The Economic Times reports that India is considering the creation of a data protection agency, which would seek to protect privacy:
NEW DELHI: The government plans to set up a Data Protection Authority (DPA) that will rule on issues around privacy invasion and impose penalties on violations, moving strongly towards safeguarding individual privacy and defining invasion of privacy offences.
The authority will “investigate any data security breach and issue appropriate orders to safeguard security interests of all affected data subjects in respect of any personal data that has or is likely to have been compromised by such breach,” according to a draft Right to Privacy Bill that was seen by ET.
In the draft prepared for approval of a committee of secretaries, the government has proposed that all Indian residents shall have a right to privacy. Restrictions can be imposed only in accordance with the law and to meet specific objectives. Further, more extensive safeguards for privacy will override the Act in case of a conflict.
However, exemptions have been proposed in the interest of national safety, security and maintenance of public order or such exigencies. Also, the DPA will not be able to conduct investigations or adjudicate complaints when action has been taken by government intelligence agencies for legitimate purposes. […]
While stringent safeguards have been provided for sensitive personal data — including medical history, biometric or genetic information, banking credit and financial data and criminal convictions, the interception of communication by any means has been prohibited unless authorised by law and on following certain safeguards, the draft bill has proposed.