Basics of data protection and privacy

Akash Kumar Singh, Tanya Aggarwal, Mahimna Kandpal

"What is personal data?"

Data that can be used to identify an individual qualifies as personal data.

"What can be done with it?"

Personal data today has immense power and value. It can be collected, processes, stored or disseminated. Data protection is the mechanism by which laws provide rights to individuals over their personal data, restrict misuse and breach of privacy.

"Should I worry about the apps on my smartphone? They would not do anything wrong, would they?"

That's not the point. We can trust our smartphones and governments better with accountability and rights. Data is power and we should always be the ones in control. So, if you do not have a right over your own personal data, a lot of decisions regarding you will be made without your consent, choice or knowledge.

"Is our privacy protected?"

Last year a nine-judge bench of the Supreme Court unanimously held that all our fundamental rights link to the right to privacy. It repeatedly stated that in our tech driven, digital world of blockchains, big data and algorithms, it is essential for the government to make a data protection law to protect our privacy.

Sadly, at present there is no comprehensive legislation on data protection in India. To fill in this vacuum a draft citizen's law, titled as the, "India Privacy Code, 2018" has been put forth on for debate, discussion and endorsement.

"A lot seems to be happening on privacy recently. What's going on ?"

Since 2006, many attempts to draft a data protection and privacy law in India have been made. The Personal Data Protection Bill tabled in the Parliament in 2006 and drafted on the general framework of the European Union Data Privacy Directive, 1996 was one such attempt.

Subsequently, the Planning Commission constituted a committee was chaired by former Delhi High Court Chief Justice AP Shah. It published a 9-point focused Report of the Group of Experts on Privacy in 2012 but no effective follow up was taken up until last year.

In about the past 12 months we have witnessed a plethora of debates on data protection In India.

  • Aadhaar data leak and connected identity frauds
  • The Right to Privacy Judgement of the Apex Court of India,
  • The white paper released by the the Justice Shri B N Srikrishna committee set up by the Government of India and its anticipated draft law recommendations to the Ministry of Electronics and IT,
  • The Snowden revelations of Cambridge Analytica,
  • The EU General Data Protection Regulation,
  • The Consultation Paper on Privacy, Security and Ownership of the Data in the Telecom Sector.
  • Parliamentary Standing Committee on IT starts discussing data privacy and security.

However even today we have no clear indication on a user rights focussed data protection law in India.

"I want to read more on privacy and data protection. Can you share some links?"

  • Visit for a summary of the Justice Srikrishna Committee White Paper and a lawyers submissions advocating for user rights (Link)
  • Final Text of EU GDPR Neatly Arranged (Link)
  • OECD Principles (Link)
  • Comments on the Justice Srikrishna Committee White Paper On Data Protection (Link)
  • Internet Freedom Foundation's blogposts on privacy (Link)

Psst.. This post was authored by volunteers who believe in the values of a open and free internet. If you have ideas for public engagement and want to volunteer your time for this campaign please do get in touch with us at email hidden; JavaScript is required

Share Your Support