The data protection regime in India is in a state of flux. The year of 2017 has been a humdinger of a year for data privacy laws. On August 24, 2017 the constitutional bench of Supreme Court1 decided that the right to privacy was, after all, a fundamental right.2 The Supreme Court also noted in the matter that “the government has initiated the process of reviewing the entire area of data protection, it would be appropriate to leave the matter for expert determination so that a robust regime for the protection of data is put into place. We expect that the Union government shall follow up on its decision by taking all necessary and proper steps.” Following the judgment in re Puttuswamy, the Committee of Experts on a Data Protection Framework for India chaired by Justice B. N. Srikrishna released a white paper on November 27, 2017.3 The Ministry of Electronics & Information Technology (MeitY) issued a press release on December 28, 2017 seeking public comments on the whitepaper by the end of January 31, 2018.
2. Present position of law.
- clear and easily accessible statements of its practices and policies;
- type of personal and sensitive personal data or information collected by it;
- purpose of collection and usage of such information;
- disclosure of information including sensitive personal data or information collected;
- reasonable security practices and procedures adopted by it.