WhatsApp and Facebook
WhatsApp and Facebook

Is India likely to have a Data Privacy Legislation soon? Private Member’s Bill introduced in Parliament

Varun Marwah

Recent reports suggest Reliance Jio’s user data was breached, jeopardising the personal details of its 120 million subscribers, including their Aadhaar details. While Reliance has claimed that the information is (prima facie) unauthentic and investigations are still underway, this incident has once again underlined the debate over the Right To Privacy.

While the issue is being debated before a 9-judge Bench of the Supreme Court of India, (Justice KS Puttaswamy (Retd.) & Anr. v. Union of India & Ors ) it is relevant to take a look at the importance of having a legislation that protects data privacy, and the government’s efforts (or lack thereof) to make the same a reality.

The challenge to Whatsapp User Policy, which is also pending in the Supreme Court, is on hold until there is a final word on the right to privacy.

In today’s day and age, every digital transaction that we undertake leaves a digital footprint which will stay forever, and this is not something which should be taken lightly. While we have already ceded rights to absolute privacy by granting permissions and sharing heaps of personal information with social media sites and apps, the only way to protect this information which is floating in the cloud is a legislation that recognises the value of such data and penalises its theft/misuse.

In this context, last year in March, questions were raised in the Rajya Sabha to the Minister of Communications and Information Technology, Ravi Shankar Prasad about the government’s intention to introduce a law which seeks to safeguard citizens’ privacy. His response included a brief reference to the provisions (Section 43, 43A and 72A) of the Information Technology Act, 2000, which already deal with the subject to some extent.

He also explicitly stated that the Government had initiated the process of drafting a privacy legislation. Just one year later though, questions were raised again as to whether any amendments to the Information Technology Act to secure data privacy were in the pipeline. This time, any such plan was denied.

Interestingly, just this year while the WhatsApp case was being argued at the Supreme Court, then Attorney General Mukhul Rohatgi had informed a Constitution bench that,

The Centre is actively mulling data protection regime through a legislation. The law is likely to be enacted by Diwali. 

However, despite the government having made these (inconsistent) claims in the Parliament and the Apex Court, there has certainly been no circulation of any draft bill for public consultation so far. Apar Gupta, a Supreme Court lawyer who works on data privacy issues, has also pointed this out time and again, as is evident from his tweet(s) below:


Previous efforts by the government at establishing privacy failed to yield any results, leaving one to question its very intention. The first effort at establishing this right was the Privacy Bill, 2011 which got “leaked in the public” before another updated version was released in 2014. Neither was there any public consultation process initiated by the government in either of the two Bills, nor were they ever introduced in Parliament.

But things may (hopefully) change this upcoming monsoon Parliament Session. Baijayant Panda, of the Biju Janata Dal, will be formally addressing the subject of data protection this time, through a private member’s bill.

The Data Privacy and Protection Bill, 2017 (Bill), proposed by Panda, has been introduced in the Parliament already. The Bill has been drafted after conducting an extensive consultation process with various stakeholders including civil society groups, lawyers, as well as private companies. It also encapsulates the principles laid down in the Justice AP Shah report on privacy.

Watch the introduction of the Bill in Parliament below:

The Bill is based on the following three overarching principles:

  • Rights based approach: Specific contours for various aspects of personal data have been addressed, such as right of the individual to be duly informed, final determination, access and rectification of personal data, in order to have a robust data protection legal framework. These rights have been defined alongside a set of accurate and narrowly defined exceptions, as is the case for all rights, including Fundamental Rights.
  • Obligations of data controllers and processors: The Bill endeavours to provide proportionate and reciprocal duties for data controllers and processors to ensure effective enforceability of the rights of individuals, including the duty to fortify their security measures. The issue of breaches has also been addressed.
  • Judicial oversight: The Bill proposes a Data Privacy and Protection Authority, comprising judicial and technical members, which shall ensure compliance with the provisions of the Bill. This proposed Authority will have the power to penalise, imprison and order compensation to data controllers and processors for offences relating to non-compliance with the provisions of the Bill.

In today’s day and age where our personal data has become a resource as valuable as oil was a century ago, a safeguard in the form of a data protection law is desirable. If the Bill is able to gain enough momentum in the Lok Sabha, we may very well finally witness a data protection legislation in India, a much needed breather for the netizens of India.

Bar and Bench - Indian Legal news