A community-driven project has proposed a model privacy bill for India that puts citizens first

SaveOurPrivacy.in’s proposed guidelines are based on the Supreme Court’s assertion that privacy is a fundamental right.

A lot seems to be happening on debating data protection in India but actually, very little is happening to protect people’s rights to privacy and secure their data. For over nine months, a very specific debate has taken place on the shape the legal framework for privacy and personal data should take. Much of this has been channeled towards a particular policy development process – an expert committee chaired by retired Supreme Court judge BN Srikrishna. Appointed in August by the Ministry of Electronics and Information Technology, the committee is tasked with studying the subject of data protection and recommending principles and a draft bill that would “ensure growth of the digital economy while keeping personal data of citizens secure and protected”.

Last week, SaveOurPrivacy.in – a community-driven project aimed at ensuring India’s legal framework puts the interests of citizens and constitutional values first – went public. It unveiled seven principles and a corresponding model bill, a proposed Indian Privacy Code. Prepared by volunteering lawyers and policy analysts and building on previous model bill efforts (including the Privacy Protection Model Bill prepared by the non-profit Centre for Internet and Society, Bengaluru, in 2013), a copy of the SaveOurPrivacy Principles and Model Indian Privacy Code was also shared with Srikrishna for circulation among members of the expert committee.

More importantly, this project was initiated with the idea that the need of the hour is to publicly discuss previous attempts to pass a privacy law in India, current priorities in protecting the privacy of all residents of India and their data, and to ensure that a law with clear regulatory institutions, enforceable rights for individuals, and effective remedy is passed.

Not just about data

Anyone who has read the original notification issued by the Ministry of Electronics and Information Technology in August would be struck by its careful avoidance of the term “privacy”, and a seemingly limited, nearly technical view fixating on “data”. That becomes more understandable when one places it within the context of the government’s statements and public position in 2016-2017, when it was arguing that privacy was a not fundamental right before the Supreme Court in order to pull out a key foundation of the legal challenges filed against its Aadhaar unique identity scheme.

The same month, a landmark nine-judge constitutional bench ruling in Puttaswamy versus Union of India did not create a new right to privacy. In response to strenuous arguments made by several government law officers since 2015, including two successive attorneys general, the Supreme Court asserted that numerous provisions of the Bill of Rights under Part III of the Constitution did indeed provide for a fundamental right to privacy, most notably under the rights to freedom and life and liberty under Article 19 and Article 21.

It was also a constitutional bench of the Supreme Court chaired by Justice Dipak Misra (now chief justice of India) in the WhatsApp-Facebook data transfer matter that pressed the government last year on its position and legal approach to regulating private-sector data transfer. It was during the hearing of this case that the government’s lawyers first disclosed that an expert committee on the subject was being set up.

In December (three months after the committee was set up), the government published a white paper that referred to the Puttaswamy judgement and to a committee of experts on privacy set up by the erstwhile Planning Commission and chaired by former Delhi High Court Chief Justice AP Shah. It also shared a review of the state of comparative data protection legal frameworks internationally. But it made no reference to a 2010 approach paper on a legislation for privacy issued by the Department of Personnel and Training. Or to the fact that the department had compiled a draft bill by 2012-2014 for which stakeholders had been privately consulted and whose text had been leaked into the public domain on various occasions. What was publicly available on that earlier effort (also hinted at in responses to questions raised by MPs and government assurances to them as recently as 2015) indicated a draft bill that would include privacy protections for individuals, provisions on data protection that would regulate both the public and private sectors, as well as a consolidation and overhaul of legal provisions governing state surveillance and communications interception.

The Cambridge Analytica scandal – in which the personal information of 70 million Facebook users, including 500,000 in India, was used without their permission – has brought the focus back on data protection. (Photo credit: Daniel Leal-Olivas / AFP)
The Cambridge Analytica scandal – in which the personal information of 70 million Facebook users, including 500,000 in India, was used without their permission – has brought the focus back on data protection. (Photo credit: Daniel Leal-Olivas / AFP)

State of privacy regulation today

While the Puttaswamy judgement clarified the constitutional position of privacy in India and reasserted its status as a fundamental right, it did indicate that many of its facets – particularly around information privacy – were subject to existing law as well as potential legislative improvements from Parliament.

What India needs today is a strong, comprehensive privacy law that actually seeks to address the challenges and threats facing our current information ecosystem. We need to address our regulatory failure to provide for clear rights for residents of our republic to their data and to prevent mass surveillance.

Overbroad collection, misuse, and increasing breaches of personal data have become common among both private sector and governmental entities in India. The existing legal framework – comprising the ineffectual Section 43A provision of the Information Technology Act, bolstered by spurts of tighter sectoral regulation in some aspects of banking and telecom – is not fit for the task. No regulatory agencies with clear, executable legal powers and enforcement teeth for privacy and data protection currently exist in India, despite the repeated press updates referring to letters sent by the ministries to Facebook and others in the wake of the Cambridge Analytica revelations. (Data analytics firm Cambridge Analytica is reported to have mined the personal information of 70 million Facebook users – including 500,000 from India – to influence the outcomes of the 2016 United States presidential election and the Brexit campaign.)

Like network neutrality, most of the public discourse and policy debates around privacy appear to have everyone agreeing that they all love the principle – in theory. In reality, there are sections that dispute any role for public institutions and the law in protecting it as a right. Everyone claims they are pro-privacy but they do not explain what they propose with respect to legal measures, or instead suggest that the exceptions should shape the design of any regulatory framework.

The Indian Privacy Code is a modest endeavour to help policy actors – particularly in the executive and legislative arms of the federal system – consider how they can improve our legal framework. Recognising the approach reiterated by the Supreme Court on privacy as a fundamental right, it proposes that a statutory framework be created that:

  1. Legally codifies privacy principles and indicates that they cannot be used to curtail our fundamental right to free expression and right to information.
  2. Places restrictions on how public and private entities collect the data of individuals and provides the latter with a set of enforceable rights regarding their data.
  3. Creates an institutional framework for the regulation of such data protection provisions in the form of a Central Privacy Commission at the Union level, and an enabling framework for the establishment of similar privacy commissions across states.
  4. Consolidates and reforms the law governing surveillance and communications interception in the country, making it clearly overseen by judges rather than the opaque, unaccountable legacy system we have today of only bureaucratic control of ruling government-appointed civil servants.
In its landmark judgement in August, the Supreme Court held that privacy is a fundamental right. (Photo credit: HT)
In its landmark judgement in August, the Supreme Court held that privacy is a fundamental right. (Photo credit: HT)

The way ahead

We have an opportunity to finally advance true privacy legal reform – a task that has otherwise operated in fits and starts across the latter half of the 1990s and moved glacially since 2010.

Whatever the Srikrishna Committee proposes must be considered by the Ministry of Electronics and Information Technology, and the Union council of ministers. The general channel here would be that the government of India, as overseen by the council of ministers led by Prime Minister Narendra Modi, ultimately makes up its mind, indicates its official public policy position and unveils a draft bill that will then be taken to Parliament. That said, legislators have already indicated that the subject of protecting citizens’ privacy and personal data is crucial to them, with numerous parliamentary questions asked across party lines, a standing committee (chaired by BJP MP Anurag Thakur) inquiry initiated on the subject, and several private member bill initiatives to advance legal reform on privacy coming to the Lok Sabha and Rajya Sabha in the absence of a government-sponsored privacy bill.

Ultimately, engagement with the improvement of our republic’s law is not an exclusive privilege of government officers, expert committees, legislators and legislative secretariat officials. All of them are public servants operating under the Constitution to help carry forward its provisions and to serve the interests – and concerns – of all citizens. The making of a privacy law has been a private matter for government officers, corporations, special interest groups and others for too long.

The policy commentariat is abuzz that the monsoon and winter sessions of Parliament this year represent the last effective working periods for any legislative business for the current government, with general elections due in 2019. By engaging online and offline on what form our privacy law can take, the hope is that policymakers across the various branches of government can help advance a task that has been pending for nearly eight years, across two different ruling coalitions.

Raman Jit Singh Chima is a lawyer and a policy director at Access Now, and a volunteer with the drafting committee for the SaveOurPrivacy.in project.

Support our journalism by subscribing to Scroll+ here. We welcome your comments at letters@scroll.in.
Sponsored Content BY 

Swara Bhasker: Sharp objects has to be on the radar of every woman who is tired of being “nice”

The actress weighs in on what she loves about the show.

This article has been written by award-winning actor Swara Bhasker.

All women growing up in India, South Asia, or anywhere in the world frankly; will remember in some form or the other that gentle girlhood admonishing, “Nice girls don’t do that.” I kept recalling that gently reasoned reproach as I watched Sharp Objects (you can catch it on Hotstar Premium). Adapted from the author of Gone Girl, Gillian Flynn’s debut novel Sharp Objects has been directed by Jean-Marc Vallée, who has my heart since he gave us Big Little Lies. It stars the multiple-Oscar nominee Amy Adams, who delivers a searing performance as Camille Preaker; and Patricia Clarkson, who is magnetic as the dominating and dark Adora Crellin. As an actress myself, it felt great to watch a show driven by its female performers.

The series is woven around a troubled, alcohol-dependent, self-harming, female journalist Camille (single and in her thirties incidentally) who returns to the small town of her birth and childhood, Wind Gap, Missouri, to report on two similarly gruesome murders of teenage girls. While the series is a murder mystery, it equally delves into the psychology, not just of the principal characters, but also of the town, and thus a culture as a whole.

There is a lot that impresses in Sharp Objects — the manner in which the storytelling gently unwraps a plot that is dark, disturbing and shocking, the stellar and crafty control that Jean-Marc Vallée exercises on his narrative, the cinematography that is fluid and still manages to suggest that something sinister lurks within Wind Gap, the editing which keeps this narrative languid yet sharp and consistently evokes a haunting sensation.

Sharp Objects is also liberating (apart from its positive performance on Bechdel parameters) as content — for female actors and for audiences in giving us female centric and female driven shows that do not bear the burden of providing either role-models or even uplifting messages. 

Instead, it presents a world where women are dangerous and dysfunctional but very real — a world where women are neither pure victims, nor pure aggressors. A world where they occupy the grey areas, complex and contradictory as agents in a power play, in which they control some reigns too.

But to me personally, and perhaps to many young women viewers across the world, what makes Sharp Objects particularly impactful, perhaps almost poignant, is the manner in which it unravels the whole idea, the culture, the entire psychology of that childhood admonishment “Nice girls don’t do that.” Sharp Objects explores the sinister and dark possibilities of what the corollary of that thinking could be.

“Nice girls don’t do that.”

“Who does?”

“Bad girls.”

“So I’m a bad girl.”

“You shouldn’t be a bad girl.”

“Why not?”

“Bad girls get in trouble.”

“What trouble? What happens to bad girls?”

“Bad things.”

“What bad things?”

“Very bad things.”

“How bad?”


“Like what?”


A point the show makes early on is that both the victims of the introductory brutal murders were not your typically nice girly-girls. Camille, the traumatised protagonist carrying a burden from her past was herself not a nice girl. Amma, her deceptive half-sister manipulates the nice girl act to defy her controlling mother. But perhaps the most incisive critique on the whole ‘Be a nice girl’ culture, in fact the whole ‘nice’ culture — nice folks, nice manners, nice homes, nice towns — comes in the form of Adora’s character and the manner in which beneath the whole veneer of nice, a whole town is complicit in damning secrets and not-so-nice acts. At one point early on in the show, Adora tells her firstborn Camille, with whom she has a strained relationship (to put it mildly), “I just want things to be nice with us but maybe I don’t know how..” Interestingly it is this very notion of ‘nice’ that becomes the most oppressive and deceptive experience of young Camille, and later Amma’s growing years.

This ‘Culture of Nice’ is in fact the pervasive ‘Culture of Silence’ that women all over the world, particularly in India, are all too familiar with. 

It takes different forms, but always towards the same goal — to silence the not-so-nice details of what the experiences; sometimes intimate experiences of women might be. This Culture of Silence is propagated from the child’s earliest experience of being parented by society in general. Amongst the values that girls receive in our early years — apart from those of being obedient, dutiful, respectful, homely — we also receive the twin headed Chimera in the form of shame and guilt.

“Have some shame!”

“Oh for shame!”




“Do not bring shame upon…”

Different phrases in different languages, but always with the same implication. Shameful things happen to girls who are not nice and that brings ‘shame’ on the family or everyone associated with the girl. And nice folks do not talk about these things. Nice folks go on as if nothing has happened.

It is this culture of silence that women across the world today, are calling out in many different ways. Whether it is the #MeToo movement or a show like Sharp Objects; or on a lighter and happier note, even a film like Veere Di Wedding punctures this culture of silence, quite simply by refusing to be silenced and saying the not-nice things, or depicting the so called ‘unspeakable’ things that could happen to girls. By talking about the unspeakable, you rob it of the power to shame you; you disallow the ‘Culture of Nice’ to erase your experience. You stand up for yourself and you build your own identity.

And this to me is the most liberating aspect of being an actor, and even just a girl at a time when shows like Sharp Objects and Big Little Lies (another great show on Hotstar Premium), and films like Veere Di Wedding and Anaarkali Of Aarah are being made.

The next time I hear someone say, “Nice girls don’t do that!”, I know what I’m going to say — I don’t give a shit about nice. I’m just a girl! And that’s okay!

Swara is a an award winning actor of the Hindi film industry. Her last few films, including Veere Di Wedding, Anaarkali of Aaraah and Nil Battey Sannata have earned her both critical and commercial success. Swara is an occasional writer of articles and opinion pieces. The occasions are frequent :).

Watch the trailer of Sharp Objects here:


This article was published by the Scroll marketing team with Swara Bhasker on behalf of Hotstar Premium and not by the Scroll editorial team.