India: Privacy and Data Protection-related Laws

India doesn’t have specific privacy and data protection laws that can be applied to blockchain. A brief overview of the current data protection law is given below.

The national law regulating the collection and use of personal data is the Information Technology Act 2000 (IT Act).

Indian laws primarily regulate the processing of “sensitive personal data or information” (SPDI) which is a subset of personal information. SPDI includes, among other things, information relating to passwords, financial information, medical records, sexual orientation, and biometric information. Non-sensitive personal information is still subject to little regulation in India. While Indian laws do confer limited extra-territorial jurisdiction, the applicability of these laws in certain scenarios remains unclear. For instance, it is questionable whether the IT Act or the Privacy Rules would apply to a United States company that collects an Indian citizen’s/resident’s SPDI while the latter is travelling in the United States. Any person that is negligent in using reasonable security practices and procedures (RSPPs) in protecting sensitive personal data or information (SPDI) is liable to pay compensation for any wrongful loss or wrongful gain (section 43A, IT Act). RSPPs means the RSPPs as stated in a law in force or as agreed between the parties, or in the absence of such law or agreement, the rules passed by the central government (section 43A, IT Act). The Government of India has issued the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (IT Rules), which cover security procedures and also contain basic rules on privacy. Therefore, the parties are free to agree on their own rules relating to RSPPs, including any security standards or privacy policy. This generally has the effect of excluding the application of the IT Rules Under the Indian legal framework, the requirement for consent from the individual citizen is vague enough to allow for implied consent.

Sources:

Previous Section Next Section

Have a comment, edit, or item to add? Share your thoughts by commenting below!

comments powered by Disqus

NEO