Ashwini Vaishnaw outlines govt's plan to fortify India's digital privacy

The Indian government has significantly bolstered its regulatory and technological framework to combat unsolicited commercial communications (UCC) and ensure the security and privacy of citizens' digital personal data, Union Minister Shri Ashwini Vaishnaw informed the Rajya Sabha today.

Highlighting the Telecom Regulatory Authority of India's (TRAI) Telecommunications Commercial Communications Consumers Preference Regulations, 2018 (TCCCPR-2018), the Minister outlined the measures in place to empower consumers in managing UCC. Under these regulations, telecom subscribers can register their preferences to block all commercial communications or selectively block them based on categories.

"Consumers have multiple avenues to register complaints against senders of UCC, including a dedicated mobile app, SMS service, and a helpline number, 1909," Shri Vaishnaw stated.

Beyond UCC, the government has taken comprehensive steps to protect digital personal data. The Minister emphasized the significance of the Information Technology (IT) Act, 2000, and the subsequent establishment of critical institutions like the Indian Computer Emergency Response Team (CERT-In) and the National Critical Information Infrastructure Protection Centre (NCIIPC). The National Cyber Security Policy 2013 and the appointment of a Chief Information Security Officer further reinforce the nation's cybersecurity posture.

The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, under the IT Act, prescribe stringent security measures to safeguard sensitive personal data. However, the Digital Personal Data Protection Act, 2023 (DPDP Act) represents a landmark legislative achievement in this domain.

"The DPDP Act provides a robust legal framework for the processing of personal data, mandates clear notices to data principals, emphasizes consent and its withdrawal, and outlines the rights of data principals and the obligations of data fiduciaries," Shri Vaishnaw explained. "It also includes provisions for mandatory breach notifications and prescribes penalties for non-compliance."

The Act establishes the Data Protection Board of India, an independent adjudicatory body, to investigate complaints and enforce compliance.

The Ministry of Home Affairs has also established the Indian Cyber Crime Coordination Centre (I4C) to address cybercrimes comprehensively.

"To further enhance public awareness, the government organizes campaigns like Cyber Security Awareness Month and Safer Internet Day, educating citizens about online safety, secure transactions, and responsible digital service usage," the Minister added.

These multifaceted initiatives underscore the government's commitment to creating a secure and privacy-respecting digital ecosystem for Indian citizens.