File Copyright Online - File mutual Divorce in Delhi - Online Legal Advice - Lawyers in India

Data Privacy In The 21st Century: A Tussle Between Indian Government And Whatsapp

Research Objectives:
  1. To find out the history and emergence of data privacy laws.
  2. To compare and analyze the data privacy laws in India and other countries.
  3. To research the need and effectiveness of such data privacy laws.

Research Methodology
The research methodology used for this project includes descriptive, analytical, and qualitative research. The researchers have referred to various sources and have taken the help of both primary as well as secondary sources such as Supreme Court cases, government reports, journals, newspaper articles, and internet websites. No empirical data through fieldwork has been used for this project. Some of the researchers' views, conclusions, and suggestions may be brought out. They are not necessarily correct and of authoritative value.

Research Questions
The research work and submission of this project are primarily driven by the following set of questions:
  1. How did the current data privacy laws come into being?
  2. Why do we need data privacy laws?
  3. Are data privacy laws effective?
Nowadays, virtually everyone's data is saved and exchanged via the internet. This has made individuals' data easily accessible to a large number of other people, organizations, and hackers, making them vulnerable to cyber-attacks. Hence, it becomes very important for people to have control over their personal data with regards to how it is collected, how much it is collected, and how it is used by different corporations and third parties.

With the oversaturation of freely available data on the internet and specific personal information in the hands of corporations and governments, data privacy laws have become one of the most important requirements of the 21st century. Data privacy regulations help to protect the way an individual's data is used to some extent by establishing checks on the collecting and processing of data by various organizations.

Currently, a total of 137 countries have legislation on data protection and privacy, which makes it a total of 71% of countries have current laws on data protection and privacy, 9% of countries with draft legislation, 15% of countries with no laws on data protection and the rest 5% of the countries whose data regarding such laws is not available. These legislations include laws related to electronic transactions, data privacy and protection, cybercrimes, and consumer protection.

Privacy: Different Perspectives
Privacy as a concept means having control over one's personal information. Many different thinkers have different notions as to what 'privacy' means and that can have an impact on the laws formed regarding the same.

Westin's Perspective
According to the scholar, Alan Furman Westin, privacy refers to the "�claim of individuals, groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others."

Morison's Perspective
According to Morison, privacy is an 'interest' rather than a 'right' and such interest should be protected while also balancing other interests of oneself, the society, and other entities.

Clarke's Perspective
As per Roger Clarke, "Privacy is the interest that individuals have in sustaining 'personal space', free from interference by other people and organizations." He talks about four types of privacy, namely the privacy of the person, personal behavior, personal communication, and personal data. According to him, privacy should be understood in a broader sense and the different kinds of privacy should be dealt with by different kinds of laws.

Acharya's Perspective
Bhairav Acharays who is a lawyer and policy analyst talks about an analysis of privacy in India and recognised four types of privacy claims, namely press freedom, state surveillance, decisional autonomy, and privacy of personal information.

Through a thorough analysis of various definitions of privacy, it can be established that privacy is about the personal information and data of an individual or an organization and how the individual chooses to present or hide it. Besides this, many scholars believe that there can be some exceptions to data privacy in case there is some bigger cause to answer like public security.

History Of Data Privacy
In 2012, a report based on a discussion between a Group of Experts on Privacy was published called the Justice AP Shah Committee Report which presented the nine principles which should be included in the legislation made for data privacy in India.

The nine principles are as follows:
  1. Notice:
    This principle mainly talks about how in case there is a breach of data, the affected party should be notified about the same along with the privacy commissioner. That is whenever an organization needs to ask for consent from an individual to gain access to their data, it should state in a very clear and concise manner what information is being collected, why is it being collected, and how it will be used by the organization, whether it will be disclosed to a third party, what are the safeguards used by them, how would one be able to change it along with the contact details of privacy officers. This way there can be transparency in the way data is being collected.
  2. Consent and Choice:
    This principle states that along with notifying the users about the data collection process, data controllers should have to gain the approval of the individual. There are some exceptions to this principle including the case of authorized agencies and situations like medical emergencies.
  3. Limitation of Collection:
    According to this principle, data controllers shall only collect personal information when it is required and for the objectives specified in the data protection principle. The idea tries to ensure that data is gathered legally and fairly and that it is used in compliance with the law and practice.
  4. Limitation of Purpose:
    This principle states that personal data should only be collected, processed, disclosed, made available, and used for the purposes specified in the notice and agreed to by the individual. Data should not be kept for any longer than is necessary to achieve the specified goals, and it should be discarded once those goals have been met.
  5. Access and Correction of Collected Data:
    This principle was laid down to ensure that the individual whose data has been collected has some control over the data even when it is submitted to the data controller. That is the individual should retain the power to make changes or delete a piece of information later on.
  6. Security:
    This principle focuses on data security against any external party. It aims to ensure that data controllers have technical, administrative, and physical protections in place to protect personal information from unauthorized use, alteration, access, or retention.
  7. Transparency and Openness:
    This principle is laid down to ensure that data controllers do not hide their privacy policy and practices about personal data from the users. There should be transparency between the user and the data controller.
  8. Accountability:
    The data controllers should be accountable to the users whose data they collect. This is to ensure that they stick to the permissions they asked for in compliance with National Privacy Policy.

Before 2012, only four of the nine principles were being implemented in the laws that were made about data privacy. These principles were security, limitation of purpose, accountability, and limitation on collection.

Privacy In The 21st Century
Before focusing entirely on India, it becomes important to see the types and effects of contemporary data privacy laws in other countries around the world.

The USA:
Different countries around the world have their ways in which they look at data privacy and forming laws regarding the same. In the US, 'liberty protection' is a concept used to explain privacy protection. That is, the laws made on data privacy are essentially made to protect the private spaces of people from the government.

It does not have a whole set of comprehensive legislation but has sector-based laws made to fulfill the purpose of data privacy. Both the government and the private sectors have different laws applicable to them. Moreover, American law allows for the collection of personal data of a person as long as they are informed. This does have its own set of loopholes since many times people are unaware and careless about what they are signing up for.

In the European Union, on the other hand, the 'right to privacy is a fundamental right. The European Union law related to data protection is comprehensive in the sense that it includes laws against both the private entities and the government with regards that do not allow them to process personal data. It does have a few exceptions like defense, national security, and public security. Though, it is also criticized for having stringent laws that impose many obligations on various organizations and corporations.

The multiplicity of actions taking place in India's privacy and data protection circuit might be missed if one blinks. Despite a severe gap in comprehensive data protection legislation, the legislature and government were quite active in their efforts. India has seen several important developments, including the liberalization of the country's long-standing geolocation policy, the implementation of industry-standard privacy protections, and the implementation of strong security measures in the digital payments sector. There have even been legal rulings on topics like governmental monitoring, the right to be forgotten, and the necessity for anonymity.

The proposed GDPR-inspired data protection law, which has been in the works for two years, was also revived. To further know what privacy means in 21st century India, the analysis of its brief evolution period becomes important. Following are the main events that directly or indirectly introduced data privacy in law and established it as legislation:

K. S. Puttaswamy vs Union of India: The Right to Privacy Verdict (2017)
Justice K. S. Puttaswamy has been one of the pioneers who demanded the protection of an individual's privacy in the country. In terms of India, the right to privacy was held to be fundamental by the Supreme Court of India in K.S.Puttaswamy vs Union of India. After the judgment under the directions of the Supreme Court of India, a committee headed by Justice BN Srikrishna, a retired Supreme Court judge, was formed. The committee submitted a report titled "A Free and Fair Digital Economy:Protecting Privacy, Empowering Indians" in 2018 in addition to forwarding a draft of the Data Protection Bill to the Ministry of Electronics and Information Technology.

K. S. Puttaswamy vs Union of India: Puttaswamy-II Judgement (2018)
Later in the year 2018, in the Puttaswamy-II judgment, the Aadhaar Act was challenged on the ground that it was violative of the right to privacy. In the judgment, most provisions of the act were upheld but some provisions were struck down as they suffered from the excessive collection of data.

Personal Data Protection Bill (2019)
In 2019, the Personal Data Protection Bill was introduced. It had many differences from the draft bill that was suggested by the Srikrishna Committee in 2017. These changes were mostly with regards to giving greater power to the government. The government and other authorized agencies were exempted from liability by citing reasons like national security, public order, and foreign relations. Out of the three grounds of exception, only 'national security was suggested in the draft bill put forth by the committee.

Information Technology Rules, 2021
One of the most recent developments in privacy laws in India was the introduction of the new IT Rules in 2021. This law consists of a provision that requires social media platforms, as and when required by the government, to locate the first originator of messages that spread hate speech, fake news, and indulge in illegal activities like distribution of child porn, etc.

This provision could very much lead to a breach of privacy because to find the first originator of a message, the social media platforms would have to trace the users' conversations which can only be done when the corporations keep surveillance on the private chats of their users.

So, through an analysis of recent developments in India, what can be seen is a focus on the protection of private data of individuals and how it is used by private entities. On the other hand, the government has comparatively more freedom with regards to how it can collect and use an individual's data by citing reasons like national security and maintaining public order to justify the same.

Joint Committee On The Personal Data Protection Bill, 2019 (2021)
The Joint Parliamentary Committee released its report for a new data protection law on December 16, 2021, along with a modification of the "Data Protection Bill, 2021" in Parliament.

Stakeholders have expressed misgivings, requesting new discussions because several of the clauses made public differed from the prior version disclosed two years ago. There have been numerous notable modifications in the proposed draft proposal that are similar to the "GDPR," such as the broadening of the law's reach to embrace both personal and non-personal data.

Stringent regulations for reporting data breaches within 72 hours, a certification framework for all IoT and digital devices, and hardware manufacturer control are among the other measures. According to the new proposed bill, the central government might arrange for phased implementation or notification for the passage of newer clauses.

Issuance Of Data Privacy Standards
"The Bureau of Indian Standards" made public the previously announced new data protection standards in mid-2021. The new requirements require enterprises to design, maintain, and deploy a data privacy management system, as well as continue to build on it, giving them a privacy assurance framework. The new framework is divided into prescriptive and suggestive parts, with the prescriptive portion including mandatory requirements and the suggestive part containing best practices for assisting in the implementation of the prescriptive part's requirements.

Implementation of the prescriptive component has not been specifically described if they are necessary to maintain appropriate security practices and procedures in the regulations. As a result, it is the responsibility of the organizations to ensure that the prescriptive element is implemented in a way that meets the need. Data processors must adopt security protections that utilize de-identification, encryption, and other methods to preserve personal data integrity and prevent misuse, unauthorized access, alteration, disclosure, or destruction of personal data with the introduction of the new data protection legislation.

Traceability Feature Necessary For Large Messaging Apps
The "Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021," which were announced to the Ministry of Electronics and Information Technology, superseded the "Information Technology (Intermediaries Guidelines) Rules, 2011." Internet intermediaries must adhere to new intermediary requirements for some due diligence, including the requirement to keep information collected from users for 180 days after they have withdrawn their registration.

The laws also designated some intermediaries as "major social media intermediaries" if the number of registered users exceeded 50,00,000, which was disclosed subsequently. Upon court or government order, the major social media intermediaries must provide the identity of the first originator of communication, but not the substance of the message or any other information to the first originator.

Judicial Investigation Into The Pegasus Spyware Controversy
When it was revealed that Pegasus malware produced by an Israeli security business, the NSO group, was being used to spy on Indian residents, it sparked outrage. The Supreme Court of India issued a crucial decision. The petitioners demanded an impartial probe of the alleged use of Pegasus by various foreign countries, as well as the Indian government. The Supreme Court ruled that the impact of Pegasus' deployment on the right to privacy and freedom of speech needed to be considered. The Supreme Court formed a three-member expert group to provide recommendations for new surveillance legislation or amendments to current ones.29

Right To Be Forgotten Denied
A petitioner asked the Madras High Court to remove his name from court orders as part of his right to be forgotten, but the case was denied by a single judge bench. Even though the Madras High Court alluded to the K.S Puttaswamy v Union of India case regarding an individual's right to privacy, it also pointed to a Supreme Court order stating that one cannot exercise the right to be forgotten if the information is required for the performance of a public-interest activity. Due to the lack of any structure or criteria for redacting a person's name, the court opted to wait for the government to pass a new data protection law before using such powers.

Tussle Between WhatsApp And Indian Government
The new social media guidelines enacted by the Indian government in May of last year oblige WhatsApp to track the origin of communication if needed by appropriate authorities. Instead of complying with the instructions, WhatsApp has filed a lawsuit against the government, alleging that the new restrictions violate Indian users' right to privacy and urging the Supreme Court to deem the intermediary requirements illegal. WhatsApp's parent firm, Facebook, has disputed the dilution of its platform's de-encryption on several occasions.

Issues Involved:
Undermines Privacy
Because of the privacy it provides, the American firm has highlighted how its app is used for private chats by individuals from all walks of life such as healthcare experts, government officials, law enforcement agencies, and journalists, among others. WhatsApp claims that requiring intermediaries to identify the source of information in India on its app jeopardizes the privacy and security for which millions of users rely on it, jeopardizing end-to-end encryption technology. Because it is unknown which messages may be subject to tracing orders, the corporation will need to develop a mechanism to track down the sender of every communication transmitted in India.

Break-In Encryption
The intermediary guidelines have imposed restrictions on WhatsApp's basic philosophy and technology, which is end-to-end encryption. End-to-end encryption, as defined by WhatsApp, refers to the encryption of communications sent between the sender's device and the recipient's device. The material sent cannot be accessed by any other party, even WhatsApp's parent firm, Facebook. End-to-end encryption and traceability do not mix because they are incompatible, putting encryption technology at risk.

The Indian government's requests violate the "data minimization principles," as WhatsApp is required to keep more data for communications sent within India. Because there is no date offered, the corporation is forced to keep this additional data for years after the content has been exchanged.

The IT Act was never meant to provide the government the authority to compel social media intermediates (SSMIs) to maintain track of a text's origin.

Repercussions Of The Intermediary Guidelines:
Traceability And Human Rights Concerns
According to WhatsApp, imposing traceability will not only fail to meet the government's demands but will also result in human rights breaches. One of the fears is that many people's names will be marked just because they shared information, even if they were not the originator, merely to be safe or to double-check its legitimacy. If certain content proves to be harmful to the government, a large number of innocent persons may become embroiled in investigations or even imprisoned.

As a result, it might result in a breach of the widely accepted values of free expression and human rights. The use of digital fingerprinting has also been criticized by internet specialists as dangerous since it is easy to imitate while gaining traceability, putting the integrity of the system in jeopardy.

Experts believe that fingerprinting techniques may be readily misused and that they will eventually jeopardize the public's digital privacy by jeopardizing encryption. Apps would have to forsake encryption completely to keep track of message digital signatures.

In the future, the government may request any message, thus WhatsApp would have to track every message, not just some. By requiring social media service providers to track users, the government is inadvertently enforcing widespread monitoring. To meet the government's regulations, social media firms will now have to preserve vast databases of every message shared privately with friends, family, coworkers, and enterprises, among other things. In comparison to what users know about these firms, these companies will now gather more information about them.

Violation Of Principles Of Law And Investigation
Traceability would have a direct impact on how law enforcement and investigations operate. The way the inquiry is now going, the government is requesting information from technology firms concerning a certain individual's account information. Following the adoption of the guidelines, the government would give technology firms a piece of material and a demand for its source, which would be ineffectual and prone to misuse.

Enforcement Or Alternatives:
WhatsApp has already stated its position on traceability, but the company still maintains a team committed to reviewing and responding to legitimate law enforcement demands. During the inquiry, the business has also replied to the authorities' legitimate demands with whatever limited information was available, by applicable law and policy. In addition, the organization has a dedicated staff that works closely with law enforcement authorities 24 hours a day, 7 days a week in emergency scenarios such as impending danger, risk of death, or major bodily injury.

Concerns With Data Privacy

The major concern in regards to having codified legislation for data privacy is the languishing state of the right to privacy in India which has created an urgent need to come up with a comprehensive and regulatory framework for data protection.

The law is on the government's side, making it simpler for the government to pass new data privacy regulations, but there is still an unresolved issue: the undervalued importance of data privacy and protection. Any typical smartphone user in our nation, not even a layperson, is completely oblivious of the need for online privacy.

These are the folks for whom the government must take great measures to protect their data. A substantial section of our population is exposed to giant businesses and online organizations that exploit users' private and personal data due to a lack of understanding about safe surfing, data privacy, and protection.

Subject experts and IT professionals believe that the "Indian Data Protection Bill, 2019," which aims to protect the much-needed data of Indian users on the internet so that users can exercise their privacy rights on the online platform, is not sufficiently equipped to provide the necessary privacy and rights for enforcement. The measure requires a stronger structural and organizational framework, otherwise, the personal and sensitive data or information of millions of Indian users would be compromised.

The classification of the user's data, which the bill divides into three components, is the first major challenge in creating and executing such a progressive policy.

The three types of user data are as follows:
  1. Personal Data
  2. Sensitive Personal Data, and
  3. Critical Personal data
One of the most glaring flaws of the Data Protection Rules is that personal data is limited to information that may be used to identify a single user. The personal and private information of other people recorded in the background of a user's device, which can lead to a significant breach of privacy whether caused willingly or inadvertently when using the internet or just browsing social media, is not specifically covered by these Rules.

The restricted reach of these sensitive personal data is another additional impediment to the timely implementation of data privacy legislation. The misunderstanding about which data should be classified under which of the three heads is the fundamental reason for the delay in implementing the guidelines. This ambiguity might have disastrous effects when it comes to data collecting, storage, and processing, which are all handled by distinct firms that must now obtain consent at each stage of the process.

Scope Of Data Privacy And Suggestions
The government may take a variety of different actions to make the web space stronger and more secure for citizens to make data protection easier for them. Instead of mandating companies to hold ever-increasing amounts of data, the government should examine how sensitive our data is, and hence limit large-scale data collecting by corporations. Data collected by data suppliers, as well as social media intermediaries, should be kept to a minimum.

Even if the data is acquired and held with the user's knowledge, the user's right to be forgotten must be respected, which is why users must have the ability to have their data removed from databases and servers. The data processors should be held liable for the security of our information. Users should have the right to know about data breaches and the right to seek compensation as a remedy if their privacy has been violated. As a result, suitable data collecting norms should be maintained.

The government should also take steps to eliminate outdated data protection policies and regulations, restricting the amount of information acquired from consumers. Increased constraints on data collection with consent may also be implemented, ensuring that users' data remains private and safe. Increased penalties should be applied to data and privacy violations. Data storage, in whatever form it takes, should be ethical and legal.

The state should make it mandatory for data collectors/processors to keep a close eye on data usage by requiring them to have user-service provider openness in the data processing. In this manner, a balance may be struck between the data protection principle and the purpose, as well as the collection and processing of user data.

The government simply cannot implement dictatorial and harsh data privacy regulations because, as technology advances, the purpose of data storage and usage will change. The law that the government draughts in the future to protect citizens' data privacy should be flexible and adaptable to changing technology.

The government must have a clear framework in mind for the many sectors where data is processed and utilized, which may be abused by exploiting legal gaps hence enforcing the required penalties is necessary. The data privacy laws should be complementary, and there should be other areas where the legislation may be reinforced, such as consumer protection, to give individuals all-around privacy protection.

With the abundance of freely available data on the internet and specific personal information in the hands of corporations and governments, data privacy laws have emerged as one of the most important requirements of the twenty-first century. Data privacy regulations are made to protect the way an individual's data is used by establishing checks on the collection and processing of data by various organizations. Many different thinkers, like Westin, Morison, Clarke, and Acharya, have different ideas about what 'privacy' means, and this can have an impact on the laws that are made and enacted around the world.

For the purview of this project, it became important to know about privacy in the context of India. In 2012, a report based on a discussion among a Group of Experts on Privacy was published by a committee headed by Justice AP Shah. This was one of the first official committees made to deliberate on data protection and data privacy laws in India. The committee report outlined the nine principles that should be kept in mind while forming India's data privacy legislation.

The nine guiding principles were:Notice, Consent and Choice, Limitation of Collection, Limitation of Purpose, Access and Correction of Collected Data, Information Disclosure, Security, Transparency and Openness, and Accountability. But even then, before 2012 only four of the nine principles were enshrined in law.

One of the biggest developments seen in India with regards to data privacy was the landmark Justice KS Puttaswamy vs Union of India judgment of 2017. In the judgment, the Supreme Court of India ruled that the right to privacy is a fundamental right and that it is an essential component of Part III of the Indian Constitution. Moreover, according to the ruling, any type of surveillance in India should be evaluated using three criteria:legality, necessity, and proportionality. This is one of the basic principles that is used to govern data privacy laws and keep a check on the various legislations and enactments brought out by the government.

Besides India, data privacy laws around the world are based on different principles and ideals. For instance, data privacy laws in the United States of America are made to protect the personal and private lives of individuals from government intervention. Besides focusing on the protection of data from the government, there are also sector-based laws made for various business sectors to keep data privacy in check. On the other hand, laws in the European Union regarding Data Privacy are pretty comprehensive in the sense that the same data privacy law is applicable against both the government and the private entities.

The new IT rules, which came into place in 2021, require social media intermediaries to track the source of communication, requiring firms to abandon their cherished notion of user privacy. This would be a grave infringement of human rights, and it has been widely denounced by individuals

from all walks of life, as the regulations appear to be vital and beneficial on the surface, but the state might utilize users' data for other purposes. With such rules, the government has more freedom with public data.

The previously mentioned revised data protection standards were made public by the "Bureau of Indian Standards" in mid-2021. The new criteria call on businesses to create, maintain, and implement a data privacy management system, as well as continue to improve it, providing a privacy assurance framework. If they are required to maintain suitable security policies and processes under the rules, the prescriptive component's implementation has not been precisely stated. As a result, the organization must guarantee that the prescriptive feature is implemented in a way that fits the need.

The "Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021," which were announced to the Ministry of Electronics and Information Technology, replaced the "Information Technology (Intermediaries Guidelines, 2011" rules. Internet intermediaries must comply with new due diligence standards, which include keeping information obtained from users for 180 days after they have canceled their registration. The main social media intermediaries are required to provide the identity of the original originator of communication in response to a court or government request, but not the content of the message or any other information.

Outrage erupted when it was found that Pegasus software developed by an Israeli security firm, the NSO group, was being used to spy on Indian citizens. The Indian Supreme Court handed down a significant judgment. The Supreme Court convened a three-member expert panel to provide suggestions for new surveillance legislation or changes to existing legislation.

As part of his right to be forgotten, a petitioner petitioned the Madras High Court to delete his name from court orders, however, the case was dismissed by a single judge bench. Due to the lack of a framework or criterion for redacting a person's name, the court decided to hold off on utilizing such powers until the government passed a new data protection law.

The Indian government's new social media guidelines, issued in May of last year, require WhatsApp to track the origin of a conversation if requested by relevant authorities. Instead of following the instructions, Whatsapp has brought a case against the government, claiming that the new restrictions infringe on Indian users' right to privacy and urging the Supreme Court to declare the intermediary requirements unconstitutional. The American company has emphasized how its software is used for private talks by people from all backgrounds of life because of the privacy it gives.

WhatsApp contends that mandating intermediaries in India to pinpoint the source of communication on its service compromises the privacy and security on which millions of users rely, as well as end-to-end encryption technology. WhatsApp's underlying concept and technology, end-to-end encryption, has been restricted by intermediate limitations.

Because end-to-end encryption and traceability are incompatible, encryption technology is jeopardized. The Indian government's demands violate the "data minimization principles," as WhatsApp is compelled to preserve more data for messages carried within India for an indeterminate amount of time.

Traceability, according to WhatsApp, will not only fail to fulfill the government's expectations but will also result in human rights violations. One of the concerns is that many people's names will be blacklisted just because they shared information with others, even if they were not the source, just to be safe or double-check its veracity.

If specific information is found to be damaging to the government, a huge number of completely innocent and completely innocent people might be subjected to probes or even imprisoned. The government may seek any message in the future, so WhatsApp would have to trace all messages, not just some. The government is accidentally pushing extensive monitoring by compelling social media service providers to track users.

The situation of the right to privacy in India is deteriorating, necessitating the creation of an urgent statutory framework for data protection. The "Indian Data Protection Bill, 2019," seeks to protect the much-needed data of Indian web users so that users can exert their privacy rights on the digital platform, which is not sufficiently equipped to provide the requisite privacy and rights for accountability, according to experts and IT professionals. Another hurdle to the early adoption of data privacy regulations is the limited reach of these sensitive personal data.

Rather than requiring businesses to store ever-increasing volumes of data, the government should assess how critical our data is and so prohibit large-scale data collection by businesses. The amount of data gathered by data providers and social media, intermediaries should be maintained to a bare minimum.

Even if the data was collected and stored with the user's consent, the user's right to be forgotten must be maintained, which is why users must be able to request that their data be erased from databases and servers. The government should also take efforts to update obsolete data protection laws and legislation, limiting the quantity of data collected from customers.

Because the goal of data storage and usage will shift as technology evolves, the government must not impose totalitarian and draconian data privacy legislation. The law that the government drafts in the future to preserve citizens' data privacy should be responsive to new technology and flexible.

  1. (2021) accessed 25 March 2022
  2. Data Protection and Privacy Legislation Worldwide (UNCTAD) accessed 28 March 2022
  3. Ettech Explained: Government Rules On Whatsapp & The Controversy Around It (The Economic Times, 2021) accessed 25 March 2022
  4. Report Of The Joint Committee On The Personal Data Protection Bill, 2019 (2021) Data Protection Bill, 2019/17_Joint_Committee_on_the_Personal_Data_Protect ion_Bill_2019_1.pdf> accessed 24 March 2022
  5. The Personal Data Protection Bill, 2019 (, 2019) accessed 27 March 2022
  6. Acharya B, The Four Parts of Privacy in India (2015) 50(22)> accessed 29 March 2022
  7. Aggarwal E, 'Scope And Fate Of Data Privacy Laws In India' (Lexlife India, 2021) accessed 27 March 2022
  8. Clarke R, 'What's Privacy?' (Roger Clarke, 2006) accessed 29 March 2022
  9. Dhapola S, 'Explained: Whatsapp'S Arguments To Fight Traceability Clause In IT Rules 2021' (The Indian Express, 2021) accessed 26 March 2022
  10. Gokhale G, Kamath A, and Kittane P, 'Privacy & Data Protection Capsule: India's Turn On The World Stage' (The National Law Review, 2022)
    stage> accessed 24 March 2022
  11. Government of India Planning Commission, Report of the Group of Experts on Privacy accessed 30 March 2022
  12. Justice K S Puttaswamy (Retd) and Anr vs Union Of India And Ors [2017] The Supreme Court of India, 10 SCC (The Supreme Court of India)
  13. Karthick Theodre v The Registrar General [2021] Madras High Court (Madras High Court)
  14. Kessler DJ, Ross S and Hickok E, 'A Comparative Analysis Of Indian Privacy Law And The Asia-Pacific Economic Cooperation Cross-Border Privacy Rules' (2014) 26(1) National Law School of India Review> accessed 29 March 2022
  15. Kulhari S, Building-Blocks of a Data Protection Revolution (2018) 23-37
  16. Manohar Lal Sharma v Union Of India [2021] The Supreme Court of India (The Supreme Court of India)
  17. Ministry of Electronics and Information Technology, Data Protection In India accessed 30 March 2022
  18. Morison WL, Report on the law of privacy (1973)
  19. Qureshik M and Rizvi A, 'The Evolution of Right to Privacy in India: A Look at the Past, Present & Future' The Quint (30 September 2021)
  20. Westin AF, 'Privacy And Freedom' (1968) 25(1) Wash. & Lee L. Rev.accessed 28 March 2022
  21. White Paper Of The Committee Of Experts On A Data Protection Framework For India 71127_final_v2.pdf> accessed 29 March 2022
Written By:
  1. Aryan Dash, currently pursuing B.A.LL.,B from National Law University Odisha and
  2. Bhumika Navin, currently pursuing B.A.LL.,B from National Law University Odisha.

Law Article in India

Ask A Lawyers

You May Like

Legal Question & Answers

Lawyers in India - Search By City

Copyright Filing
Online Copyright Registration


How To File For Mutual Divorce In Delhi


How To File For Mutual Divorce In Delhi Mutual Consent Divorce is the Simplest Way to Obtain a D...

Increased Age For Girls Marriage


It is hoped that the Prohibition of Child Marriage (Amendment) Bill, 2021, which intends to inc...

Facade of Social Media


One may very easily get absorbed in the lives of others as one scrolls through a Facebook news ...

Section 482 CrPc - Quashing Of FIR: Guid...


The Inherent power under Section 482 in The Code Of Criminal Procedure, 1973 (37th Chapter of t...

The Uniform Civil Code (UCC) in India: A...


The Uniform Civil Code (UCC) is a concept that proposes the unification of personal laws across...

Role Of Artificial Intelligence In Legal...


Artificial intelligence (AI) is revolutionizing various sectors of the economy, and the legal i...

Lawyers Registration
Lawyers Membership - Get Clients Online

File caveat In Supreme Court Instantly