Sign up to Newsletter

India

Report and Analysis

Long Read
Silhouette of a child reading a book in front of a sunset

EdTech in India: Worst Practices

In this article we look at the worst practices in the use of education technology across India's education system - the largest in the world.

Continue reading
Long Read
Queue outside Aadhaar card centre

Exclusion by design: how national ID systems make social protection inaccessible to vulnerable populations

Governments around the world are increasingly making registration in national ID systems mandatory for populations to access social benefits, healthcare services, and other forms of state support. By virtue of their design, these systems inevitably exclude certain population groups from obtaining an ID and hence from accessing essential resources to which they are entitled.

Continue reading
Long Read
indian ruppees over plate with cuttlery

Failures in the digitisation of India’s food security programme: the exclusion of married women of Odisha

Millions of people rely on India’s Public Distribution System (PDS) to receive subsidised food rations, which have become an essential ingredient of survival for many families during the Covid-19 pandemic. However, access to food rations is not guaranteed for all beneficiaries, with many women being left without access to food at a time of crisis.

Continue reading
Indian flag
Case Study

...it helps to protect our nationality

You have the right to belong to a country and have a nationality.

Continue reading
Long Read
Reproductive Rights and Privacy Project image 3

Why Does Reproductive Health Surveillance in India Need Our Urgent Attention?

CIS, PI's partner in India, posits health monitoring as surveillance and not merely as a “data problem.”

Continue reading
A blurred photo of a journalist and a notepad
Case Study

"Betrayed by an app she had never heard of" - How TrueCaller is endangering journalists

  • The story of an investigative journalist highlights shows the concrete risks that call-blocking apps like TrueCaller present for people in vulnerable situations.
  • TrueCaller is an app particularly popular in India and Sub-Saharan Africa. TrueCaller identifies the numbers calling you, so you can filter out undesirable phone calls and make sure you pick up a call you have been expecting, even if you have not previously registered the number.
  • Every time a user makes or receives a phone call from a number not already in the TrueCaller database, TrueCaller offers the user the option to “tag” the number so it can be entered in the TrueCaller database, under the name entered by the user.
Continue reading
View more

News

9th December 2018

Podcast: Fighting for Abortion in the 21st Century

1st December 2017

1.3 Billion People’s Right To Privacy Upheld Following Historic Judgement By India’s Supreme Court

1st March 2017

Aadhaar Scheme: FAQ

23rd November 2016

Stepping Into The Future: Does India Measure Up To The UN Group Of Experts On ICT Report?

29th April 2014

Monitoring Centres: Force Multipliers From The Surveillance Industry

20th February 2013

PI in Slate: "Privacy for the Other 5 Billion"

4th March 2012

PI's trip to Asia

8th December 2011

Indian Parliamentary Committee trashes UID Bill

Examples of Abuse

Want to know how this translate in the real world? Here is the latest example in the news.

Indian women protest policy changes at Urban Company

Over the years, Urban Company, which in 2014 offered women economic independence in India, a country that has very low female participation in the workforce, has increasingly removed flexibility and autonomy for its workers while raising the cost of getting started as a worker on the app to the
Read more
See more examples of abuse

Our Advocacy

Privacy International’s Comments on the India Personal Data Protection Bill, 2018

Privacy International welcomes the effort by the Government of India to reaffirm its commitment to upholding and respecting the right to privacy, and for noting the need to regulate the processing of personal data as essential for the protection of privacy through the adoption of a data protection law. 

The urgent need for this legislation has been validated in the Supreme Court decision regarding the Aadhaar Act, which stipulates the need for a robust data protection regime. 

However, the proposed Bill has a number of significant shortcomings. We recommend that to effectively protect privacy and to meet international standards in protecting personal data, full consideration should be given to the areas of concern and improvements outlined below under each Part of the Bill. 

Our feedback is outlined in detail in a briefing for the Committee of Experts constituted by the Ministry of Electronics and Information Technology (MeitY), Government of India. The amendments focus on the following issues: 

1. Over-reliance on consent and reasonable purposes

Core grounds for processing included within the Bill are consent and so called ‘reasonable purposes’. As explained in more detail in our brief, both these grounds raise concerns and are open to abuse in their current form.

2. Individual rights

Rights for individuals relating to their data are a vital part of a meaningful data protection framework. The rights that are included within the Bill need to be strengthened, including through limiting the time and cost of exercising them. The Bill also falls short by failing to include important rights, including the right to object, and rights in relation to profiling and automated decision-making. 

3. Data localisation

The Bill includes mandatory data localisation requirements. However, it is unclear what the justification is for making data storage in India mandatory. The justifications for this provision noted in the report of the Committee of Experts under the Chairmanship of Justice B.N. Srikrishna do not relate to the objective of the law which is to protect personal data. Firstly, mandatory data localisation will not provide adequate protection for people’s data, i.e. storing the data in India will not necessarily make the data more secure. Secondly, such a requirement may have negative implications for people’s rights and the security of their data with the risk that this provision is being used to access personal data for other purposes such as surveillance.

4. Wide exemptions

The exemptions to the Bill in Chapter IX are all overly wide and must be narrowed. In particular, the exemption for state security are broad and undefined and thus open to abuse. All of the agencies mandated with protecting the security of the state and with law enforcement powers must comply with India’s human rights obligations. Any interference with human rights must meet the requirements of being in accordance with the law, necessary and proportionate for the pursuant of a legitimate aim – this includes in relation to the right to privacy and thus data protection.

5. Role of the data protection authority

An independent and effective data protection authority to oversee implementation and enforcement is essential in ensuring that the law and the protections it provides translate into practice. Further clarity is required on the operation of the authority, including a timescale for its establishment. 

6. Delegated powers

The legislation has too many delegated powers, which remove the requirement for effective parliamentary scrutiny. These should be limited and the provisions added to the Bill. 

7. Harmonisation and application to Aadhaar

The absence of a comprehensive data protection framework in India to date means that it is essential to review and harmonise existing law and practice with the new data protection law. This is not explicitly included within the Bill. Further commitment must be made to ensure that high data protection standards are met across the board, particularly in relation to Aadhaar, which has far reaching implications for the privacy and security of people in India.

Read more
View more