Connect with us

Hi, what are you looking for?


Data Protection

India Passes Data Protection Legislation in Parliament. Critics Fear Privacy Violation

Indian lawmakers approved a data protection legislation that “seeks to better regulate big tech firms and penalize companies for data breaches” as several groups expressed concern over citizens’ privacy rights.

Indian lawmakers Wednesday approved a data protection legislation that “seeks to better regulate big tech firms and penalize companies for data breaches” as several groups expressed concern over citizens’ privacy rights.

The legislation will limit cross-border transfer of data and provide a framework for setting up a data protection authority to ensure compliance from tech companies, Information Technology and Telecom Minister Ashwini Vaishnaw said.

Several opposition lawmakers and digital experts say the legislation would allow the government and its agencies to access user data from companies and personal data of individuals without their consent as well as collect private data in a country where digital freedoms have been shrinking since Prime Minister Narendra Modi took office in 2014.

Digital experts also fear that the legislation will weaken the landmark Right To Information law — passed in 2005 — that allows citizens to seek data from public officers, such as salaries of state employees.

“It jeopardizes privacy, grants excessive exemptions to the government, and fails to establish an independent regulator,” digital rights group Access Now said in a statement, adding it will enhance the government’s control over personal data and increase censorship.

The upper house of Parliament passed the Digital Personal Data Protection bill which would later be signed by the country’s ceremonial president, a formality, before becoming law. It was passed by the lower house of the Parliament on Monday.

The legislation is the government’s third attempt to pass such legislation and comes nearly six years after India’s top court ruled that privacy is a fundamental right of every citizen — a landmark judgment that was widely hailed as a win for individual freedom.

Advertisement. Scroll to continue reading.

Earlier drafts of the legislation had raised similar concerns.

Proponents of the legislation have long been saying a data protection law is necessary for a country like India where financial fraud and data leaks are rampant, adding that it could act as a crucial step to protect people’s information from commercial and political exploits.

In 2021, India introduced sweeping regulatory laws that have put social media companies and digital platforms under direct government oversight. Modi’s government said it was needed to quell misinformation and hate speech and to give users more power to flag objectionable content. Critics of the law, however, said the law would lead to online censorship in India, particularly on social media platforms like X, previously known as Twitter.

Related: India Claims It Foiled Chinese Cyberattack on Disputed Border

Related: Indian Cyberspies Expose Their Operation After Infecting Themselves With RAT

Related: India-Linked Threat Actor Involved in Spying, Planting Evidence

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.