A nonprofit research organisation, the Indian Centre for Internet and Society (ICIS), has issued an open call for comments on its draft Privacy (Protection) Bill 2013 (the Bill). Consultations on the Bill started in April 2013, with a series of seven roundtable talks being held in partnership with the Federation of Indian Chambers of Commerce and Industry, and the Data Security Council of India. ICIS states that it has “the intention of submitting the Bill to the Department of Personnel and Training as a citizen’s version of privacy legislation for India.” India’s current data protection regime, a product of piecemeal development, imposes very limited duties on organisations that collect, process and store data. No national regulator is in place to oversee the data protection regime.
Described by ICIS as “a citizen’s version of privacy legislation for India,” the draft Bill contains provisions for a new Data Protection Authority of India to be established with wide powers of investigation, review and enforcement. Penalties detailed by the Bill for infringement include a term of imprisonment and a fine. In addition, the Bill proposes the introduction of comprehensive regulation, including:
- Regulation of the collection, processing and storage of data by any person
- Regulation of the use of voice and data interception by authorities
- Regulation of the manner in which forms of surveillance not amounting to interceptions of communications may be conducted
If implemented, the draft Bill would be a considerable step forward for the privacy landscape in India, which has so far lacked the impetus provided by international instruments such as the European Data Protection Directive (95/46/EC).