Perspectived: The (miserable state of) Privacy Laws in India
- Perspectived.org
- Oct 5, 2022
- 4 min read

India as of now does not have any explicit Data Protection or Privacy Laws. Recently, the Central Government had however tabled and withdrew a Data Protection bill. It has also released a Draft Telecom Bill, looking to modify the generations-old laws. But is the new bill really any better? And what is the constitutional, legal, and social scenario regarding Privacy Laws in India?
The Constitution
One does need not look much further than the constitution to see Privacy as a "Fundamental Right" of Indians. Under Article 21 of the Constitution, The Supreme Court in August 2017 declared the Right to Privacy as coming under the "Right to Life and Personal Liberty" (Article 21), which implies that not merely being alive, but having a life 'assuring the dignity of the individual'. This further includes things like sanitation rights, the right to drinking water, etc. While no other citizen or alien can legally access your devices, the right under Article 21 by foundation should be available against the government too, yet even the apex court emphasized the 'commercial' aspect in its judgment, stating "right of individuals to exclusively commercially exploit their identity and personal information, to control the information that is available about them on the internet and to disseminate certain personal information for limited purposes alone".
Contrary to the fundamentals of the Telegraph Act, under Article 19 (the six rights), the Supreme Court had also specified the "Right Against Tapping of Telephonic Conversation" as a fundamental right under Freedom of Speech and Expression (Again, 'fundamental' here implying that inherently available against the Government). However, the legislature and exceptions had mocked this fundamental (and now) human right to the ground.
The Laws
The Indian Government has indeed provided for data protection against private companies and Individuals. While not really comprehensive, an Amendment to the 2000 IT Act added Section 43A and Section 72A, which give a right to compensation for improper disclosure of personal information. Further, issued under the above Section 43A, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 imposed further imposed additional requirements on commercial and business entities in India relating to the collection and disclosure of sensitive personal data. However, these are available only against private entities. The government possesses virtually endless means of Draconian surveillance and spying capabilities. It is in fact, standard procedure:
The Indian Telegraph Act, 1885: According to Section 5(2) of the Act on the occurrence of any public emergency, or in the interest of 'public safety', which includes "incitement to the commitment of offense" phone tapping can be done by the Centre or states. The Emergency, and Preventive Detention laws, and recent frequent raids by ED under PMLA tell us how arbitrary these can truly be.
Criminal Procedure (Identification) Bill, 2022: Grants immense powers and legal sanctions to authorities for the collection, analysis, and storage of biometric and personal data of any individual. It empowers the National Crime Records Bureau (NCRB) to collect, store, preserve and destroy the records of measurements at a national level. The NCRB is also authorized to share such records with any law enforcement agency. The data collected will be retained in digital or electronic form for 75 years.
Draft Telecom Bill*: Formalzies the executive's attempts to bypass OTT privacy, which implies an end to E2E (end-to-end) encryption of services like Whatsapp or Signal. It also includes services like Netflix (or anything that comes under the definition of OTT). This is done by expansion of the definition of 'telecom' services, thus now including these services under the purview of Section 5(2) of the Indian Telegraph Act, which is to be merged in this bill without alternation to 5(2).
* Not yet enacted
The Draft Telecom Bill
In a bold recent move, the Union government tabled and withdrew a Data Protection Bill. After receiving much criticism from Individuals and Industry alike, the bill was withdrawn. It stated that there needed to be some changes in it, and is likely to be presented again in December. Following it, a draft Telecom bill was released for public scrutiny, and scrutiny it did get. While in reference to the nation's safety and integrity, the question should definitely be of its priority; it is due to this fact that we have Emergency provisions. While the colonial Telegraph act has not seen any citizen-centric amendments, the Government's continued disregard for international conventions and activism, coupled with the increasing fields of potential surveillance presents a bleak picture. However, we will be foolish to assume it is an India-specific thing. Most countries, as is evident with the recent developments in Australia, stay high-grade surveillance rights on their citizens.
Conclusion
Following the Snowden revelations, there has been a mass awakening to the need for better privacy. Not really, but one can try to convince oneself of it. The average Individual in India does not understand what privacy means, or those consumed by the political virus do not mind their prophetized leaders having access to every aspect of their being. Much theorizing has been done since 2013, with the outcome usually being the same. While we should make sure that the Government's regressive views on privacy are highlighted, it has become necessary that the individual themselves takes necessary educatory and active steps to minimize their digital footprint, as they are often led to fend for themselves, even against the governments, in being "Atma Nirbhar".
Comentarios