India Privacy Dashboard

This page comprises recent developments in privacy regime of INDIA

The Personal Data Protection Bill, 2019 – Timeline

July 23, 2021


Up to First week of the Winter Session, 2021.

July 23, 2021
March 25, 2021


Up to First week of the Monsoon Session, 2021

March 25, 2021
February 9, 2021


Up to First week of the Budget Session, 2021

February 9, 2021
September 23, 2020


Up to Second week of the Winter session, 2020

September 23, 2020
March 23, 2020


Up to Second week of the Monsoon Session, 2020

March 23, 2020
December 11, 2019

Introduced in Lok Sabha

Referred to Standing Committee
Report by the first day of the last week of the Budget Session, 2020

December 11, 2019

Judgments on Privacy

India Updates

10th August 2021

  • India experienced total of 6,07,220 cybersecurity incidents in the first half of 2021 – Indian Computer Emergency Response Team (CERT-In).
  • Lok Sabha MP urges the Union government for an independent judicial investigation on the Pegasus Attack.
  • Consultation paper on Unified Health Interface released by National Health Authority for public comments.

4th August 2021

  • Joint Parliamentary Committee on Personal Data Protection Bill receives extension to present the final report in first week of winter session 2021.
  • Data Security Council of India issues a paper on Cloud Strategy.
  • Visa complies with the RBI Data localization norms. Reports the Hindu Business Line.

27th July 2021

  • Reserve Bank of India bans Mastercard from issuing new cards to domestic customers due to its failure to meet data localization requirements.
  • An accused can have his name redacted from Court orders upon acquittal to protect his privacy – Madras High Court.

21st July 2021

  • PIL filled in Bombay High Court against Truecaller for breach of privacy. Reports LiveLaw 
  • WhatsApp to stay implementation of its new privacy policy until the PDPB, 2019 comes into force. Reports India Today
  • Air India faces claims for data breach pertaining to June 2021. Reports Hindustan Times

13th July 2021

  • Breach at Tamil Nadu’s Public Distribution System, personal data of 5.2 million users compromised. – Reports The Week.
  • Reserve Bank of India published its Financial Stability Report.  Raises concerns about the potential risks to data privacy by big tech companies in the financial sector.
  • Ministry of Health and Family Welfare published consultation paper on the Healthcare Professionals Registry.

6th July 2021

  • Worker union protest against use of government app fearing privacy violation. – Report’s TOI
  • India’s Permanent Mission to UN issues clarification over UN HRC’s concerns over new IT rules, 2021. Highlights Right to Privacy of Indians.

28th June 2021

  • Personal Data Protection Bill to offer digitally enabled consent framework. – Report’s Indian Express.
  • Parliamentary Standing Committee on Information Technology summons Facebook and Google to represent on subject of safeguarding of citizen’s rights.
  • Government issuing Unique Health ID to citizens without consent, using personal data collected for CoWIN vaccination registration. – Reports National Herald.

21st June 2021

  • WhatsApp assures that it will not limit features for users who are yet to accept its privacy policy. Will continue this approach till PDP Bill comes into effect – Report’s BGR
  • COVID-19 data records published by Bengaluru’s Civic Body’s Contractor – Report’s ET
  • Union Minister for Electronics and IT clarifies that the Joint Parliamentary Committee on Personal Data Protection Bill is yet to finalize the report. – Report’s HT

14th June 2021

  • Telegram and WhatsApp data privacy war on Twitter.
  • Legal notice served to Hyderabad City police over unlawful collection of surveillance data.
  • Justice B N Srikrishna talks about new Intermediary guidelines and its data privacy concerns- Report’s ET.

28th May 2021

  • The New IT Rules 2021, will not be used to force intermediaries to break encryptions, says MeitY’s Cyber Law Head – Report’s The Economic Times.
  • Tamil Nadu government invites bids to implement all in one state family database for e-governance. Sets compliance with Data Protection Bill as a condition.
  • Massive cyber-security attack at Air India’s data processor. 4.5 million consumers data leaked.

21st May 2021

  • WhatsApp in its affidavit to the Delhi High Court stated that it is not mandatory for users to accept its news privacy policy and that they are free delete the app as they want. Report by Live Law
  • RBI amended its Master Direction on KYC, allows entities to use video-KYC with informed consent of customers and adequate security.

17th May 2021

  • Petition filed against WhatsApp’s privacy policy in Supreme Court of India by the Atmanirbhar Digital India Foundation – Report by Inc42
  • There is no data capture policy in place to regulate personal data captured by third party Co-WIN alert apps. – Report by National Health Authority
  • Department of Science and Technology releases the draft National Geospatial Policy 2021.

10th May 2021

  • The Bureau of Indian Standards published standards for personal data protection for businesses in India.
  • Delhi High Court dismissed petitions filed by Facebook and WhatsApp against CCI’s order to probe their privacy policy. – Report’s Bar and Bench

30th April 2021

  • Multiple security incidents reported in India. Data breach at UpstoxDominos and Bizongo.
  • Government of India sold vehicular bulk data to private firms, raises privacy concerns – Report’s the Wire

23rd April 2021

  • IT Rules, 2021 challenged in High Courts of Karnataka and Kerala. Report’s LiveLaw and Medianama
  • Justice BN Srikrishna, who led the panel that drafted Personal Data Protection Bill comments on new rules on social media and digital platforms. Report’s cnbctv18

16th April 2021

  • Reserve Bank of India orders audit of the MobiKwik data breach. Report’s LiveMint
  • People’s Aarogya Setu data available to Jammu and Kashmir Police – Reveals RTI filled by Internet Freedom Foundation.
  • 32 Indian Organizations affected by a data security incident, as hackers exploit vulnerabilities on Microsoft email servers. Report’s Economic Times

9th April 2021

  • Sophos reports that 52% Indian organizations have been victim of a cyber-attack in past 12 months and 65% took longer than a week to remediate.
  • MobiKwik suffers major security incident. KYC and card details of millions of Indian users compromised and up for sale

5th April 2021

  • Joint Parliamentary Committee on Personal Data Protection Bill gets extension up to first week of monsoon session for presenting the final report.
  • India suffered nearly 12 lakh cyber security incidents in the year 2020 – Ministry of Home Affairs.
  • Competition Commission to investigate WhatsApp’s privacy policy and data sharing practices.
  • Report on Consumer Protection (E-Commerce) Rules 2020 released by Parliamentary Committee on Subordinate Legislation. Recommends user’s personal data protection.

26th March 2021

  • Telecom Regulatory Authority of India implements Telecom Commercial Communications Customer Preference Regulations to curb Unsolicited Commercial Communication.
  • Government assures Co-Win app and portal complies data privacy. Source: Economic Times.
  • New WhatsApp Privacy Policy violates IT Rules, 2011 and shall not be implemented – Ministry of electronics & information technology submits to Delhi High Court. Source: Economic Times.

19th March 2021

  • A balanced data protection law in India soon says Rajya Sabha MP Dr. Amar Patnaik at CUTS International webinar on “Future of Data Governance in India”.
  • Google Pay India rolls out new user privacy feature. – Report’s Livemint
  • 84% Indians would pay more to do business with organizations that protects’ their personal data reveals OpenText research. Source CRN India

12th March 2021

  • Increase in hiring trends for Data Privacy Officers in India – Read the report by The Economic Times
  • Facial recognition technologies installed at Delhi Schools, triggers privacy concerns – Report’s Reuters

5th March 2021

  • Government of India notifies Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.
  • Report by Joint Parliamentary Committee on Personal Data Protection Bill, to emphasize on compliance with localization of sensitive data, handling of children’s data – Reports The India Express  
  • High Court of Meghalaya cites that data privacy safeguards are sine qua non for protecting Citizen’s privacy. Reports Live Law
  • No plans to order private players to delete vehicle registration and driving license data sold under the Bulk Data Sharing Policy – Road Transport and Highway Ministry, Government of India

26 February 2021

  • Justice B.N. Srikrishna flags privacy concern on DNA Technology (Use and Application) Regulation Bill, 2019.
  • WhatsApp asked to review its updated Privacy Policy by the Central Government. Reports Live Law
  • Department of Science & Technology, Government of India issues Guidelines on Geospatial Data.
  • “You may be a USD 2-3 trillion company, but people’s privacy is more valuable for them and it is our duty to protect their privacy” Supreme Court of India to WhatsApp. Reports TOI

19 February 2021

  • WhatsApp clarifies that transactions data is encrypted, ensures compliance with Reserve Bank of India’s data localization guidelines and does not store customer payment sensitive information.
  • Internet Freedom Foundation campaigns against Central Board of Secondary Education facial recognition tool.
  • Report on Personal Data Protection Bill, 2019 to be presented in second part of the budget session by March 15 – Report’s Economic Times

12 February 2021

  • Reserve Bank of India sets up Working Group to tackle data privacy and other security issues created by digital lending apps.
  • Police department of Lucknow starts using Facial Recognition Technology (FRT) for ensuring security of women, raises privacy concern. – Report’s TheWire
  • Indians have autonomy on their personal data. It should be procured through free consent – Union Minister Ravi Shankar Prasad at India Digital Summit 2021. Watch here

5 February 2021

  • Parliamentary Standing Committee on IT summons Facebook over changes in WhatsApp’s privacy policy. – Report’s ANI
  • Personal data of consumers at risk on the Taka Sky and Croma API’s. – Report’s Economic Times

29 January 2021

  • The Data Security Council of India issues special advisory on data breaches following Juspay data breach incident.
  • Personal data of millions of Indian users leaked on Dark Web.
  • Revised Report on the Non-Personal Data Governance Framework released by Ministry of Electronics and Information Technology. 

15 January 2021

  • Final draft of Personal Data Protection Bill, 2019 by the Joint Parliamentary Committee to have 89 amendments and one new clause – Report by Economic Times.
  • Personal data, including card details of millions of Indians leaked and compromised as Juspay, a payment gateway services provider suffers data breach incident.

11 January 2021

  • Draft report on Non-Personal Data Governance Framework, released by the Expert Committee on Non-Personal Data Governance Framework.
  • Private Companies and PSU’s among others will be allowed access to Crime and Criminals Tracking Network Systems (CCTNS) data for a fee, raises privacy concerns – Reports Times of India.
  • India to come up with a data protection model that the world follows – Ajay Prakash Sawhney, Secretary to Ministry of Electronics and Information Technology (GOI) – Reports Hindustan Times.

4 January 2021

  • Government of India passes Health Data Management Policy for its National Digital Health Mission.
  • India’s proposed Personal Data Protection Bill (PDPB), will be redrawn by the Joint Parliamentary Committee – Rajeev Chandrasekhar, Member Joint Parliamentary Committee on the PDPB at Carnegie India Global Technology Summit 2020. Watch the video

11 December 2020

  • High Court of Delhi in a PIL filled directs the Government of India to stop collecting data through national surveillance systems – Reports Business Insider. Read the report 
  • The Ministry of Civil Aviation publishes draft National Unmanned Aircraft System Traffic Management Policy addressing data protection and privacy issues. Read the policy
  • Orissa High Court reemphasizes on individual’s right to be forgotten or deleted. Read the order

4 December 2020

  • Joint Parliament Committee contemplates on widening PDPB’s scope, to include non-personal data regulations – Reports Livemint. Source
  • West Bengal IT department to train BPO’s and software firms on data privacy and protection best practices – Reports TOI. Source

27 November 2020

  • RBI to regulate Fintech market in India with customer protection and data security as guiding principles – Official speech by RBI Deputy Governor M Rajeshwar Rao. Refer official speech
  • Draft Data Center Policy released by the Ministry of Electronics and Information Technology (MeitY) for public consultation. Read the Policy
  • Aarogya Setu’s knowledge sharing protocol’s validity extended by six months by MeitY. Read the notification

21 November 2020

  • NITI Aayog’s draft on Data sharing framework for Financial sector open for public consultation. Last day 30th November, 2020. Read the draft
  • High Court of Telangana orders Telangana Government to stop from collecting data of non-agri assets, aadhar card and caste on Dharani portal: Reports TOI. Source TOI

30 October 2020

  • The Supreme Court of India issues notices to RBI and NPCI in PIL which alleged breach of financial data security of Indians by WhatsApp, Google, Amazon and Facebook. Refer Diary No.- 19354 – 2020 on SCI website
  • SEBI constitutes “Market Data Advisory Committee’’ for ‘Data Culture’ through ‘Data Democratization’ in the Indian securities market. Read more
  • Petition admitted by High Court of Kerala for removal of personal information from the Court’s order available on Google. Refer Filing No.- 39429/2020 on Kerala HC website

2 October 2020

  • Standing committee’s report on Personal Data Protection Bill extended to be submitted in second week of Parliament’s Winter Session 2020. Refer the timeline.
  • Govt. of India formulating policy prohibiting apps from collecting information that is “not necessary” for functioning – reports TOI
  • Expert committee under the National Cyber Security Coordinator constituted by GOI to study reports on surveillance of 10000 Indians. Read ANI report

17 September 2020

  • NDHM’s Health Data Management Policy open for public consultation. Read our summary
  • Petition filed in Supreme Court of India, seeking protection of Indian citizen’s financial data on UPI platforms like Amazon Pay, GPay, WhatsApp. Refer Diary No.- 19354 – 2020 on SCI website

10 September 2020

  • The State Government of Karnataka issued a circular on Processes, Procedures in Application Hosting and Best Practices in Data Protection. Read here
  • Petition filed against Google Pay in Delhi High Court for violating the Reserve Bank of India’s guidelines on data protection. Refer case status
  • Personal data of students is barred from public disclosure as would invade children’s privacy, rules Central Information Commission. Read the decision

31 July 2020

  • Report on non-personal data

The Committee of Experts on non-personal data governance framework constituted by the Ministry of Electronics and Information Technology, Government of India, under the Chairmanship of Kris Gopalakrishnan (Co-Founder, Infosys) released its report on 12 July 2020. The report covers key aspects such as data and socio-economic impact, definition of non-personal data, ownership of data, undertaking a data business, data sharing, non-personal data regulatory authority. This report will impact on businesses in data industry and is now open for feedback from public.

  • Data breach at Dunzo

India based delivery app Dunzo has reported a data breach incident. Dunzo is funded by Google and offers its services across multiple cities in India. The data compromised includes user phone numbers and email addresses. However, the volume has not been reported.

24 July 2020

  • Personal data sold for 5 paise in India – reports TOI
  • Sophos reports India worst hit by cyber security incidents

© Reina Consulting 2021 – All rights reserved