IAS Prelims 2019: All India Mock Test (OMR Based)
Across 20 Cities
Get realtime feel of Civil Services Prelims Examination at the Test Centers in your city.
Registration for 1st Test is closed now. Registration for 2nd Test is open till 27th March. Click Here for more details and online registration.

White paper on data protection framework


Government-appointed Justice B.N. Srikrishna committee released a white paper to prepare a data protection framework. Public comments are welcomed white paper, which is aimed at securing digital transactions and addressing privacy issues

About white paper for data protection

White paper talks about the definitions of personal data and sensitive data, informed consent, data breaches, setting up of a data protection authority, possible exemptions, protecting children’s personal data, data audit, data protection impact assessments as well as enforcement and accountability tools. It also discusses defining the offences, penalties and compensation.
The white paper lays out seven key principles for a data protection framework:

• Technology agnosticism- The law must be technology agnostic. It must be flexible to take into account changing technologies and standards of compliance.
• Holistic application- The law must apply to both private sector entities and government.
• Informed consent- Consent is to be informed and meaningful.
• Data minimization- Data that is processed ought to be minimal and necessary for purposes.
• Controller accountability-The data controller shall be held accountable for any processing of data, whether by itself or entities with which it may have shared the data for processing.
• Structured enforcement-Enforcement must be by a high-powered statutory authority with sufficient capacity.
• Deterrent penalties- Penalties on wrongful processing must be adequate to ensure deterrence.

Need for Data Protection in India

India has 450 million internet users and expected to increase up to 730 million by 2020 (NASSCOM-Akamai report on the "The future of Internet in India.")
Individual privacy is a fundamental right, as mentioned recently by Supreme Court of India.
Privacy is the constitutional core of human dignity. Privacy has both a normative and descriptive function. At a normative level privacy sub-serves those eternal values upon which the guarantees of life, liberty and freedom are founded.
To curtail the perils of unregulated and arbitrary use of personal data. As most of the servers like Google, Facebook is outside India.

Unauthorized leaks, hacking and other cybercrimes have rendered data bases vulnerable.
For securing digital transactions and addressing customer and privacy protection issues.

Indian laws with respect to data protection

India does not have separate law on data protection.
Section 43A of the Information Technology Act provides a measure of legal protection of personal information.
Justice A.P. Shah Committee recommended a set of principles.
Personal Data Protection Bill was introduced in Parliament in 2006, 2013 but not passed yet.

Challenges for data protection in India

India does not have specific law on data protection.A carefully formulated data protection law is necessary and must be cognizantwith international practices.
Server of major service providers and social networking sites are outside India.
India’s digital economy is largely governed by private data protection policies.
Infrastructure for information and data collection is not sufficient for monitoring.

Way forward

Informational privacy is a facet of the right to privacy. The dangers to privacy in an age of information can originate not only from the state but from non-state actors as well. Union Government needs to examine and put into place a robust regime for data protection. The creation of such a regime requires a careful and sensitive balance between individual interests and legitimate concerns of the state. The legitimate aims of the state would include for instance protecting national security, preventing and investigating crime, encouraging innovation and the spread of knowledge, and preventing the dissipation of social welfare benefits.


A firm legal framework for data protection is the foundation on which datadriven innovation and entrepreneurship can flourish in India. Fostering such innovation andentrepreneurship is essential if India is to lead its citizens and the world into a digital futurecommitted to empowerment, experiment and equal access.