India Minister of State for Electronics and Information Technology Rajeev Chandrasekhar said the government will finalize Data Protection Board appointments and Digital Personal Data Protection Act rules within 30 days, MoneyControl reports. Now in force, the bill will likely have a one-year grace period. However, Chandrasekhar said breaches occurring in the interim period will "get accumulated" and addressed by the DPB once its members are in place.Full story... Read More

The Economic Times reports Indian officials plan to build a parental consent system by using Digilocker, a government-supported data governance repository. The system would create a database of parent and child identities that platforms can refer to for age verification and consent purposes. India's Digital Personal Data Protection Act has children's privacy and age verification requirements for children under 18.Full story... Read More

Indian officials have begun drafting secondary regulations for the Digital Personal Data Protection Act while also establishing the Data Protection Board, Inc42 reports. Clarifying rules on data breach reporting and business obligations are being crafted at the same time the government is mulling DPB appointments and recruiting guidelines. Meanwhile, Business Insider India reports startup businesses are not likely to be exempt from the DPDPA and may seek a two-year implementation period.Full sto... Read More

After years of debate and delays, Indian Parliament can now consider the proposed Digital Personal Data Protection Bill. The 2023 version of the draft bill was introduced in the lower house of Parliament, the Lok Sabha, 3 Aug. following approval by the Union Cabinet of Ministers 5 July. According to ANI News, the Lok Sabha is expected to open its consideration of the DPDPB 7 Aug. "We're living in a time where we are finding ourselves in a much more digital world than ever before," Indian Minis... Read More

Industry stakeholders took a firm stance on holding India's government to phased implementation of the proposed Digital Personal Data Protection Bill, The Economic Times reports. In comments to Indian Parliament's public consultation on the bill, industry players opined the 24-month grace period found in India's past privacy proposals should be carried over to the latest bill. Additionally, BSA|The Software Alliance called for implementing regulations to be finalized 12 months following potentia... Read More

Four years ago India received the landmark Puttaswamy judgment, which enshrined the right to privacy for the world's largest democracy. Since then, through various iterations, the government of India has attempted to devise an act that can adequately ensure the privacy of its more than 760 million active internet users. Versions of the Personal Data Protection Bill were proposed in 2018 and 2019, each receiving extensive scrutiny from experts across the country and alarming tech giants with requ... Read More

The Government of India told the Supreme Court of India that a revised data protection bill will be tabled in Parliament's Winter Session, ANI reports. During a hearing challenging WhatsApp's privacy notice, Solicitor General Tushar Mehta told the court the government is "alive" to India's lack of a privacy framework and a reworked bill is "underway." Supreme Court justices asked Mehta and the government to bring the bill before Parliament to resolve the WhatsApp case or they will move to a fina... Read More

TechCrunch reports Indian Parliament published the draft Telecommunication Bill 2022, which aims to regulate digital communications. The bill allows the government to view all online communications in cases of perceived national security or public safety concerns while giving agencies immunity from potential lawsuits stemming from such intervention. The legislation also addresses spam messages, proposing consent requirements and a "Do Not Disturb" registry. The government opened a public consult... Read More

The Hindustan Times reports Reserve Bank of India deputy governor T Rabi Sankar said the new draft data protection bill should include protections for customer data. He also cautioned that monetization of customer data should offer “some level of consent.” Last month, Indian Minister of Railways, Communications and Electronics and Information Technology Ashwini Vaishnaw suggested a new data protection bill could be tabled during Parliament's next budget session in January 2023.Full Story... Read More

On 28 April, the Indian Computer Emergency Response Team issued guidance on information security practices, procedure, prevention, response and reporting of cyber incidents under the Information Technology Act. Effective 60 days after issue, the guidance includes mandatory cyber-incident reporting to CERT-In and follows the agency’s identification of gaps and issues in facilitating incident-response measures. “These directions shall enhance overall cyber security posture and ensure safe & tr... Read More

In 2017, the Supreme Court of India pronounced a landmark judgment declaring the right to privacy as a fundamental right under the framework of the right to life (Article 21) as per our Constitution. However, a standalone and comprehensive privacy law does not exist in India. Currently, the Information Technology Act 2000 read with supplementary Rules, acts as the legal cornerstone to ensure the protection of personal information. Lawmakers and regulators progressively recognize the importance ... Read More

The Indian Parliament moved one step closer to passing what would be the nation’s first comprehensive data protection law when, in December, a joint committee released a long-awaited report that recommended substantial changes to the original version of the comprehensive legislation. Although Parliament has yet to submit a version of the bill for a final vote, many experts think that will happen this year.  The report is the result of a two-year deliberation by the committee during which it con... Read More

On Dec. 16, 2021, the Joint Parliamentary Committee submitted its report on the Personal Data Protection Bill, 2019 to Parliament. Interestingly, the report reinstates the concept of “consent managers” and recommends its insertion into the definition clause of the upcoming Data Protection Act. Now, Clause 3 (11) of the Bill defines consent managers as a “Data Fiduciary which enables a Data Principal to give, withdraw, review and manage his consent through an accessible, transparent and interoper... Read More

In response to surveillance efforts by NSO Group’s “Pegasus” software, the Supreme Court of India ruled citizens have as much right to privacy as journalists or social activists, The Times of India reports. “Members of a civilized democratic society have a reasonable expectation of privacy. Privacy is not the singular concern of journalists or social activists. Every citizen of India ought to be protected against violations of privacy,” the ruling said. “It is this expectation which enables us t... Read More

Reuters reports on the privacy concerns surrounding a proposed biometric law in India. The DNA Technology Regulation Bill allows for the storing of DNA information in national and regional data banks, which can be tapped for criminal investigations and missing persons cases. "The bill creates an umbrella databank for multiple purposes; the main concern is the lack of clarity on what data may be stored," Takshashila Institution Technology and Policy Programme Research Fellow Shambhavi Naik said.F... Read More

Reuters reports on the privacy concerns surrounding India's plan to build a digital database of Indian farmers. The database would give each farmer unique digital identification containing personal information and linked to India's Aadhaar system. More than 50 farmers' groups have expressed their concern over the proposal, arguing the project was created without their consultation and does not include a legal framework to properly protect their data.Full Story... Read More

Reuters reports WhatsApp filed a lawsuit to the Delhi High Court against India's government, claiming new Indian regulations would force the messaging application to violate users' privacy. WhatsApp claims the rules would require messaging apps to trace users' chats, which it believes to be "the equivalent of asking us to keep a fingerprint of every single message sent" and asks apps to "break end-to-end encryption and fundamentally undermines people's right to privacy."Full Story... Read More

Digital rights advocates said facial recognition technology installed in at least a dozen schools in Delhi, India, is an invasion of children’s privacy, Reuters reports. Internet Freedom Foundation Associate Counsel Anushka Jain said there is no law regulating the collection and use of data, adding “the use of facial recognition technology is an overreach and is completely unjustified.” Software Freedom Law Centre Legal Director Prasanth Sugathan said facial recognition “could cause real harm to... Read More

ETCIO reports on the trends around hiring data protection officers in India. Should the Personal Data Protection Bill become law, companies will be required to bring DPOs on staff. In the interim, Catenon Managing Director-APAC Gaurav Chattur has seen chief information officers place an emphasis on having privacy professionals on the chief information security officer's team. CIEL HR Services Director and CEO Aditya Narayan Mishra has also observed IT professionals are increasingly placed into p... Read More

With rapid changes in the global privacy landscape, Indian businesses and most importantly privacy professionals are constantly embroiled in critical questions. Are we doing privacy management right? With data breaches increasingly common and affecting organizations of all sizes and scale — from startup sharks, like Dunzo and Unacademy, to giant whales, like Facebook and Twitter — privacy management is undeniably a pivotal project for all in-house legal and compliance teams. We do expect to eve... Read More

The trending topic in India at this moment is the phrase “media trial.” A media trial is a popular expression referring to the media acting as judge, jury and executioner in news cases and declaring a verdict before the court passes its judgment. A media trial is often conducted in “parallel” alongside the police investigation. The deaths of Aarushi Talwar in 2008 and Sheena Bora in 2015 were targeted by Indian media, and most recently, the death of Indian actor Sushant Singh Rajput has garnere... Read More

How many times has an advertisement for a beauty product or electronic gadget appeared on your social media feed while you were having a real-time conversation about a similar subject? This is the subtlety and sophistication of the world of digital marketing, a world heavily reliant on customer data, as it is beneficial in providing a more targeted, personalized experience to a customer. Moreover, accelerated internet penetration in India, along with the proliferation of mobile telephony, has i... Read More

The COVID-19 pandemic expedited India's plans to create a centralized database containing the health data of its 1.3 billion citizens, Reuters reports. Prime Minister Narendra Modi and National Health Authority Director Praveen Gedam both acknowledged India is moving ahead with its plan to ease pressure on the country's health care system. However, Access Now Asia Policy Director Raman Jit Singh Chima pointed out the move on health data "is being done in the absence of a data protection law and ... Read More

The recent judgment by the Court of Justice of the European Union in the case of Max Schrems v. Facebook Inc. invalided the previously used Privacy Shield mechanism for the transfer of data between the EU and the U.S. The European Commission now needs to search for a different way to have a privacy-friendly data transfer regime between the two jurisdictions. The judgment placed emphasis on essentially three aspects to analyze the Privacy Shield arrangement between the EU and U.S. They are, firs... Read More

In an op-ed for The Wire, Mozilla Fellows Divij Joshi and Anouk Ruhaak write there are unanswered questions in India’s proposed framework to regulate non-personal data. An expert committee’s report fails to adequately address inequities in the digital economy and its recommendations “are substantially underdeveloped,” they say. “A mature policy on non-personal data that truly respects the rights of communities” to control data “needs to carefully consider questions of community representation, g... Read More

In an op-ed for Mint, Trilegal Partner Rahul Matthan writes about the impacts India faces from the Court of Justice of the European Union's decision on standard contractual clauses. Matthan discussed how India's government surveillance practices impinge on data transfers as SCCs would not be a sufficient mechanism to constitute compliance with the data transfer obligations. Matthan goes on to admit data localization might be the only alternative for countries to settle on with all the entangleme... Read More

A large number of tourists visit India to get access to the wide array of health care services due to affordable prices, large number of highly skilled medical professionals, world-class infrastructure, quality and cost-effective treatments, ease of communication and travel, limited waiting time, and medical technology that is on par with the global industry standards. Services opted for by the tourists range from basic elective procedures to complex specialized surgeries. With the steps taken ... Read More

Reuters reports the first-time deployment of facial-recognition technology at a political rally in Delhi has stirred privacy concerns. The system, which was originally devised for identifying missing children, was used to scan a crowd gathered to hear Prime Minister Narendra Modi speak amid ongoing protests across India. A Delhi Police spokeswoman insisted "standard checks and balances against any potential misuse of data are in place"; however, privacy advocates remain skeptical about the tech'... Read More

Since July 27, 2018, when a committee of experts appointed by the Indian government first published a draft of a comprehensive data protection law until approval of its revised version in the form of the Personal Data Protection Bill 2019 by the same government, a lot has been contributed to the literature on data privacy laws (or the lack of them) in India. The most common conclusion emerging from such literature is the Privacy Bill being referred to as a replica of the EU General Data Protect... Read More

India’s proposed Personal Data Protection Bill — which would regulate how data of the country’s 1.3 billion people is stored, processed and transferred — could be on track for approval early next year. Following the legislation’s introduction in Parliament last week, a Joint Select Committee of 20 members of Lok Sabha and 10 members from Rajya Sabha was formed. The committee will review the bill and submit a report with its findings to Parliament in January before the end of the 2020 budget ses... Read More

We are at a point in time when privacy has become a standard to be complied with unanimously, considering that we find ourselves in a digital and cyber world. Hence, unauthorized access, data breaches or personal information theft are no longer wild conjectures, but prevalent realities that we must wrap our heads around to ensure the privacy of individuals' data, every bit and byte of it. Keeping in mind the current but ever-evolving regulatory landscape, India too joined the bandwagon with its... Read More

The Supreme Court of India recently, by a 4 to 1 majority, upheld the constitutional validity of the Aadhaar project, after some minor tweaks and suggestions. This 1148-page judgment was delivered after a 38-day hearing, the second longest hearing in the history of the court. This post only concerns itself with the challenge that the project was violative of the right to privacy, which was given fundamental-right status under Article 14, 19 and 21 of the Constitution of India in a landmark priva... Read More