First principles should guide India’s privacy law

Source: The post is based on an article “First principles should guide India’s privacy law” published in the Live Mint on 17th August 2022.

Syllabus: GS 2 Important Provisions of the Constitution; Government Policies and Interventions for Development in various sectors and issues arising out of their Design and Implementation.

Relevance: Fundamental Right to Privacy and the Personal Data Protection Law

News: Recently, the Central government withdrew its Personal Data Protection Bill after four years of deliberation, while promising to put forward a revised version of the bill.


The Supreme Court 2017 judgment upheld the right to privacy as a part of fundamental rights to life and liberty.

Consequently, Justice B.N. Sri Krishna Committee was constituted which drew up a draft bill in 2018.

A bill was introduced in Parliament. The bill had a considerable weakening of safeguards like the Centre and its agencies were given sweeping powers to call up data at will.

Thereafter, Justice Sri Krishna flagged “Orwellian” risks in the bill introduced in the parliament.

A Joint parliamentary committee (JPC) scrutinized the bill. The JPC’s report suggested 81 changes and 151 corrections. Critics said the state agencies were given a free pass in the law and the stiff data localization and greater regulatory burden on digital players would dent the business environment that might choke innovation.

Why do we need a data protection law in India?

Indians live digital lives in large numbers for work, leisure, creativity, and commerce. This leaves a trail of data or information, known as the “new oil” of the digital economy.

Out of the three stakeholders—the individual, tech platform, and the government, involved in the internet’s design, individuals have the least control over their personal detail.

Cybersecurity concerns have increased in the recent past. For example, issues like data leaks and thefts, and politically motivated spying have become common.

Further, several Western jurisdictions have already enacted a data protection law. India cannot remain behind.

What should be the ingredient of the revised new bill?

The bill should be based on the 1st principle, i.e., individuals or citizens must be empowered with legal rights to their personal data. Further, personal data should be made accessible to others only for reasons that are fair, transparent, and legitimate.

The 1st Principle should be adhered to because the SC directed the government to enact a law to protect personal data in the 2017 Judgment, in order to safeguard the fundamental right to privacy.

The government could take inspiration from the EU’s data law. For example, provisions that offer a strong shield against commercial and state surveillance, provisions that commit companies to using only minimal data and for specific purposes, bar them from holding data longer than necessary, and make them accountable for lapses.

The Centre must commit itself to a clear timeline within which the new data protection law will be introduced.

Print Friendly and PDF