Internet has proved to be a boon in various ways but this also invites some issues of which one of the major ones is data protection and privacy. Privacy is not merely something which is to be traded upon, as if the data about us were currency and nothing else. It’s a social property relating to values, culture, power, social standing, dignity, and liberty. Privacy is nowhere defined in law but major laws relating to this has been seen in Information Technology Act, 2000 and Indian Contract Act, 1872. Despite laws, India lacks in a proper legislative framework for data protection and privacy unlike developed countries like U.S.A, Russia, England where there are specific laws and legislative framework for combating data protection and privacy. The Battle for this started in 1954 with M.P Sharma’s case and finally ended in Aadhar card’s case in 2017 where the court incorporated the right to privacy under article 21 of the Indian constitution and made it a fundamental right. India being the largest host of outsourced data processing must have its own legislative framework to protect it. In 2013, National Cybersecurity Policy was drafted particularly in view of India’s position as an exponentially growing business process outsourcing destination but this policy was stymied and even reasons were not made public. Further in 2017 Data Privacy Bill, 2017 was introduced but unfortunately it has still not been enacted into law. It is a very high time for the country to wake up as without proper legislation and strong cyber laws, data breaches and privacy cannot be controlled. The Data Security Council of India(DSCI) and Department of Information Technology(DIT) should also join hands and come up with the strong framework and should also work to spread awareness amongst people about the framework.

 Download Full Paper