Data Protection

Subscribe to Data Protection

Surveillance in the Post-Puttaswamy Era - Right to Privacy

In 1997, the Supreme Court of India (Supreme Court) pronounced its judgment in the case of People’s Union for Civil Liberties (PUCL) v. Union of India (SC, 1997) (PUCL Case), which laid the groundwork for the right to privacy in the context of telephonic surveillance (i.e. wiretaps) and constitutional freedoms.

This article analyses the Supreme Court’s stance on the right to privacy in the PUCL Case, which was upheld in the 2017 landmark judgment by the nine-judge bench in KS Puttaswamy v. Union of India (SC, 2017) (Puttaswamy Case) that declared privacy a fundamental right. The applicability of the right to privacy has recently received further validation in the context of wiretaps in the October 2019 judgment in Vinit Kumar v. Central Bureau of Investigations and Ors (Bom HC, 2019) (Vinit Kumar Case), wherein the Bombay High Court outlined the ambit of the State’s power to surveil its subjects particularly on matters that do not fall within the category of ‘public emergency’ or ‘in the interest of public safety’.
Continue Reading

data privacy protection bill India

We are moving towards a data centric world, and “data is the new oil”[1]. And few would disagree that a key debate today in finance is ‘trust and privacy vs. using data for business growth’. As modern day businesses look to adapt themselves to generate revenue from customer related data, regulators across the world are grappling with the formulation of effective laws to regulate the data-driven economy. Given the relative novelty of the concept, regulators are reflecting on fundamental questions such as the right to privacy, property rights over data and the right to use the collected data.

In India, the Reserve Bank of India (“RBI”) has been fairly forward looking, by passing various regulations and constituting a host of committees to address issues ranging from cyber security to customers data protection norms.[2] In almost all its regulations, RBI has adopted a data privacy framework similar to the one advocated by the Justice BN Srikrishna Committee in its Personal Data Protection Bill, 2018 (“DP Bill”) – an amalgamated framework consisting of consent-and-notice and the vesting of certain rights with the originators of such information.[3] Undoubtedly, the DP Bill will have an impact on the manner in which data is collected, processed and shared by the financial industry. With this as the background, the authors seek to analyse the impact of the DP Bill on businesses engaged in the financial sector.
Continue Reading

On 24 August 2017, a nine-judge bench of the Supreme Court of India (Supreme Court) declared privacy as a fundamental right protected under the Indian Constitution (Privacy Judgment)[1]. The Supreme Court while holding the right to privacy as an intrinsic part of the right to life and personal liberty, and informational privacy as a facet of the right to privacy; highlighted the need for government to examine and enforce a robust regime for data protection.

The Supreme Court suggested balance between data regulation and personal privacy as there are legitimate state concerns (like protecting national security, preventing and investigating crime, encouraging innovation and the spread of knowledge, and preventing the dissipation of social welfare benefits)on one hand and individual interests in the protection of privacy on the other. Appreciating the complexity of all these issues, the Supreme Court (upon being informed of the constitution of an expert committee chaired by Hon’ble Shri Justice B.N. Srikrishna, former Judge of Supreme Court), left the matter for determination by the said expert committee (Expert Committee), which was required to give due regard to what the Supreme Court had held in the Privacy Judgment.


Continue Reading