Data Protection Framework for India 


Data Protection Framework for India 

Data Protection Framework for India  for Data Protection

Data Protection Framework for India committee by B N SriKrshna  constituted by  Ministry of Electronics and Information Technology (MeitY), Government of India on  2017.  Justice B N Srikrishna, Former Judge,  to study and identify key data protection issues and recommend methods for addressing them.
The committee will also suggest a draft Data Protection Bill.
Protection of Data is expected to provide big boost to Digital economy of the country.

Data Protection Framework for India  – Terms of Reference

a) To study various issues relating to data protection in India

b) To make specific suggestions for consideration of the Central Government on principles to be considered for data protection in India and suggest a draft data protection bill.

Data Protection Framework for India – Need

The government of India recently informed the Supreme Court of India that it expects to put in place a comprehensive data protection framework.
The Telecom Regulatory Authority of India will be heading up the initiative and has already started consultations for preparing a draft framework.

There was no proper regulatory framework to deal with privacy concerns of citizens arising out of “over-the-top” popular messaging services such as Whatsapp, Facebook and Skype. Consequently, the Department of Telecommunications is exploring creating a “regulatory framework” through legislation to address data protection and citizens’ privacy concerns.

Related Topics  Aeolus

 When it’s enacted, it will define provisions for protecting sensitive personally identifiable information and spell out liabilities.

Data Protection Framework for India  – Existing Provisions

India already has some data protection and privacy provisions in the Information Technology Act 2000, amended in 2008 and the subsequent IT rules defined in 2011.

But the IT Act 2000/8 doesn’t define sensitive personal information directly and only provides guidance for reasonable security practice and due diligence – the actual implementation standards have not been explicitly

The current data protection regime is under section 43A of the IT Act 2000/8.

Those regulations are weak, do not specify any governmental agency, and do not lay out penalties for violations.

Section 43A and the ‘reasonable security rules’ didn’t change much, given the lack of teeth in the regulations, and the onerous job of proving “wrongful gain or wrongful loss” of property due to data breaches


Raja Raja Cholan
About Raja Raja Cholan 659 Articles
Trainer & Mentor for aspirants preparing for civil service examination

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.