Author: - Sakshi Arya
4th Year B.A. LL.B
Dr Babasaheb Ambedkar College of Law, Nagpur (Main Branch)
Abstract: The 21st century has seen such a hazardous ascent in the number of manners by which we use data, that it is broadly alluded to as the data age‟ This advanced unrest has penetrated India also. Perceiving its noteworthiness, and that it vows to acquire enormous disturbances practically all divisions of society, the Legislature of India has conceived and executed the “Computerized India” activity with almost 450 million Web clients, what’s more, a development pace of 7-8%, India is well on the way to turning into a computerized economy, which has an enormous market for worldwide players.
India is quickly changing into an advanced society. We see an information transformation all over the world. While the change to a computerized economy is in progress, the handling of individual information has as of now become inescapable. The truth of the computerized condition today is that pretty much every single movement embraced by an individual includes a type of information exchange or the other.
While we receive its rewards, assurance of information is essential. While data can be put to valuable use, the unregulated and self-assertive utilization of information, particularly close to home data, has raised concerns concerning the protection and independence of a person. This was likewise the topic of the milestone judgment of the Preeminent Court, which perceived the privilege of security as a major right.
- Profiling of people
- Expanded reconnaissance
- An effect on singular freedom
- Concept of data
Section 2(1)(o) of the Information Technology Act, 2000 (the “IT Demonstration”) has characterized “information” to signify “a portrayal of data, information, realities, ideas or guidelines which are being readied or have been arranged in a formalized way, and is proposed to be handled, is being prepared or has been prepared in a PC framework or PC organize, and might be in any structure (counting PC printouts attractive or optical capacity media, punched cards, punched tapes) or put away inside in the memory of the PC.” The electronic assent structure given by the Advanced Storage Authority characterizes ‘information’ to signify “any electronic data that is held by an open or private specialist organization (like a taxpayer-supported organization office, a bank, an archive and so on. This may incorporate both static reports and value-based records’. Be that as it may, the idea of information isn’t just limited to electronic data yet additionally stretches out to data put away in physical structure, for example on a bit of paper”.
- Protection of data
In a few recent years, there has been a generous increment in the measure of information that is created through the use of different electronic gadgets and applications. The present organizations infer a significant incentive by investigating the ‘large information’ and frequently decide their business techniques dependent on such examination. While there is no denying the business proficiency included, the consuming inquiry is ‘do people have power over how data relating to them is gotten to and prepared by others’.
Security is the option to be disregarded or to be liberated from abuse or maltreatment of one’s character. The privilege of protection is the option to be liberated from outlandish exposure, to carry on with an existence of detachment, and to live without inappropriate impedance by the general population in issues with which the general population isn’t concerned.
The privilege of protection isn’t new. It has been a customary law idea, and an attack of protection gives a privilege to the individual to guarantee misdeed-based harms. One of the first cases on the said theme was Semayne’s Case (1604)
The case identified with the section into a property by the Sheriff of London to execute a substantial writ. Sir Edward Coke, while perceiving a man’s entitlement to protection broadly said that “the place of everybody is to him as his manor and stronghold, also for his resistance against injury and viciousness, concerning his rest”. The idea of protection further created in Britain in the nineteenth century and has been settled in this day and age. If there should be an occurrence of Campbell v. MGN The court held that if “there is an interruption in a circumstance where an individual can sensibly anticipate his security to be regarded, that interruption will be equipped for offering to ascend to risk except if the interruption can be advocated”.
- INDIAN STATUE ON RIGHT TO PROTECTION
i) Article 21: Article 21 of the Constitution of India gives that “No individual will be denied his life or individual freedom as indicated by methodology built up by law”. Be that as it may, the Constitution of India doesn’t explicitly perceive ‘right to security’ as a central right.
ii) Regardless of whether the ‘right to security’ is central was first considered by the Hon’ble Incomparable Court in the instance of M. P. Sharma and Ors. v Satish Chandra, Region Officer, Delhi and Ors. wherein the warrant gave for search and seizure under article 94 and 96 (1) of the Code of Criminal procedure was tested. The Hon’ble Preeminent Court had held that the intensity of search and seizure was not in contradiction of any protected arrangement. Further, the Hon’ble Incomparable Court avoided offering acknowledgement to right to security as an essential right ensured by the Constitution of India by seeing as under: –
“An intensity of search and seizure is in any arrangement of the statute an abrogating intensity of the State for the insurance of government managed savings and that force is fundamentally directed by law. At the point when the constitution producers have thought fit not to expose such guideline to sacred confinements by an acknowledgement of a principal right to protection, closely resembling the Fourth Amendment, we have no avocation to import it, into an entirely unexpected key right, by some procedure of stressed development. Nor is it authentic to expect that the sacred security under Article 20(3) would be vanquished by the legal arrangements for a look.”
iii) From that point, on account of Kharak Singh v Province of Uttar Pradesh and Ors.,the issue considered by the Hon’ble Preeminent Court was, regardless of whether the reconnaissance by domiciliary visits around evening time against a denounced would be maltreatment of the privilege ensured under Article 21 of the Constitution of India, in this way bringing up the issue concerning whether Article 21 was comprehensive of right to security. The Hon’ble Incomparable Court held that such reconnaissance was, truth be told, in repudiation of Article 21. The dominant party decides further proceeds to hold Article 21 doesn’t explicitly accommodate a security arrangement, and in this way, the privilege to protection couldn’t be interpreted as a central right. The Hon’ble Preeminent Court saw as under: –
Having given the issue our best thought we are plain of the feeling that the opportunity ensured by Article 19(1)(d) isn’t encroached by a watch being kept over the developments of the suspect. Nor do we consider that Article 21 has any significance in the setting as was tried to be proposed by learned Insight for the candidate. As effectively brought up, the privilege of security is certifiably not ensured right under our Constitution and thusly the endeavour to determine the developments of a person which is simply a way in which protection is attacked isn’t an encroachment of a central right ensured by Part III.”
Be that as it may, the minority assessment by Hon’ble Mr Equity Subba Rao perceived protection as a significant feature of individual freedom and in this way Article 21 of the Constitution of India by seeing as under: –
“In A.K. Gopalan case, it is portrayed to mean freedom identifying with or concerning the individual or on the other hand body of the individual; and individual freedom in this sense is the direct opposite of physical limitation or pressure.
- CURRENT ISSUE ENCOMPASSING DATA SECURITY
i) The Hon’ble Incomparable Court has set out a triple necessity for State’s impedance with the central rights. While the State may mediate to secure real Estate interests, (a) there must be a law in presence to legitimize an infringement on protection, which is an express prerequisite of Article 21 of the Constitution, (b) the nature and substance of the law which forces the limitation must fall inside the zone of sensibility ordered by Article 14, and (c) the methods which are received by the governing body must be relative to the item and requirements tried to be satisfied by the law. In this way, going ahead any laws which look to infringe upon the privilege of security of an individual would need to meet the trial of proportionality and sensibility. It will take a couple of years before law around what comprises sensible and proportionate State impedance settles temporarily. The legitimacy of the Aadhar Plan will now be tried based on this judgment.
ii) It is frequently contended that India ought to embrace the ‘rights-based’ information insurance model instead of the present ‘assent based’ model. Under the assent-based model, the information controller is allowed to utilize, process and share the information with any outsiders, when the assent of the client is acquired. Be that as it may, relatively few are mindful of the real results of the tactless information sharing at the hour of giving assent. On the other hand, the ‘rights-based’ model permits the clients to have more prominent rights over his/her information while requiring the information controller to guarantee that such privileges of the clients are not penetrated. This prompts a more prominent self-governance of the clients over their information.
iii) The choice of the Hon’ble Preeminent Court engages the residents of India to look for legal help if there should arise an occurrence of penetration of its data security rights. This could affect the security and assurance approaches actualized by tech organizations in India. The clients can raise misdeeds-based cases as well as conjure their principal right to protection.
- CONCERNS AND TROUBLES
(i) What is the idea of data that is ensured by the Indian lawmaking body?
Since India doesn’t have a far-reaching information insurance system, the primary sanctioning that bargains with the assurance of information are the IT Demonstration and the Data Innovation (Sensible Security Practices and Systems and Delicate Individual data) Rules, 2011 (the “IT Rules”). Under the IT Act and the IT Rules, what is principally tried to be secured is ‘individual data’ and ‘touchy individual information or data’, for example, the data identified with
- the secret phrase;
- budgetary data, for example, ledger or charge card or plastic or other instalment instrument subtleties;
- physical, physiological and emotional wellness Conditions.
- sexual direction;
- clinical records and history; and
- biometric data. Be that as it may, the data which is openly accessible in open space isn’t considered inside the ambit of ‘delicate individual information or data’. Further, the arrangements just arrangement with the assortment and scattering of data by a ‘body corporate’.
Notwithstanding the above mentioned, the separate sectoral controllers recommend the information protection estimates required to be attempted by (I) the media communications organizations, (ii) the financial organizations, (iii) the clinical professionals, and (iv) the insurance agencies for shielding the security of information gathered from the clients, what’s more, to keep away from any unapproved revelations to outsiders.
(ii) Who can gather the individual information?
Rules 5 of the IT Decides endorses that no body corporate or any individual for its benefit will gather delicate individual information or data except if
(a) the data is gathered for a legal reason associated with a capacity or action of the body corporate; and
(b) the assortment of such data is viewed as vital for that reason.
Further, while gathering the data, the individual sharing the data is required to be made mindful of (I) the way that the data is being gathered; (ii) the reason for which the data is being gathered; (iii) the proposed beneficiaries of the data; (iv) the name and address of —
(a) the organization that is gathering the data; and
(b) the organization that will hold the data.
(iii) For what span can the individual information be put away?
Anyone corporate or people holding delicate individual information or data for its benefit can’t hold it for longer than is required for the reasons for which the data may legally be utilized or is something else required under any law for the present in power and such data can be utilized uniquely for the reason for which it is gathered.
Further, the body corporate or any individual for its benefit gathering the data, preceding the gathering of data, is required to give a choice to the supplier of the data to not to give the information or data tried to be gathered. The supplier of data, whenever while benefiting the administrations or something else, has the choice to pull back its assent given before.
(iv) To what exactly can the individual information be imparted to outsiders?
The body corporate accepting the data can uncover touchy individual information or data to any outsider, gave earlier authorization from the supplier of such data has been gotten, or such divulgence has been consented to in the agreement between the beneficiary and the supplier of data, or where the divulgence is vital for consistency of a lawful commitment.
Be that as it may, no such assent from the data supplier is required where the data is imparted to Government organizations commanded under the law to get data including delicate individual information or data with the end goal of confirmation of character, or for avoidance, identification, examination including digital occurrences, indictment, and discipline of offences.
(v) What are the commitments of the businesses corresponding to the individual information gathered of its representatives?
The businesses routinely gather ‘touchy individual data’ of its workers, for example, wellbeing records, money related data and so forth. On the off chance that the business stores such close to home data on a PC asset, such manager, if a body corporate, is required to have set up an extensive reported data security program and data security arrangements that contain administrative, specialized, operational and physical security control quantifies that are comparable with the data resources being ensured. On the other hand, the businesses can actualize ‘the worldwide Standard IS/ISO/IEC 27001 on Data Innovation – Security Procedures – Data Security The board Framework – Prerequisites’.
Further, under Rule 4 of the IT Rules, the business, being a body corporate, who gathers, gets, has, stores, data of its representatives, are required to have set up a protection strategy for the treatment of or managing in such close to home data. The business is additionally required to make the security strategy accessible for the workers for their survey and distribute the equivalent on its site.
It is apparent from over, that an exhaustive assembly directing the assortment and spread of individual information is of great importance. There are no thorough guidelines which direct the preparing of individual information which isn’t as such ‘delicate individual information or data’.
As of late, WhatsApp Inc. after being gained by Facebook Inc. changed its protection strategy, and the clients were put to see that “WhatsApp” account data of clients would be imparted to “Facebook” to improve “Facebook” advertisements and items encounters and the clients’ were approached to consent to the updated terms for proceeded with utilization of WhatsApp at the latest September 25, 2016, .In Karmanya Singh Sareen and Anr. recorded a writ request under the watchful eye of the Hon’ble High Court of Delhi battling that removing the security to protection of information of clients of “WhatsApp” and having the equivalent with Facebook was in the encroachment of major rights of the clients ensured under Article 21 of the Constitution.
The Hon’ble Delhi High Court while settling on the case ordered that if the clients select to erase the WhatsApp account, WhatsApp will erase clients’ information from its workers and forgo sharing clients’ information with Facebook, thus far as the clients who select to stay in “WhatsApp” are concerned, the current data/information/subtleties of such clients up to September 25, 2016, will not be imparted to “Facebook” or any one of its gathering organizations.
The court additionally guided the administration to consider whether it is possible to bring informing applications like WhatsApp under some legal administrative structure. This choice has notwithstanding, been tested before the Hon’ble Preeminent Court of India through an uncommon leave petition. The issue is sub-judice and is by and by pending for decision. The decision of the Hon’ble Incomparable Court and the approach figured by the Legislature will, as it may have an extensive effect on how individual information is dealt with in India, particularly by non-state entertainers.
- THE PERSONAL DATA PROTECTION BILL, 2019
The personal data protection Bill, 2019 was presented in Lok Sabha by the minister of electronics and Data Innovation, Mr Ravi Shankar Prasad, on December 11, 2019. The Bill looks to accommodate assurance of individual information of people and sets up an Information Security Expert for the equivalent.
The Bill administers the handling of individual information by (I) government, (ii) organizations consolidated in India, and (iii) remote organizations managing individual information of people in India. Individual information is information which relates to qualities, characteristics or traits of personality, which can be utilized to distinguish a person. The Bill sorts certain individual information as delicate individual information. This incorporates monetary information, biometric information, station, strict or political convictions, or some other class of information indicated by the legislature, in the conference with the Position and the concerned sectoral controller.
- Commitments of information guardian
An information trustee is a substance or person who chooses the methods and motivation behind preparing individual information. Such preparation will be dependent upon certain reasons, assortment and capacity confinements. For example, individual information can be handled uniquely for explicit, clear and legitimate reasons. Also, all information guardians must embrace certain straightforwardness and responsibility estimates, for example, (I) executing security shields, (for example, information encryption and forestalling abuse of information), and (ii) establishing complaint redressal systems to address grumblings of people. They should likewise organize instruments for age confirmation and parental assent when handling touchy individual information of kids.
- Privileges of the individual
The Bill sets out specific privileges of the individual (or information head). These incorporate the privilege to (I) get affirmation from the trustee on whether their information has been prepared, (ii) look for revision of mistaken, inadequate, or outdated individual information, (iii) have individual information moved to some other information guardian in specific conditions, and (iv) limit proceeding with exposure of their information by a trustee, on the off chance that it is not, at this point essential or assent is pulled back.
- Justification for preparing individual information
The Bill permits handling of information by trustees just if the assent is given by the person. Be that as it may, in specific conditions, individual information can be handled without assent. These include: (I) whenever required by the State for giving advantages to the individual, (ii) legitimate procedures, (iii) to react to a health-related crisis.
- Internet-based life delegates
The Bill characterizes these to incorporate middle people which empower online association among clients and consider sharing of data. Every such delegate which has clients over an informed limit, and whose activities can affect constituent majority rules system or open request, have certain commitments, which incorporate giving a willful client confirmation component for clients in India.
- Information Security Authority
The Bill sets up an Information Insurance Authority which may: (I) find a way to ensure interests of people, (ii) forestall abuse of individual information, and (iii) guarantee consistent with the Bill. It will comprise an administrator and six individuals, with at any rate 10 years’ aptitude in the field of information insurance and data innovation. Requests of the authority can be spoken to a re-appraising Court. Bids from the Council will go to the Preeminent Court.
- The move of information outside India
Delicate individual information might be moved outside India for handling if expressly assented to by the individual, and subject to certain extra conditions. Be that as it may, such touchy individual information should keep on being put away in India. Certain individual information told as basic individual information by the legislature must be handled in India.
The focal government can absolve any of its offices from the arrangements of the Demonstration: (I) in the enthusiasm of security of the state, open request, power and respectability of India and benevolent relations with remote states, and (ii) for forestalling actuation to the commission of any cognizable offence (for example capture without a warrant) identifying with the above issues. Preparing of individual information is additionally absolved from arrangements of the Bill for certain different purposes, for example, (I) avoidance, examination, or arraignment of any offence, or (ii) individual, local, or (iii) editorial purposes. Be that as it may, such handling must be for a particular, clear and legal reason, with certain security shields.
Offences under the Bill include: (I) handling or moving individual information disregarding the Bill, culpable with a fine of Rs 15 crore or 4% of the yearly turnover of the trustee, whichever is higher, and (ii) inability to direct an information review, culpable with a fine of five crore rupees or 2% of the yearly turnover of the guardian, whichever is higher. Re-recognizable proof and handling of de-distinguished individual information without assent are culpable with the detainment of as long as three years, or fine, or both.
- Sharing of non-individual information with government
The local government may guide information guardians to give it any: (I) non-individual information and (ii) anonymized individual information (where it is absurd to expect to recognize information head) for better focusing of administrations.
- Changes to different laws
The Bill corrects the Information Technology Act, 2000 to erase the arrangements identified with pay payable by organizations for inability to secure individual information.
- Data protection under the Information Technology Act, 2000
The Information Technology Act, 2002 (hereinafter alluded to as the “IT Demonstration”) is a demonstration to give legitimate acknowledgement to exchanges did by methods for electronic information trade and different methods for electronic correspondence, regularly alluded to as “electronic business”, which include the utilization of choice to paper-based techniques for correspondence and capacity of data to encourage electronic recording of reports with the Administration organizations.
- Grounds on which Government can meddle with Information
Under section 69 of the IT Demonstration, any individual, approved by the Administration or any of its official uncommonly approved by the Legislature, whenever fulfilled that it is essential or practical so to do in light of a legitimate concern for sway or uprightness of India, protection of India, the security of the State, neighbourly relations with outside States or open request or for forestalling impelling to the commission of any cognizable offence identifying with above or for the examination of any offence, for motivations to be recorded as a hard copy, by request, can guide any office of the Legislature to capture, screen or decode or cause to be blocked or observed or unscrambled any data produced, sent, got or put away in any PC asset. The extent of section 69 of the IT Demonstration incorporates both capture attempt and checking alongside decoding with the end goal of examination of digital violations. The Legislature has additionally told the Data Innovation (Methods and Protections for Capture attempt, Checking and Unscrambling of Data) Rules, 2009, under the above section.
The administration has additionally advised the Data Innovation (Strategies and Protections for Hindering for Access of Data) Rules, 2009, under section 69A of the IT Demonstration, which manages the obstructing of sites. The administration has obstructed the entrance of different sites.
- Punishment for Harm to PC, PC Frameworks, and so on under the IT Demonstration
Section 43 of the IT Demonstration, forces a punishment without recommending any furthest cutoff, doing any of the accompanying demonstrations:
- Gets to or ties down access to such PC, PC framework or PC organize;
- Downloads, duplicates or concentrates any information, PC information base or data from such PC, PC framework or PC organize including data or information held or put away in any removable stockpiling medium;
- Acquaints or causes with being presented any PC contaminant or PC infection into any PC, PC framework or PC arrange;
- Harms or causes to be harmed any PC, PC framework or PC arrange, information, PC information base or some other projects dwelling in such PC, PC framework or PC organize;
- Upsets or causes interruption of any PC, PC framework or PC organize;
- Denies or makes the forswearing of access any individual approved to get to any PC, PC framework or PC arrange using any means; (g) gives any help to any individual to encourage access to a PC, PC framework or PC organize in contradiction of the arrangements of this Demonstration, rules or guidelines made thereunder;
- Charges the administrations profited by an individual to the record of someone else by messing with or controlling any PC, PC framework, or PC arrangement, he will be obligated to pay harms by the method of payment to the individual so influenced.
- Obliterates, erases or modifies any data dwelling in a PC asset or lessens its worth or utility or influences it damagingly using any means;
- Steel, covers, crush or adjusts or make any individual take, hide, wreck or change any PC source code utilized for a PC asset to cause harm.
- Messing with PC Source Reports as accommodated under the IT Demonstration, 2000
Section 65 of the IT Demonstration sets out that whoever purposely or deliberately hides, pulverizes, or changes any PC source code utilized for a PC, PC program, PC framework or PC arrange, when the PC source code is required to be kept or kept up by law for now in power, will be culpable with detainment as long as three years, or with fine which may reach out up to Rs 2,00,000 (approx. US$3,000), or with both.
- PC related offences
Section 66 gives that if any individual, insincerely or deceitfully do any demonstration alluded to in section 43, he will be culpable with detainment for a term which may reach out to three years or with fine which may stretch out to Rs 5,00,000 (approx. US$ 8,000)) or with both.
- Punishment for Penetrate of Classification and Protection
Section 72 of the IT Demonstration accommodates punishment for a break of classification and security. The Section gives that any individual who, incompatibility of any of the forces presented under the IT Demonstration Rules or Guidelines made thereunder, has tied down access to any electronic record, book, register, correspondence, data, report or other material without the assent of the individual concerned, uncovers such material to some other individual, will be culpable with detainment for a term which may stretch out to two years, or with fine which may reach out to Rs 1,00,000, (approx. US$ 3,000) or with both.
- Revisions as presented by the IT Alteration Act, 2008
Section 10A was embedded in the IT Demonstration which manages the legitimacy of agreements framed through electronic methods which set out that agreements shaped through electronic signifies “will not be considered to be unenforceable exclusively on the ground that such electronic structure or means was utilized for that reason”.
The accompanying significant sections have been subbed and embedded by the IT Correction Act, 2008:
- Section 43A – Remuneration for inability to secure information.
- Section 66 – PC Related Offenses
- Section 66A – Discipline for sending hostile messages through correspondence administration, and so on. (This arrangement had been struck somewhere around the Hon’ble Preeminent Court as unlawful on 24th Walk 2015 in Shreya Singhal versus Association of India)
- Section 66B – Discipline for deceptively getting taken PC assets or specialized gadget.
- Section 66C – Discipline for wholesale fraud.
- Section 66D – Discipline for cheating by personation by utilizing PC assets.
- Section 66E – Discipline for infringement for security.
- Section 66F – Discipline for digital fear-based oppression.
- Section 67 – Discipline for distributing or communicating indecent material in electronic structure.
- Section 67A – Discipline for distributing or communicating of material containing explicitly express act, and so forth, in electronic structure.
- Section 67B – Discipline for distributing or communicating of material portraying youngsters in explicitly unequivocal acts, and so on, in electronic structure.
- Section 67C – Protection and Maintenance of data by mediators.
- Section 69 – Forces to give headings for block attempt or observing or decoding of any data through any PC asset.
- Section 69A – Capacity to give bearings for obstructing for the community of any data through any PC asset.
- Section 69B – Capacity to approve to screen and gather traffic information or data through any PC asset for digital security.
- Section 72A – Discipline for the revelation of data in penetrating of legitimate agreement.
- Section 79 – Exclusion from the obligation of the middle person in specific cases.
- Section 84A – Modes or techniques for encryption.
- Section 84B – Discipline for abetment of offences.
- Section 84C – Discipline for the endeavour to submit offences.
There is no uncertainty that India critically needs to investigate its inadequately directed advanced spaces and at the virtual exercises of people, private associations and administrative specialists the same. The few offices performing cybersecurity tasks in India, for example, the National Specialized Exploration Association, the National Insight Framework and the National Data Board, require powerful strategy and authoritative and infrastructural support from the Service of Hardware and Data Innovation, and from the courts, to empower them to carry out their responsibilities appropriately. The EU’s Overall Information Insurance Guideline may give force to India in such manner, especially given that not exclusively will the guideline influence cross-fringe data stream (and India is a net data exporter), yet additionally the EU has uncovered a few lacunae in the principles applied by the Indian government to the assurance of information and requirement of cybersecurity in a report following endorsement of its new information security guideline. While it appears that the legislature is concerned and quick to achieve change in this division, considering India’s somewhat helpless record in organizing these issues, hopefulness isn’t justified at this stage.
 Strutner v Dispatch printing co. 2 Ohio App. 3d 377( Ohio ct. App, Franklin county 1982) .
 Peter Semayne V Richard Gresham, 77 ER 194.
 2004,UKHL 22.
 1954 SCR 1077.
 (1964) 1 SCR 334
 1950 SCR 88
 Supra note 10.
 Rule 6 of IT Rules.
 Karmanya Singh sareena v UOI 2016 SSC Online Del 5334.
 SLP (Civil) no. 804/2017.
Facebook ‘pauses’ WhatsApp data sharing after ICO intervention The Guardian, https://www.theguardian.com/technology/2016/nov/08/facebook-pauses-whatsapp-data-sharing-after-ico-intervention .
- Data Privacy Bill 2019: All you need to know PwC, https://www.pwc.in/consulting/cyber-security/data-privacy/personal-data-protection-bill-2019-what-you-need-to-know.html.
- India’s First Data Protection Bill: The Road Ahead – ET CIO ETCIO.com, https://cio.economictimes.indiatimes.com/news/government-policy/indias-first-data-protection-bill-the-road-ahead/72833120.
- Data privacy day: Here’s all you need to know about risks and remedies of ‘Indian Data Protection bill‘ – ET CIO ETCIO.com, https://cio.economictimes.indiatimes.com/news/government-policy/data-privacy-day-heres-all-you-need-to-know-about-risks-and-remedies-of-indian-data-protection-bill/67717754.
- On Data Privacy, India Charts Its Own Path The New York Times, https://www.nytimes.com/2019/12/10/technology/on-data-privacy-india-charts-its-own-path.html.
- India – The Privacy, Data Protection and Cybersecurity Law Review – Edition 6 – TLR The Law Reviews, https://thelawreviews.co.uk/edition/the-privacy-data-protection-and-cybersecurity-law-review-edition-6/1210048/india.