With the initiation of national programmes like
Unique Identification number, NATGRID, DNA
profiling, Reproductive Rights of Women, Privileged
communications and brain mapping, most of which will
be implemented through ICT platforms, concerns have
been expressed in various quarters in the country on
the possible invasion of citizens fundamental right
to privacy Constitutionally guaranteed under Article
21. In order to understand these concerns and
identify interventions for effectively addressing
these issues, Dr. Ashwani Kumar, MOS (Planning) had
directed the constitution of a Group of Experts to
identify the Privacy issues and prepare a Report to
facilitate authoring of the Privacy bill.
Accordingly, a Group of Experts under the
chairmanship of Justice A P Shah, former Chief
Justice of the Delhi High Court was constituted on
29th September 2011. The Terms of Reference of the
Group were as follows:-
1. To study the Privacy laws and related bills
promulgated by various countries.
2. To make an in-depth analysis of various
programmes being implemented by GoI from the point
of view of their impact on Privacy.
3. To make specific suggestions for consideration of
the DOPT for incorporation in the proposed draft
Bill on Privacy.
The Group of Experts held meetings between January
and August 2012, wherein various issues and aspects
relating to privacy were discussed, keeping in view
inter alia the international landscape of privacy
laws, global data flows and the privacy concerns
emanating with rapid technological advancement. The
Group studied the constitutional basis for privacy,
International Privacy Principles, National Privacy
Principles and has also made an analysis of relevant
legislations/Bills from a privacy perspective.
The Report has recommended a conceptual framework
for the proposed Privacy legislation for India
covering the following five salient features:
a) Technological neutrality and inter-operability
with international standards.
b) Multi-dimensional privacy
c) Horizontal applicability
d) Conformity with privacy principles
e) Co-regulatory enforcement regime
Some of the major recommendations made in the Report
cover aspects such as:
The regulatory framework will consist of Privacy
Commissioners at the Central and Regional levels.
A system of co-regulation that will give
self-regulating organizations at industry level
choice to develop privacy standards which should be
approved by a Privacy Commissioner.
Individuals would be given the choice
(opt-in/opt-out) with regard to providing their
personal information and the data controller would
take individual consent only after providing inputs
of its information practices.
The data controller shall only collect personal
information from data subjects as is necessary for
the purposes identified for such collection as well
as process the data relevant to the purpose for
which they are collected.
The data collected would be put to use for the
purpose for which it has been collected. Any change
in the usage would be done with the consent of the
Data collected and processed would be relevant for
the purpose and no additional data elements would be
collected from the individual.
Interception orders must be specific and all
interceptions would only be in force for a period of
60 days and renewed for a period upto 180 days.
Records of interception must be destroyed by
security agencies after 6 months or 9 months and
service providers must destroy after 2 months or 6
Infringement of any provision under the Act would
constitute an offence by which individuals may seek
compensation for an organization / bodies held