data privacy protection bill India

We are moving towards a data centric world, and “data is the new oil”[1]. And few would disagree that a key debate today in finance is ‘trust and privacy vs. using data for business growth’. As modern day businesses look to adapt themselves to generate revenue from customer related data, regulators across the world are grappling with the formulation of effective laws to regulate the data-driven economy. Given the relative novelty of the concept, regulators are reflecting on fundamental questions such as the right to privacy, property rights over data and the right to use the collected data.

In India, the Reserve Bank of India (“RBI”) has been fairly forward looking, by passing various regulations and constituting a host of committees to address issues ranging from cyber security to customers data protection norms.[2] In almost all its regulations, RBI has adopted a data privacy framework similar to the one advocated by the Justice BN Srikrishna Committee in its Personal Data Protection Bill, 2018 (“DP Bill”) – an amalgamated framework consisting of consent-and-notice and the vesting of certain rights with the originators of such information.[3] Undoubtedly, the DP Bill will have an impact on the manner in which data is collected, processed and shared by the financial industry. With this as the background, the authors seek to analyse the impact of the DP Bill on businesses engaged in the financial sector. Continue Reading In the throes of Data Protection (and the associated woes) lies the business of trust

On 24 August 2017, a nine-judge bench of the Supreme Court of India (Supreme Court) declared privacy as a fundamental right protected under the Indian Constitution (Privacy Judgment)[1]. The Supreme Court while holding the right to privacy as an intrinsic part of the right to life and personal liberty, and informational privacy as a facet of the right to privacy; highlighted the need for government to examine and enforce a robust regime for data protection.

The Supreme Court suggested balance between data regulation and personal privacy as there are legitimate state concerns (like protecting national security, preventing and investigating crime, encouraging innovation and the spread of knowledge, and preventing the dissipation of social welfare benefits)on one hand and individual interests in the protection of privacy on the other. Appreciating the complexity of all these issues, the Supreme Court (upon being informed of the constitution of an expert committee chaired by Hon’ble Shri Justice B.N. Srikrishna, former Judge of Supreme Court), left the matter for determination by the said expert committee (Expert Committee), which was required to give due regard to what the Supreme Court had held in the Privacy Judgment.

Continue Reading Genesis of (True) Data Protection Framework for India