Data Protection

Subscribe to Data Protection
Search by Data Protection

The RBI’s Digital Lending Recommendations A Sign of the Road Ahead

The journey to a new general data protection law in India is more than a decade long and has seen several milestones ranging from the reports of Committees headed by Justice A.P. Shah[1], Justice B.N. Srikrishna[2], and a Joint Parliamentary Committee (“JPC”) to draft legislation in 2018[3], 2019 (“PDP Bill”)[4] and 2021 (“DPB”)[5].

While the recent withdrawal of the PDP Bill[6] is seen as a sign of a long and twisted road ahead, regulators in sectors such as banking, financial services and insurance have not had the luxury of taking the scenic route.

Continue Reading The RBI’s Digital Lending Recommendations: A Sign of the Road Ahead?

The Cert-In Cyber Security Directions More Questions Than Answers

On April 28, 2022, the Indian Computer Emergency Response Team (“CERT-In”) under the Ministry of Electronics and Information Technology issued extensive directions to service providers, intermediaries, companies, firms, and government organisations (collectively, “Entities”, and each an “Entity”) specifying various ‘cyber security directions’ that they are required to follow (“Directions”)[1].

Continue Reading The Cert-In Cyber Security Directions: More Questions Than Answers?

Digital Age Warfare

A. Introduction

In this digital age, it may not be out of place to say that data has replaced oil as the most valuable resource. The advancement of technology has led to the emergence of a new species of extortion, where ransom is sought in lieu of data, which is illegally assumed control over. This phenomenon is popularly known as a ransomware attack. A ransomware attack includes a malware that is introduced onto the host’s computer or mobile, thereby encrypting its data, with a subsequent demand for a ‘ransom’ for decryption of the same, to secure its release[i].

Continue Reading Digital Age Warfare: Ransomware Attacks

DOUBLE TROUBLE IN 2020 - TACKLING COVID-19 WHILE PROTECTING THE RIGHT TO PRIVACY

Background

Dire times call for ingenious, and often, radical measures. The COVID-19 pandemic, which has led to actions being taken under the Epidemic Diseases Act, 1897, and the Disaster Management Act, 2005, in India, is one such unprecedented and grim event. While governments and health workers all over the world are grappling to curb the spread of the virus, it has been realised that surveillance of affected persons is of paramount importance in order to assess and implement preventive and control measures.

Data tracking and analysis has emerged as an unlikely hero. This analysis has enabled governments to implement measures to stop the pandemic at its source and to prevent deaths, social disruption, unnatural burden on the healthcare system and economic loss. As government authorities are required to control the pandemic not only in their own country, but also understand how the same is evolving in other countries, governments all over the world have taken the stance that free flow of information that is updated in real time will allow for the formation of a steady global picture and help in curbing the spread of the pandemic.
Continue Reading Double Trouble in 2020 – Tackling COVID-19 while Protecting the Right to Privacy

Coronavirus - COVID19- Faqs

The World Health Organisation (WHO) declared COVID-19 as a “pandemic” on March 11, 2020.

The outbreak and the rapid spread of COVID-19 has sent shock waves across global markets. It has disrupted supply chains, leading to the closure of several manufacturing facilities globally; serious disruption of air and sea traffic and closure of vital air routes, like the one between the US and Europe. This is turn has led to the collapse of stock markets around the world, leading to the loss of billions of dollars, which got wiped out in a matter of days. A combination of all these factors has led to a decline in the overall volume of global economic activity, forcing the world economy towards a possible recession. It is forcing Boards across the globe to confront a host of difficult questions on how business should be conducted during a global public health crisis.
Continue Reading COVID-19 : OFFICIALLY A PANDEMIC

Personal Data Protection Bill 2019 - Analysis

A draft of the Personal Data Protection Bill, 2019 (“Bill”) has been introduced before the Lok Sabha on December 11, 2019.

The Bill is based, in large part, on the proposed draft of the Personal Data Protection Bill, 2018 (“Draft Bill”) which was attached to the report submitted to the Government by the Committee of Experts constituted under the Chairmanship of Justice Srikrishna (Retd.) (for details see our analysis[1] of the Draft Bill and its comparison with the European Union’s General Data Protection Regulation[2] (“GDPR”)[3] ).

That being said, the Bill also includes several modifications and changes in scope and intent.
Continue Reading The Personal Data Protection Bill, 2019: An Analysis

Surveillance in the Post-Puttaswamy Era - Right to Privacy

In 1997, the Supreme Court of India (Supreme Court) pronounced its judgment in the case of People’s Union for Civil Liberties (PUCL) v. Union of India (SC, 1997) (PUCL Case), which laid the groundwork for the right to privacy in the context of telephonic surveillance (i.e. wiretaps) and constitutional freedoms.

This article analyses the Supreme Court’s stance on the right to privacy in the PUCL Case, which was upheld in the 2017 landmark judgment by the nine-judge bench in KS Puttaswamy v. Union of India (SC, 2017) (Puttaswamy Case) that declared privacy a fundamental right. The applicability of the right to privacy has recently received further validation in the context of wiretaps in the October 2019 judgment in Vinit Kumar v. Central Bureau of Investigations and Ors (Bom HC, 2019) (Vinit Kumar Case), wherein the Bombay High Court outlined the ambit of the State’s power to surveil its subjects particularly on matters that do not fall within the category of ‘public emergency’ or ‘in the interest of public safety’.
Continue Reading Surveillance in the Post-Puttaswamy Era

data privacy protection bill India

We are moving towards a data centric world, and “data is the new oil”[1]. And few would disagree that a key debate today in finance is ‘trust and privacy vs. using data for business growth’. As modern day businesses look to adapt themselves to generate revenue from customer related data, regulators across the world are grappling with the formulation of effective laws to regulate the data-driven economy. Given the relative novelty of the concept, regulators are reflecting on fundamental questions such as the right to privacy, property rights over data and the right to use the collected data.

In India, the Reserve Bank of India (“RBI”) has been fairly forward looking, by passing various regulations and constituting a host of committees to address issues ranging from cyber security to customers data protection norms.[2] In almost all its regulations, RBI has adopted a data privacy framework similar to the one advocated by the Justice BN Srikrishna Committee in its Personal Data Protection Bill, 2018 (“DP Bill”) – an amalgamated framework consisting of consent-and-notice and the vesting of certain rights with the originators of such information.[3] Undoubtedly, the DP Bill will have an impact on the manner in which data is collected, processed and shared by the financial industry. With this as the background, the authors seek to analyse the impact of the DP Bill on businesses engaged in the financial sector.
Continue Reading In the throes of Data Protection (and the associated woes) lies the business of trust

Data Protection Framework for India

On 24 August 2017, a nine-judge bench of the Supreme Court of India (Supreme Court) declared privacy as a fundamental right protected under the Indian Constitution (Privacy Judgment)[1]. The Supreme Court while holding the right to privacy as an intrinsic part of the right to life and personal liberty, and informational privacy as a facet of the right to privacy; highlighted the need for government to examine and enforce a robust regime for data protection.

The Supreme Court suggested balance between data regulation and personal privacy as there are legitimate state concerns (like protecting national security, preventing and investigating crime, encouraging innovation and the spread of knowledge, and preventing the dissipation of social welfare benefits)on one hand and individual interests in the protection of privacy on the other. Appreciating the complexity of all these issues, the Supreme Court (upon being informed of the constitution of an expert committee chaired by Hon’ble Shri Justice B.N. Srikrishna, former Judge of Supreme Court), left the matter for determination by the said expert committee (Expert Committee), which was required to give due regard to what the Supreme Court had held in the Privacy Judgment.

Continue Reading Genesis of (True) Data Protection Framework for India