Privacy Policy and Data Protection Laws in India

Published On: Jul 3, 2020Last Updated: Oct 14, 20234.7 min read

Society has changed with digitization. With the increasing digital population in India, every microsecond online services and companies are redefined. Technology, combined with sizable online information mines, has overcome the boundaries of the standard business industries. The industry is evolving every day as an ecosystem- health care, finance, fitness and fashion, e-commerce, travel, software solutions, music, the arts, films, etc. The essence of these industries’ businesses is no longer confined to the selling and purchase of vanilla or a single model of service. However, there is nothing less dangerous than a measured conflict with a person’s physical health and happiness.

A privacy policy is a declaration or legal document which uncovers some or all of how a party collects, uses, communicates, and manages the data of a customer or client. Personal information may be used to identify a person. But it is not restricted to the individual’s name, address, date of birth, marital status, contact details, identification number, and valid time, financial records, loan information, medical history, travel location and intentions to purchase goods and services. In the case of a company, a declaration also specifies a party’s policy on how the organization gathers, stores, and publishes personal data. It informs the customer about the specific data collected and whether they are kept confidential, shared with partners, or sold to other companies or companies. Privacy policies usually represent quite general, adequate care, in contrast to more detailed and specific statements on the data use.

Data protection and privacy laws throughout the world require that you have a privacy policy on your site, and that is accessible via a mobile app when you receive the personal information from visitors to your website.

Know how law firms are leveraging technology in modern times
Check out latest technology that unlocks better reach with exceptional services.

What Is Privacy Policy? 

It is a legal agreement that explains what personal data you collect from website visitors, how you can use this information, how you maintain it, and whether you have adequate means and strategy to safeguard data.

The privacy policy is not only a formal necessity but a statutory one. Each intermediary needs to ensure the publication of a privacy policy as per Information Technology (Intermediaries guidelines) Rules, 2011. Under the Information Technology Act, 2000, almost any modern website, including blogs, e-commerce websites and the social media network, will be described as an intermediary, enabling users to create content and communicate with one another.

Also Read: Terms and Conditions

Data Protection Laws in India

Data Protection refers to the set of privacy laws, policies, and procedures that aim to minimize intrusion into one’s privacy caused by the collection, storage and dissemination of personal data. Personal data generally refers to the information or data which relates to a person who can be identified from that information or data whether collected by any Government or any private organization or an agency.

Data security applies to the collection, storage and dissemination of personal information in a set of privacy policies, procedures, and laws that mitigate intrusion into one’s privacy. Personal data usually refers to data and information relevant to a person who may be easily identified with the given information by any entity – government or private.

India currently has no clear data protection or privacy laws. The Information Technology Act, 2000 and the Indian Contracts Act, 1872 are relevant laws for India. In India, it is likely to have a codified law implemented on data protection shortly.

Information Technology Act, 2000, addresses problems relating to monetary compensation (Civil) and penalty (Criminal) in the event of misuse of personal data and the violation of contractual terms on personal data.

Following section 43A of the (Indian) Information Technology Act, 2000, a company that has, transfers, or manages any sensitive personal data and information and that fails to implement or maintain reasonable practices of security leading to a wrongful loss or gain for anyone can be liable for any damages caused by such a company. It is necessary to remember that there is no upper limit for the liability which, in these circumstances, the concerned party may demand.

The government notified the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011. The Rules discuss upon the protection of “sensitive personal or personal information of a person,” including personal information consisting of – 

– Email IDs and Associated Passwords

– Banking and Financial information

– Bank account number, credit/debit card or other payment instrument details;

– Health condition – Physical, physiological and otherwise. 

– Person’s sexual orientation;

– History of medical records and history;

– Biometric information.

The rules establish the appropriate security practices and procedures to be followed when dealing with “personally sensitive information” by the body incorporate or anyone who gathers, receives, owns, stores, distributes or handles information. In the case of any violation, the corporate entity or any other individual acting on behalf of the company may be held responsible for harm to the affected person.

Do you know your ecommerce website requires disclaimer policy?
Get your customized website disclaimer policy done with the help of experts


Due to the substantial growth of the digital population in India, data privacy and data security are currently crucial questions. When browsing the Internet every internet user leaves his digital footprints in the form of personal data. This could range from providing their IP address, name, mobile number, or private and sensitive details such as their sexual orientation and medical records, etc. deliberately or unintentionally. It makes internet users vulnerable to crimes such as identity robbery, privacy violations and financial crimes.

The main issue today is the development of a privacy policy that balances Internet users’ privacy with the growing needs of businesses. Terms of use and privacy policy must be viewed as an art form rather than a long-form, i.e., a document carefully tailored to the needs of businesses and the general principles of law.

Share This Post:

Nischay Nagarwal
About the Author

Nischay Nagarwal

Nischay is a lawyer by profession, with substantial background in Contract Drafting & Vetting. She earned her B.Com LLB (Honours) from GNLU in 2015. Her day-to-day at remains to protect client interests by drafting, reviewing & advising on various contracts & legal documents.