Policy Engagements and Blogs

Informational Privacy in India: An Emerging Discourse

Ananth Padmanabhan

December 20, 2018


Watch the full video (above) of the first part of the panel discussion on ‘Informational Privacy and Important Tradeoffs’ as part of the session on ‘Informational Privacy in India: An Emerging Discourse’ featuring Ananth Padmanabhan, Anjali Bhardwaj, Bhavin Patel and Amber Sinha.

In the light of important recent developments on informational privacy, data protection and data governance in India, and their widespread ramifications on India’s strategic relations with other nations as well as for doing business in India’s digital economy, the Technology and Society Initiative at the Centre for Policy Research organised a discussion on these themes. This discussion engaged with representatives from embassies, chambers of commerce and research funding organisations located in India.

The last few years have seen a formalisation of the right to informational privacy within India’s constitutional framework. While the context to this – the challenge to the validity of the Aadhaar project – has entailed broader issues on delivery of public goods and services, the response to whether an individual can assert control over key informational aspects of her life has become a critical part of our rights jurisprudence. The Supreme Court verdict in Justice Puttaswamy’s case (2017) unequivocally affirmed this right despite leaving open several important aspects including the permissibility of restrictions on this right, and the level of scrutiny which the judiciary could exercise to safeguard them. What was particularly striking was the judicial reliance on considerable scholarship emerging from India and Indian scholars on important themes pertaining to this right: the differing conceptions of privacy and the role for each of them within India’s constitutional framework; the impact of privacy erosion on citizen-State relationship and private transactions in the commercial realm; surveillance tools and technologies in India; the need for an indigenous data protection law, and much more. The court has picked up on this thread in the second Puttaswamy verdict upholding the constitutional validity of Aadhaar with some important caveats and exceptions.

Recently, the Expert Committee headed by retired Justice Srikrishna also convened to come out with a draft personal data protection bill. The centrality of data to both commercial activity and governance purposes has found recognition in this bill. While the present legal regime to regulate data in India can be considered chequered at best with divergent regulations across finance, healthcare, telecom, mobility etc., the new bill aims to create a ‘big data-ready’ framework. It impacts any private enterprise handling personal data by stipulating new internal procedures and strong penalties. The major themes in the bill are new user rights for data principals (individuals) who share their data with data fiduciaries (technology companies); data localisation and cross-border data flows; data protection authority (DPA) and its powers; data fiduciaries and new compliance requirements; and exceptions including law enforcement. Each of these carries major implications for data-driven solutions. During the deliberations of the Committee too, substantial Indian scholarship on the themes listed above have been referenced and relied upon. This is truly a breakout moment for privacy and data protection in India. It is changing the terrain of institutional responses to personal data, technology architectures, and digital trade.

The second part of the discussion on ‘Personal Data Protection in India’ featuring Arjun Sinha, Nehaa Chaudhari, Rahul Sharma, Rishab Bailey and Amba Kak can be accessed here.