NHRC, India organises an open house discussion on ‘Ensuring privacy and human rights in the digital era: A focus on corporate digital responsibility’



Press release

National Human Rights Commission

New Delhi: 19th February, 2025

NHRC, India organises an open house discussion on ‘Ensuring privacy and human rights in the digital era: A focus on corporate digital responsibility’

NHRC, India Chairperson, Justice Shri V. Ramasubramanian emphasises the need for safeguarding privacy as a human right in the digital world

Cautions against the consequences of the significant decline in value systems

NHRC, India Member, Justice (Dr) Bidyut Ranjan Sarangi raises concerns over the lack of digital literacy in the financial transactions

Secretary General, Shri Bharat Lal says, protecting people’s privacy online is a collective responsibility of all stakeholders

Among various key suggestions, simplifying the user agreements and policy frameworks to enhance consumer understanding and control over personal data highlighted

Establishing clear accountability structures for data breaches, especially for research institutions and third-party data processors also emphasised

The National Human Rights Commission (NHRC), India organised an open house discussion in hybrid mode on ‘Ensuring privacy and human rights in the digital era: A focus on corporate digital responsibility’ at its premises. It was chaired by the Chairperson, Justice Shri V Ramasubramanian in the presence of Member, Justice (Dr) Bidyut Ranjan Sarangi, Secretary General, Shri Bharat Lal, senior officers, domain experts, industry representatives among others.

alt

Addressing the participants, NHRC, India Chairperson, Justice Shri V. Ramasubramanian emphasised that safeguarding privacy as a human right in the digital world is necessary. The technological advancements should align with fundamental human rights and privacy protections. The responsibility must begin with the individual user. He highlighted that maintaining digital hygiene is crucial. He also pointed out the significant decline in value systems, cautioning that one must bear the consequences of this shift.

He reaffirmed the Commission’s commitment to fostering inclusive discussions on digital rights and corporate accountability for developing a robust regulatory framework that balances innovation, security, and individual privacy.

alt

NHRC, India Member, Justice (Dr) Bidyut Ranjan Sarangi raised concerns regarding the lack of digital literacy which make many people dependent on others who may dupe them. He said that simplifying the processes of digital technology to maximise its safe usage by the common people in the country.

alt

Before this, NHRC, India Secretary General, Shri Bharat Lal while setting the agenda for discussion, gave the objective of this discussion on an important emerging issue i.e. ‘Ensuring privacy and human rights in the digital era: A focus on corporate digital responsibility’. He gave an overview of three sub-themes: 'Establishing a proper regulatory framework and compliance mechanism', 'Building a culture of data privacy', and 'Identifying threats and best practices'. Citing data from 2023, he mentioned that over 20% of global data is generated in India whereas it has only about 3% of the storage capacity requiring a major role for Indian corporates. He said that while the Digital Personal Data Protection Act, 2023, and other regulations are in place, the challenges in the digital age are increasing. The draft rules have been notified and consultation process is going on. He also said that collection, storage and processing of personal data 'brings' huge responsibility of entities and they keep this data as a 'trustee'. Any breach of trust in this trusteeship, is unacceptable. He stressed that protecting people’s privacy online is a collective responsibility requiring joint efforts from individuals, private sectors which plays a major role and the government and its agencies.

The meeting extensively discussed the intensity of the problem that arises due to misuse of data and data breaches. Further, several key provisions of the Digital Personal Data Protection Act, 2023 were also discussed.

Data Usage and Privacy Concerns

The participants raised concerns over the extensive control exerted by global technology companies on user data, which complicates regulatory enforcement. Law enforcement agencies often face challenges in accessing critical data due to data storage in offshore centres. Additionally, the increasing reliance on digital platforms makes maintaining individual privacy more challenging.

Cyber Law and Regulatory Framework

Discussions also highlighted the gaps in the draft data protection rules, including the requirement to report data breaches within 72 hours and the accountability of research institutions handling personal data. The Government representatives highlighted ongoing consultations on data protection regulations, particularly the introduction of the Right to Nomination to enhance data privacy rights.

Corporate Digital Responsibility

The Corporate representatives shared best practices in data protection, digital well-being, and compliance-by-design strategies. However, they also highlighted operational challenges, particularly in navigating complex multi-layered digital operations. Companies transitioning from a low digital penetration environment to a structured data protection framework emphasised the need for regulatory flexibility to accommodate evolving business models and global compliance requirements such as the General Data Protection Regulation (GDPR) of the European Union. Referring to the Draft Digital Personal Data Protection Rules, 2025, the corporate stakeholders said that it should include explicit penal provisions for non-compliance and guidelines for obtaining verifiable parental consent for minors.

Consumer Rights and Policy Simplification

The participants noted that consumers have limited choices in consenting to data collection, as many business models mandate data sharing. The existing Do-Not-Disturb (DND) mechanism by TRAI was deemed ineffective.

The participants included Shri Shailendra Trivedi, Chief General Manager-in-Charge, Department of Information Technology, Reserve Bank of India, Shri Deepak Goel, Group Coordinator (Cyber Law), Ministry of Electronics & Information Technology, Shri Ankur Rastogi, Principle Project Engineering, EGSTM, Centre For Railway Information Systems (CRIS), Shri Sanjoy Bhattacharjee, Chief Data Officer, HDFC Bank, Shri Ajay Gupta, Executive Director, ICICI Bank, Shri Soumendra Mattagajasingh, Group Chief Human Resources Officer, ICICI Bank, Shri Rajiv Kumar Gupta, President, PB Fintech, Policy Bazaar, Shri Sameer Bajaj, Head of Communication & Corporate Affairs, MakeMyTrip, Shri Ashish Aggarwal, Vice President and Head of Policy, NASSCOM, Dr Muktesh Chander, NHRC Special Monitor, Cyber Crime and Artificial Intelligence, Shri Tanveer Hasan A K, Executive Director, Centre for Internet & Society (CIS) in India and Shri Sameer Kochhar, President SKOCH Development Foundation, NHRC, India Registrar (Law), Joginder Singh, Director, Lt Col Virender Singh among others.

alt

Some of the important suggestions that emanated from the discussion included;
• Simplify the user agreements and policy frameworks to enhance consumer understanding and control over personal data;
• Establish clear accountability structures for data breaches, especially for research institutions and third-party data processors;
• Strengthen user consent frameworks for greater transparency and informed decision-making;
• Define the mandate and composition of the proposed Data Protection Board;
• Develop a localised approach to data privacy regulations to support small businesses while addressing India-specific challenges;
• Encourage companies to integrate privacy-by-design principles in digital operations;
• Enhance consumer awareness through targeted digital privacy and cybersecurity literacy programmes;
• Have explicit penal provisions for non-compliance;
• Need for bilateral agreements to address cross-border security and data-sharing concerns;
• Address the challenges arising from strict data localisation mandates; and
• Clear guidelines for obtaining verifiable parental consent for minors.

***