judges to choose whether privacy is an essential right or not . The comprehensive explanation from the SC prompted a surge of drives by the public authority towards Data Protection Laws.

Present Laws in India Pertaining to Data Security

India doesn't have an independent data security law to ensure data given or got via speech/communication or taken in writing or in electronic method. However, is has to be made sure protection is present, which are been saved in a form of procedures & rules.

Well known sections are in the IT Act, 2000 (as updated by IT Amendment Act, 2008) Security Practices & Procedures & Rules of SDPI. It’s an essential legislation in India managing cyber-crime & online business. Rules of SDPI, proposes, just include information which is traded in computes or in other E-form and not those got through non-electronic or paper type.

Relevant Sections of the IT Act

43-A Section in IT Act takes a chance on a corporate entity, firm, single properitership etc, who are equiped or can handle any delicate information in a PC asset that it uses, has control over or uses to pay damages by compensating to the individual if there is any unfair losses or illegitimate addition to any individual caused as a result of the carelessness in carrying out and keeping up sensible security practices and techniques to ensure the data of the individual is protected

Section 72 of the Information Technology Act specifies that any individual who, while offering assistance or services under the contract of a legal agreement, has got his hands on any substance containing private information regarding an individual, and aim of causing & realizing that he might probably cause unfair misfortune & damage or loss to that individual, without caring for the assent of the individual & breach of legal contract, such substance to a different person, could be penalised by jail upto 3 years or with sum which could be 5,00,000, or with both.

IT Rules allow the privilege to people with respect to their personal data and make it required for any corporate body to distribute an online security strategy. It likewise gives people the option to get to and right their data and makes it compulsory for a corporate body to acquire assent prior to unveiling personal data with the exception of law requirement, which gives people the capacity to pull out consent.

The Protection of Data Bill, 2019

Following the SC's milestone decision in case of KS Puttaswamy, which concluded data security as protected right. The Ministry of Electronics and Information Technology (MEITY) set a ten part advisory group lead by resigned SC judge, B.N. Sri krishna for creating proposals for a Bill on of individual information protection. Subsequent work been done for one year, they (panel) presented its report named Fair Digital Economy: Security of Private data, & powering people, alongside the upcoming law on protection of information, the updated Protection of individual information bill in 2019, was presented alogside Shri. R.SPrasad, MEITY, in the LS on 11th Dec, 2019. As of now, the Bill is being analyzed by a thirty-part group of the Joint Parliamentary Committee (JPC) and is approached for introduce its analysis during the winter session meeting of the house in Dec 2020.


Protecting a person's information is fundamental to keep up the honor and poise of that individual and it is the obligation of the Government to ensure that it is remained safe. The online platforms which access the information of the people, for example, whatsapp and Facebook should guarantee that such information isn't abused or offered to different offices in spite of the laws made in such manner. Ultimately, it is the obligation of the residents also to ensure that they peruse and comprehend the data security policies prior to consenting to something similar and protect their information. Additionally, they should contribute in the improvement of the public safety by giving the information whenever asked by the public authority under any lawful commitment.








Name: Erathi Anudeep

Amity Law School, Mumbai.

9 views0 comments

Recent Posts

See All

I. BACKGROUND The advancement of internet trend has caused a shift in the business sector. Many business organisations have migrated to the internet realm of marketing and commerce, inc

Introduction Black’s law dictionary defines Double Jeopardy as: – A second prosecution after a first trial for the same offense. In India, protection against double jeopardy could be an elementary rig

INTRODUCTION Indian Parliament, in the preceding year passed three bills related to agriculture and farming, together known as the Farmers Bill. The Bills include The Farmer’s Produce Trade and Commer

bottom of page