The Minister of State for Communications & Information Technology Shri Sachin Pilot, informed Rajya Sabha today that Section 43A of the amended Information Technology Act, 2000 establishes a legal framework for data privacy protection in India. It mandates ‘body corporates’ to implement ‘reasonable security practices’ for protecting ‘sensitive personal information of individuals. The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) rules, 2011 notified on 11.4.2011 under section 43A of the Act explicitly define ‘reasonable security practices’ and ‘sensitive personal information’. The rules mandates that body corporate must provide policy for privacy and disclosure of information, so that user is well aware of the type of personal data collected, purpose of collection and usage of such information. The rules also specify mode of collection of information, disclosure of information, transfer of information and reasonable security practices and procedures. All body corporate in India are required to comply with the provisions of the rules.
Section 43A of the Act and the Rules notified therein reflect global principles of privacy and are similar to EU Data Protection Directive and provide means for effective implementation by establishing procedural / enforcement mechanisms such as requirement of yearly audit of by the Government approved independent auditor.
Rectification of conflict between Google, an US Company and European Directive on Data Protection is not within the purview of Government of India.