Data protection in India-Part I

The Committee of  Experts on Data Protection Framework for India headed by Justice B.N. Srikrishna released a white paper on data protection framework for India which was made available on the website of the Ministry of Electronics and Information Technology. This paper may be accessed here.  The Committee was set up by the Central Government to study and understand various issues relating to data protection in India, make specific suggestions on principles underlying a data protection bill and to draft a bill on data protection. The White Paper provides a brief overview of various issues with respect to data protection in India, gives a primer of the law in other jurisdictions such as European Union, United Kingdom, South Africa, Canada, Australia and the United States, provides the Committee’s provisional views on different issues, and seeks responses to specific questions as well as general matters. Any person interested may submit her responses/comments and/or inputs vide the online form available at on or before 31st December 2017.
This White Paper was preceded by a consultation paper on Privacy, Security and ownership of Data in the Telecom sector dated 9th August 2017 published by the Telecom Regulatory Authority of India. This report may be accessed here. The Consultation was laid open for public comments which ended on 22nd September 2017 and a final policy document/regulations are awaited. In 2012 a committee headed by Justice A P Shah submitted a Report of Group of Experts on privacy, which proposed a conceptual framework for a privacy statute in India. This report may be accessed here.
The White paper is divided into five parts and each part is divided into multiple chapters. The outline of the white paper is given below:

  • Part 1- Context-Setting
  • Part 2 – Scope And Exemptions
  • Chapter 1: Territorial And Personal Scope
  • Chapter 2: Other Issues of Scope
  • Chapter 3: What is personal data?
  • Chapter 4: Sensitive personal data
  • Chapter 5: What is Processing?
  • Chapter 6: Entities to be defined in the law: Data Controller and Processor
  • Chapter 7: Exemptions for Household purposes, journalistic and literary purposes and research
  • Chapter 8: Cross-Border Flow of Data
  • Chapter 9: Data Localisation
  • Chapter 10: Allied Laws


  • Part III- Grounds of Processing, Obligation on Entities and Individual Rights
  • Chapter 1: Consent
  • Chapter 2: Child’s Consent
  • Chapter 3: Notice
  • Chapter 4: Other Grounds of Processing
  • Chapter 5: Purpose Specification and Use Limitation
  • Chapter 6: Processing of Sensitive Personal Data
  • Chapter 7: Storage Limitation and Data Quality
  • Chapter 8: Individual Participation Rights-1
  • Chapter 9: Individual Participation Rights-2
  • Chapter 10: Individual Participation Rights 3- Right to be forgotten


  • Part IV- Regulation And Enforcement
  • Chapter 1: Enforcement Models
  • Chapter 2: Accountability and Enforcement Tools
  • Chapter 3: Adjudication Process
  • Chapter 4: Remedies


  • Part V- Executive Summary

All chapters of the White Paper are structured in a similar manner. Each chapter starts with an introduction and delves into issues relating to the subject matter of the chapter. The chapter then goes on to discuss how the issues have been addressed and/or dealt with under the law, and then provides the committee’s provisional views. The last part of each chapter poses general and specific questions with respect to the subject matter covered and issues outlined. Responses to each part/chapter can be submitted independently on
In our subsequent posts, we will be providing our responses to the questions raised in the white paper, parts of which will be submitted to the Ministry of Electronics and Information Technology. While we will be addressing aspects of privacy in general, our primary focus will be on privacy and its interface with intellectual property, celebrity rights, and trade secrets.

Leave a comment