August 26, 2020
Draft Health Data Management Policy
Ministry of Health and Family Welfare


The National Health Authority (NHA) has released the Draft Health Data Management Policy of the National Digital Health Mission (NDHM) in the public domain. The draft will be available for public comments and feedback till 10.09.2020.

July 30, 2020
Working Document: Towards Responsible #AIForAll
Niti Aayog

The NITI Aayog has unveiled the National Strategy for AI highlighting potential of Artificial Intelligence and had laid down recommendations to accelerate adoption. The "Towards Responsible #AIForAll" is a draft document on managing the risks of Artificial Intelligence.


July 21, 2020
The Non Personal Data Governance Framework
Ministry of Electronics and Information Technology

A Committee of Experts under the Chairmanship of Shri. Kris Gopalakrishnan had been constituted vide OM No. 24(4)2019- CLES on 13.09.2019 to deliberate on Non-Personal Data Governance Framework on the following terms of reference:
1. To study various issues relating to Non-Personal Data.
2. To make specific suggestions for consideration of the Central Government on the regulation of Non-Personal Data.

The committee has drafted its report. The report touches upon several emerging and innovative ideas on Non Personal Data. 


December 11, 2019
The Personal Data Protection Bill, 2019
Ministry of Electronics and Information Technology

The Personal Data Protection Bill, 2019 was introduced in Lok Sabha on the 11th December 2019. This Bill brought in a number of new clauses such as compliance obligations for social media companies and enhanced State power to exempt any government agency from the purview of the Bill; relaxed some existing provisions – done away with mandatory mirroring requirements for all personal data and done away with certain offences for transferring/ selling personal data; and in some cases removed extant requirements such as the creation of the Data Protection Funds, as compared to the Draft Personal Data Protection Bill, 2018, which was released last year.

The Bill has been referred to a Joint Select Committee of the Parliament, which will review and recommend changes to it.

Link to the Bill:

Key changes from previous version:

November 25, 2019
Draft Registration of Press and Periodicals Bill, 2019
The Ministry of Information and Broadcasting

The Ministry of Information and Broadcasting released the Draft Registration of Press and Periodicals Bill, 2019. This would require publishers of news on digital media to register themselves with the Registrar of Newspapers of India. It is unclear whether this would cover ordinary individuals who post news articles on blogs or social media.


November 11, 2019
The Consumer Protection (E-Commerce) Rules, 2019
Department of Consumer Affairs

The Department of Consumer Affairs released the draft Consumer Protection (E-Commerce) Rules 2019 for public consultation. The draft rules were open for consultation till December 2, 2019. The draft rules propose that e-commerce entities could not influence the price of goods and services, adopt unfair trade practices, or leave fake reviews as consumers.


October 18, 2019
National Counter Rogue Drone Guidelines
Ministry of Civil Aviation

The National Counter Rogue Drone Guidelines have been set in place to lay out various counter rogue drone measures and guidelines to deal with drones that indulge in harmful conduct such as reconnaissance, attacking people/property, invading people's privacy by spying on them, among other harms which affect the general public, national security concerns, etc.

The link to the National Counter Rogue Guidelines can be found here:

August 31, 2019
Certification of Online Content
The Ministry of Information and Broadcasting

Prakash Javadekar, Minster for Information and Broadcasting invited suggestions and recommendations regarding certification of online content.


August 09, 2019
The Consumer Protection Act, 2019
Department of Consumer Affairs

As per the new Consumer Protection Act, 2019 online platforms or marketplaces would now have to disclose details of sellers such as their address, website, email, conditions related to refund, etc. They will also be responsible for harm or injury caused by a defective product or deficient service sold on their website.

This act also permits the Central Government to prescribe rules to prevent unfair trade practices in e-commerce.

Link to the Consumer Protection Act, 2019 can be found here:

August 09, 2019
The Consumer Protection Act, 2019
Ministry of Commerce and Industry

In the new Consumer Protection Act, 2019 online platforms or marketplaces would have to disclose details of sellers such as their address, website, email, conditions related to refund, etc. They will also be responsibile for harm or injury caused by a defective product or deficient service sold on their website.

This act also permits the Central Government to prescribe rules to prevent unfair trade practices in e-commerce.


July 15, 2019
National Digital Health Blueprint
Ministry of Health and Family Welfare

The Ministry of Health and Family Welfare released the report on National Digital Health Blueprint which sought to include establishing core digital health date infrastructure for its seamless exchange, creating a system for Electronic Health records and promoting health data analytics and medical research. This report was placed in public domain on 15 July 2019 to elicit comments/ views from the stakeholders and the general public. The report was later submitted to the Union Health Minister Harsh Vardhan.

SFLC’s comments can be found here:

Draft Report Link: /National_Digital_Health_Blueprint_Report_comments_invited.pdf.

The Final Report can be found here:

July 04, 2019
National Automated Facial Recognition System
National Crime Records Bureau

The National Crime Records Bureau released a request for proposal for a centralised Automated Facial Recognition System. This system would enable the creation of “a national level searchable platform of facial images”. The deadline for submission has so far been changed 5 times and is currently 31 January, 2020. The database would be creating using Passport, CCTNS [Crime and Criminal Tracking Network and Systems], ICJS [Interoperable Criminal Justice System] and Prisons, Ministry of women and child development (KhoyaPaya), and State or National Automated Fingerprint Identification System or any other image database available with police/other entity.

March 02, 2019
The Aadhaar and Other Laws (Amendment) Ordinance, 2019
President of India

The Aadhaar and Other Laws (Amendment) Ordinance, 2019 amended the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, the Indian Telegraph Act, 1885, and the Prevention of Money Laundering Act, 2002. The Aadhaar Act provides targeted delivery of subsidies and benefits to individuals residing in India by assigning them unique identity numbers, called Aadhaar numbers. A similar Bill had earlier been passed by Lok Sabha on January 4, 2019.

February 28, 2019
National Policy on Software Products - 2019
Ministry of Electronics and Information Technology

The aims of the policy are to develop India as a “Software Product Nation” and a global leader in conception, design, development and production of intellectual capital driven software products, thus, accelerating growth of entire spectrum of IT Industry of the country.

The Policy will lead to the formulation of several schemes, initiatives, projects and measures for the development of software products sector in the country. The Policy has five Missions.

1.To promote the creation of a sustainable Indian software product industry, driven by intellectual property (IP).

2.To nurture technology startups in software product industry, including in Tier-II and Tier-III towns.

3.To create a talent pool for software product industry.

4.To build a cluster-based innovation driven ecosystem by developing sectoral and strategically located software product development clusters.

5.To evolve and monitor scheme & programmes for the implementation of this policy, National Software Products Mission will be set up with participation from Government, Academia and Industry.


February 23, 2019
Draft National E-Commerce Policy
Department for Promotion of Industry and Internal Trade

The aims of the policy are to create a framework for achieving holistic growth of e-commerce sector with special emphasis on the data driven ecosystem, to help stakeholders benefit from the progressive digitization of the domestic digital economy and establish a level playing field for all stakeholders in the digital economy.

It address a wide range of subjects such as - data ownership, data protection, cross-border data flow, foreign investments, competition issues, intellectual property and intermediary liability, tax etc.


December 24, 2018
Draft Information Technology [Intermediaries Guidelines (Amendment) Rules], 2018 (“the Draft Rules”)
Ministry of Electronics and Information Technology

The Draft Rules seek to amend existing ‘due diligence’ guidelines under The Information Technology (Intermediaries Guidelines) Rules, 2011. These Rules are to be followed by ‘intermediaries’ as per the Information Technology Act, 2000 (“IT Act”).

The Policy has been criticised for its ‘one size fits all’ approach to regulation of intermediaries. The use of vague and ambiguous terms, excessive delegation of legislative powers and lack of procedural safeguards that may to lead to violation of free speech and privacy rights. 

Our comments:

Our counter-comments:…

December 20, 2018
Notification under Section 69 of IT Act
Ministry of Home Affairs

In the exercise of powers conferred upon sub-section (1) of Section 69 of IT Act 2000 read with rule 4 of the IT Rules 2009, Ministry of Home Affairs notified the following authorities as authorised agencies to for the purposes of interception, monitoring and decryption of any information generated, transmitted, received or stored in any computer resource under the Information Technology Act, 2000:

Intelligence Bureau, Narcotics Central Bureau, Enforcement Directorate, Central Board of Direct Taxes, Directorate  of Revenue Intelligence, CBI, NIA, RAW, Directorate of Signal Intelligence, and Commissioner of Police, Delhi.

November 12, 2018
Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services
Telecom Regulatory Authority of India

The Telecom Regulatory Authority of India (TRAI) had published a consultation paper for the creation of a regulatory framework for over-the-top (OTT) communication services. TRAI sought comments on suitability and extent of regulatory/ licensing norms that may be applicable to OTT providers.

We submitted comments and counter-comments on issues raised in the paper. Some of these include treating OTT at par with services provided by TSPs, requiring OTT to establish infrastructure for lawful interception and decryption of data, data localisation, registration of all OTT apps in India, revenue for TSPs from OTT services, subscriber verification, substitutability of services  etc.

Our comments:

Our counter-comments:

September 26, 2018
National Digital Communications Policy
Department of Telecommunication

National Telecom Policy was re-named as the National Digital Communications Policy. Telecom Commissions was re-designated as the Digital Communications Commission.

The aim of the policy is to achieve digital empowerment and improved well-being of people through provisioning of broadband for all, creation of jobs in digital communications sector,  enhancing contribution of digital communication to the GDP, ensuring digital sovereignty and increasing India’s contribution to global value chains.

The vision of the policy is to create ubiquitous, resilient, secure, accessible and affordable Digital Communications Infrastructure and Services and support India’s transition to a digitally empowered economy and society. 

Three missions of the policy are:

  1. Create robust digital communications Infrastructure;
  2. Enable next generation technologies and services through investments, innovation and IPR generation; and
  3. Ensure sovereignty, safety and security of digital communications.


July 31, 2018
DoT’s approval of TRAI’s recommendations on Net Neutrality
Department of Telecommunication

TRAI released its recommendations on Net Neutrality in November, 2017. The recommendations include:

  1. Prohibiting discriminatory treatment of content, updating license agreements for ISP to incorporated principles of non-discriminatory treatment of content.
  2. Setting up a multistakeholder watchdog under DoT for enforcing net neutrality. Website blocking by government/court orders has been kept outside the ambit while IoT has been kept within the ambit of net neutrality.

In July, 2018, the Telecom Commission approved these recommendations.

July 27, 2018
Justice B.N. Srikrishna Committee report
Ministry of Electronics and Information Technology

A nine-member Committee of Experts on Data Protection for India headed by retired Justice B.N. Srikrishna had released a white paper on data protection framework for India on 27th November, 2017 inviting comments from the public on 231 questions outlining areas of relevance.

A year after its constitution, on 27th July 2018, the expert committee submitted its Report along with a draft bill titled The Personal Data Protection Bill, 2018 to the Ministry of Electronics and Information Technology.

July 27, 2018
The Personal Data Protection Bill, 2018
Ministry of Electronics and Information Technology

The Bill has recognized the right to privacy as a fundamental right and protection of personal data as an essential facet of informational privacy. It provides for data protection obligations such as purpose and collection limitation, notice and consent regime; provides stricter consent requirements for sensitive personal data and personal data of children; sets up enforcement and grievance redressal mechanism and various other provisions related to data protection. However, there are certain issues with the bill as well. These include data localisation, lack of independence in Data Protection Authority of India, wide exemptions, online surveillance, independence of data protection officers among others.'s posts on the topic:

- Comments on the Bill:

- Summary of the Bill:

- Brief analysis of the Bill:


July 16, 2018
Privacy, Security and Ownership of Data in the Telecom Sector
Telecom Regulatory Authority of India

After consultation with stakeholders, TRAI issued recommendations on "Privacy, Security and Ownership of Data in the Telecom Sector".

The recommendations dealt with certain important issues such as: control over data, data security, cross border data transfers, consent, data minimization and encryption, amongst others.

The Department of Telecommunications stated that they would currently not take up these recommendations, and they referred the same to the B.N Srikrishna Committee, a committee formed to recommend a data protection framework for India. actively participated both rounds of consultation process as well as TRAI's open house discussions. Comments and counter-comments to TRAI consultation may be accessed at: &

June 04, 2018
National Strategy for Artificial Intelligence
Niti Aayog

This was a discussion paper published by NITI Aayog on June 4, 2018 by NITI Aayog. It identified 5 priority sectors for leveraging AI: Healthcare, Agriculture, Education, Smart Cities and Infrastructure and Smart Mobility and Transportation. It deliberated on challenges, and ethical, privacy and security issues related to AI and skill development.

CEO Amitabh Kant stated that a task force would be setup for speedy implementation of the suggestions; COREs (Centres Of Research Excellence) and ICTAIs (International Centers of Transformational AI) would be set up.

Our analysis of the document:

May 22, 2018
Information Technology (Information Security Practices and Procedures for Protected System) Rules, 2018
Ministry of Electronics and Information Technology

Salient Features:

  1. All organisations having “Protected System” (under Section 2(k) of the Information Technology Act, 2000; primarily covers government organisations) shall constitute an Information Security Steering Committee (ISSC) under the chairmanship of CEO/MD/Secretary.

  2. Mandate of ISSC includes approving information security policies of Protected Systems; setting mechanisms for timely communication of cyber incidents; sharing information security audits etc.

  3. Nominate Chief Information Security Officer (CISO) as provided in “Guidelines for Protection of Critical Information Infrastructure”

  4. Establish, monitor and continually improve Information Security Management System (ISMS) of the Protected System.

April 25, 2018
Social Media Communications Hub (SMCH)
The Ministry of Information and Broadcasting

The Ministry of Information and Broadcasting released a bid document (“SMCH Bid Document”). The document stated the intent to establish a Social Media Communication Hub. This would enable processes such as analyzing large volumes of data across diverse digital platforms in real time, comprehensive analytics along with monitoring and analyzing social media communications, etc.

The proposal was challenged in the Supreme Court by Mahua Moitra, Trinamool Congress MP. The project was subsequently withdrawn by the Government, as informed by the Attorney General, Mr. K.K Venugopal on August 3, 2018. live tweeted the developments in the matter. There were multiple points of concern regarding the SMCH Bid Document. A few of the issues are highlighted here:

April 06, 2018
Storage of Payment System Data
Reserve Bank of India

RBI issued a notification mandating data localisation for payment services, as a solution to ensure privacy and data protection. It required all system providers to ensure that the entire data relating to payment systems operated by them are stored in a system only in India. This data should include the full end-to-end transaction details, information collected, carried, processed as part of the message / payment instruction. Moreover, the System providers were required to comply within a period of six months and report compliance of the same to the Reserve Bank by October 15, 2018.

Read more:

March 21, 2018
Digital Information Security in Healthcare Act (DISHA)
Ministry of Health and Family Welfare

The Bill was released for public consultation. DISHA aims to secure patient health data in India.

Its objectives are to:

  1. standardize and regulate the processes related to collection, storing, transmission and use of digital health data;

  2. ensure reliability, data privacy, confidentiality and security of digital health data.

Bill available at:

August 08, 2017
Temporary Suspension of Telecom Services (Public Emergency or Public Safety) Rules, 2017
Ministry of Communications

The Ministry of Communications notified new rules for the suspension of telecom services in case of public emergency or public safety, and consequently, the suspension of Internet services in India. These rules were issued under section 7 of the Indian Telegraph Act, 1885.

For more information, please visit

January 04, 2017
Consultation Paper on Net Neutrality
Telecom Regulatory Authority of India

Focus of this consultation was on defining the scope of traffic management practices adopted by Internet and Telecom Service Providers, better understanding net neutrality in an Indian context, and gathering input on some key operational aspects of legal/policy frameworks around net neutrality.

Our comments highlighting, among others, the need for a robust regulatory framework on net neutrality in India can be viewed at

March 25, 2015
Policy on Adoption of Open Source Software for Government of India
Ministry of Electronics and Information Technology

The policy makes it mandatory to formally adopt and use Open Source Software (OSS) in government organisations, as a preferred option in comparison to Closed Source Software (CSS).

The objectives of the policy are:

1.To provide a policy framework for rapid and effective adoption of OSS.

2.To ensure strategic control in e-governance applications and systems from a long-term perspective.

3.To reduce the Total Cost of Ownership (TCO) of projects.


October 16, 2012
A.P. Shah Committee Report
Planning Commission

The report covered international and national privacy principles and emerging issues along with analysis of prevailing legislations/ bill from privacy perspective. It identified a set of recommendations for a Privacy Act.

March 23, 2012
National Data Sharing and Accessibility Policy
Ministry of Science and Technology

Applies to all data and information created, generated, collected and archived using public funds provided by Government of India. The Policy facilitates accessibility and easy sharing of non-sensitive data amongst the registered users and its availability for scientific, economic and social developmental purposes.