A Group of Experts constituted by Government of India recommended a conceptual framework for the proposed Privacy legislation for India covering the following five salient features:
a) Technological neutrality and inter-operability with international standards.
b) Multi-dimensional privacy
c) Horizontal applicability
d) Conformity with privacy principles
e) Co-regulatory enforcement regime
Some of the major recommendations made in the Report cover aspects such as:
• The regulatory framework will consist of Privacy Commissioners at the Central and Regional levels.
• A system of co-regulation that will give self-regulating organizations at industry level choice to develop privacy standards which should be approved by a Privacy Commissioner.
• Individuals would be given the choice (opt-in/opt-out) with regard to providing their personal information and the data controller would take individual consent only after providing inputs of its information practices.
• The data controller shall only collect personal information from data subjects as is necessary for the purposes identified for such collection as well as process the data relevant to the purpose for which they are collected.
• The data collected would be put to use for the purpose for which it has been collected. Any change in the usage would be done with the consent of the person concerned.
• Data collected and processed would be relevant for the purpose and no additional data elements would be collected from the individual.
• Interception orders must be specific and all interceptions would only be in force for a period of 60 days and renewed for a period upto 180 days. Records of interception must be destroyed by security agencies after 6 months or 9 months and service providers must destroy after 2 months or 6 months.
• Infringement of any provision under the Act would constitute an offence by which individuals may seek compensation for an organization / bodies held accountable to.