india-map

FIND YOUR MP

Switch to Hindi (हिंदी)
Legislation

Are we closer to a law on privacy?

Simran - October 19, 2012

On October 16, the Group of Experts on Privacy, Chaired by Mr. A. P. Shah, submitted its Report to the Planning Commission.  The Expert Group was appointed to set out the principles that Indian privacy law should abide by.   Even though privacy has been held to be a fundamental right as long back as in 1962, India does not have a law that specifies safeguards to privacy.  Moreover, recent government initiatives, such as the UID, involve collection of personal information and storage in electronic form.  The absence of a law on privacy increases the risk to infringement of the fundamental right. In this blog we list the recommendations made by the expert group, discuss the status of the right to privacy in India, and why there is a need for an enactment. Recommendations of the Expert Group on Privacy

  • The Expert Group recommended that the new legislation on privacy should ensure that safeguards are technology neutral.  This means that the enactment should provide protections that are applicable to information, regardless of the manner in which it is stored: digital or physical form.
  • The new legislation should protect all types of privacy, such as bodily privacy (DNA and physical privacy); privacy against surveillance (unauthorised interception, audio and video surveillance); and data protection.
  • The safeguards under the Bill should apply to both government and private sector entities.
  • There should be an office of a ‘Privacy Commissioner’ at both the central and regional level.
  • There should be Self-Regulating Organisations set up by the industry.  These organisations would develop a baseline legal framework that protects and enforces an individual’s right to privacy.  The standards developed by the organisations would have to be approved by the Commissioner.
  • The legislation should ensure that entities that collect and process data would be accountable for these processes and the use to which the data is put.  This, according to the Group, would ensure that the privacy of the data subject is guaranteed.

Present status of the Right to Privacy While the Supreme Court has held privacy to be a fundamental right, it is restricted to certain aspects of a person’s life.  These aspects include the privacy of one’s home, family, marriage, motherhood, procreation and child-rearing.  Therefore, to claim privacy in any other aspect, individuals have to substantiate these are ‘private’ and should not be subjected to state or private interference.  For instance, in 1996 petitioners had to argue before the Court that the right to speak privately over the telephone was a fundamental right. Risks to privacy Government departments collect data under various legislations.  For instance, under the Passport Act, 1967 and the Motor Vehicles Act, 1988 persons have to give details of their address, date of birth etc.  These enactments do not provide safeguards against access and use of the information by third parties.  Similarly, information regarding ownership of property and taxes paid are publicly available on the MCD website. Furthermore, recent government initiatives may increase the risk to infringement of privacy as personal information, previously only available in physical form, will now be available electronically.  Initiatives such as the National e-Governance Plan, introduced in 2006 and Aadhaar would require maintenance of information in electronic form.  The Aadhaar initiative aims at setting up a system for identifying beneficiaries of government sponsored schemes.  Under the initiative, biometric details of the beneficiaries, such as retina scan and fingerprints, are collected and stored by the government.  The government has also introduced a Bill in Parliament creating a right to electronic service delivery.  As per news reports, a draft DNA Profiling Bill is also in the pipeline.  

Policy

Explained: Draft amendments to the IT Rules 2021

Omir Kumar - June 9, 2022

On June 6, 2022, the Ministry of Electronics and Information Technology released the draft amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules, 2021) for public feedback.  The IT Rules were notified on February 25, 2021, under the Information Technology Act, 2000 (IT Act).  The Ministry noted that there is a need to amend the Rules to keep up with the challenges and gaps emerging in an expanding digital ecosystem.  In this blog post, we give a brief background to the IT Rules, 2021 and explain the key proposed changes to the Rules.

Background to the IT Rules, 2021

The IT Act exempts intermediaries from liability for user-generated content on their platform provided they meet certain due diligence requirements.  Intermediaries are entities that store or transmit data on behalf of other persons and include telecom and internet service providers, online marketplaces, search engines, and social media sites.  IT Rules specify the due diligence requirements for the intermediaries.  These include: (i) informing users about rules and regulations, privacy policy, and terms and conditions for usage of its services, including types of content which are prohibited, (ii) expeditiously taking down content upon an order from the government or courts, (iii) providing a grievance redressal mechanism to resolve complaints from users about violation of Rules, and (iv) enabling identification of the first originator of the information on its platform under certain conditions.  It also specifies a framework for content regulation of online publishers of news and current affairs and curated audio-visual content.  For an analysis of the IT Rules 2021 please see here.

Key changes proposed to the IT Rules 2021

Key changes proposed by the draft amendments are as follows:

  • Obligations of intermediaries:  The 2021 Rules require the intermediary to “publish” rules and regulations, privacy policy and user agreement for access or usage of its services.   The Rules specify restrictions on the types of content that users are allowed to create, upload, or share.  The Rules require intermediaries to “inform” users about these restrictions.  Proposed amendments seek to expand the obligation on intermediaries to include: (i) “ensuring compliance” with rules and regulations, privacy policy, and user agreement, and (ii) "causing users to not" create, upload, or share prohibited content.
     
  • The proposed amendments also add that intermediaries should take all reasonable measures to ensure accessibility of their services to all users, with a reasonable expectation of due diligence, privacy, and transparency.   Further, intermediaries should respect the constitutional rights of all users.  The Ministry observed that such a change was necessary as several intermediaries have acted in violation of the constitutional rights of citizens.
     
  • Appeal mechanism against decisions of grievance officers:  The 2021 Rules require intermediaries to designate a grievance officer to address complaints regarding violations of the Rules.  The Ministry observed that there have been instances where these officers do not address the grievances satisfactorily or fairly.  A person aggrieved with the decision of the grievance officer needs to approach courts to seek redressal.  Hence, the draft amendments propose an alternative mechanism for such appeals.  A Grievance Appellate Committee will be formed by the central government to hear appeals against the decisions of grievance officers.  The Committee will consist of a chairperson and other members appointed by the central government through a notification.  The Committee is required to dispose of such appeals within 30 days from the date of receipt.  The concerned intermediary must comply with the order passed by the Committee.  Note that the proposed amendments do not restrict users from directly approaching courts.
  • Expeditious removal of prohibited content:  The 2021 Rules require intermediaries to acknowledge complaints regarding violation of Rules within 24 hours, and dispose of complaints within 15 days.  The proposed amendments add that the complaints concerning the removal of prohibited content must be addressed within 72 hours.  The Ministry observed that given the potential for virality of content over internet, a stricter timeline will help in removing prohibited content expeditiously.

Comments on the draft amendments are invited until July 6, 2022.   

Recent Posts

  1. 1. First no-confidence motion of the 17th Lok Sabha discussed today
  2. 2. Anti-cheating laws for competitive examinations
  3. 3. Uttarakhand Assembly concludes 2-day session; 13 Bills introduced and passed
  4. 4. Inflation targets not met – MPC to examine today
  5. 5. How long can the central government take to frame Rules?