Skip to content
1981
image of Surveillance, privacy and the policy challenges: Decolonizing personal data protection in India

Abstract

This article explores the conditions and continuities of coloniality in India’s data protection regime by analysing the personal data protection legislation. With poststructuralist policy analysis, the article traces the evolution of personal data protection legislation from the Personal Data Protection Bill 2019 to the Digital Personal Data Protection Act 2023. In doing so, the article draws on the coloniality of the data protection regime and problematizes its underlying rationales that give excessive power to the state. Privacy, surveillance and data protection in India need to be understood in relation to the long history of colonialism and surveillance infrastructures built by the colonial British. Understanding the nuances of colonialism’s influence on data protection involves critically examining how histories, power relations and policy frameworks intersect within contemporary contexts. Surveillance and data protection concerns often strike between protecting privacy against narratives of innovation and national security. Finding a balance is a major challenge in establishing a robust legislative framework for data protection. This article attempts to address the challenges posed by the data protection regime with a decolonial approach.

© 2025 Intellect Ltd
Loading

Article metrics loading...

/content/journals/10.1386/jdmp_00177_1
2025-03-28
2026-04-15

Metrics

Loading full text...

Full text loading...

References

  1. Al Dahdah, M. and Mishra, R. K. (2023), ‘Digital health for all: The turn to digitized healthcare in India’, Social Science & Medicine, 319, https://doi.org/10.1016/j.socscimed.2022.114968.
     [Google Scholar]
  2. Arora, P. (2016), ‘Bottom of the data pyramid: Big data and the global south’, International Journal of Communication, 10, pp. 168199, https://ijoc.org/index.php/ijoc/article/view/4297. Accessed 7 June 2024.
     [Google Scholar]
  3. Arora, P. (2019a), ‘Decolonizing privacy studies’, Television & New Media, 20:4, pp. 36678, https://doi.org/10.1177/1527476418806092.
     [Google Scholar]
  4. Arora, P. (2019b), ‘General data protection regulation – a global standard? Privacy futures, digital activism, and surveillance cultures in the global south’, Surveillance & Society, 17:5, pp. 71725, https://doi.org/10.24908/ss.v17i5.13307.
     [Google Scholar]
  5. Arora, P. (2024), ‘The privilege of pessimism: The politics of despair towards the digital and the moral imperative to hope’, Dialogues on Digital Society, pp. 14, https://doi.org/10.1177/29768640241252103.
     [Google Scholar]
  6. Arun, P. (2019), ‘Penetrative or embracive? Exploring state, surveillance and democracy in India’, in A. P. D’Costa and A. Chakraborty (eds), Changing Contexts and Shifting Roles of the Indian State: New Perspectives on Development Dynamics, New York: Springer Publishing, pp. 20730.
     [Google Scholar]
  7. Arun, P. (2021), ‘In pursuit of personal data: A survey on state surveillance and democracy in India’, in P. R. deSouza, M. S. Alam and H. Ahmed (eds), Companion to Indian Democracy: Resilience, Fragility, Ambivalence, London: Routledge, pp. 23455.
     [Google Scholar]
  8. Babele, A. (2021), ‘Intrusive tech-enabled surveillance and “National Security” secrecy: Mounting concerns of mass snooping amid informational asymmetry’, International Journal of Law and Information Technology, 29:1, pp. 2456, https://doi.org/10.1093/ijlit/eaaa020.
     [Google Scholar]
  9. Bacchi, C. L. (2009), Analysing Policy: What’s the Problem Represented to Be?, London: Pearson.
     [Google Scholar]
  10. Bacchi, C. and Goodwin, S. (2016), ‘Making politics visible: The WPR approach’, in C. Bacchi and S. Goodwin (eds), Poststructural Policy Analysis: A Guide to Practice, London: Palgrave, pp. 1326.
     [Google Scholar]
  11. Basu, S. (2010), ‘Policy-making, technology and privacy in India’, Indian Journal of Law and Technology, 6:1, pp. 65–88, https://repository.nls.ac.in/ijlt/vol6/iss1/3. Accessed 25 March 2025.
     [Google Scholar]
  12. Basu, E. D. (2020), India’s Privacy Chowkidars: The Role of Civil Society Organizations in Shaping Digital Privacy Discourse & Data Protection Policymaking in India, Washington, DC: American University.
     [Google Scholar]
  13. Baxi, P. (2019), ‘Technologies of disintermediation in a mediated state: Civil society organisations and India’s Aadhaar project’, South Asia: Journal of South Asian Studies, 42:3, pp. 55471, https://doi.org/10.1080/00856401.2019.1602808.
     [Google Scholar]
  14. Ben-Shahar, O. (2019), ‘Data pollution’, Journal of Legal Analysis, 11, pp. 10459, https://doi.org/10.1093/jla/laz005.
     [Google Scholar]
  15. Bhandari, V., Bailey, R., Parsheera, S. and Rahman, F. (2021), ‘Comments on the (draft) Personal Data Protection Bill, 2019’, SSRN Electronic Journal, https://doi.org/10.2139/ssrn.4051127.
     [Google Scholar]
  16. Bhandari, V. and Sane, R. (2018), ‘Protecting citizens from the state post Puttaswamy: Analysing the privacy implications of the Justice Srikrishna Committee Report and the Data Protection Bill, 2018’, Socio-Legal Review, 14:2, pp. 143–69, https://doi.org/10.55496/uuiz9934.
     [Google Scholar]
  17. Borges, G. S. and de Moura Faleiros Júnior, J. L. (2021), ‘Decolonial thinking in Brazil: Perspectives for overcoming digital colonialism through the protection of human rights’, Studia Prawnicze: rozprawy i materiały, 2:29, pp. 4353, https://doi.org/10.48269/2451-0807-sp-2021-2-003.
     [Google Scholar]
  18. Burman, A. (2023), ‘Understanding India’s New Data Protection Law’, Carnegie India, 3 October, https://carnegieindia.org/2023/10/03/understanding-india-s-new-data-protection-law-pub-90624. Accessed 27 November 2023.
  19. Choudhury, D. K. L. (2010), ‘From laboratory to museum: The changing culture of science and experiment in India, c. 1830–56’, in D. K. L. Choudhury (ed.), Telegraphic Imperialism: Crisis and Panic in the Indian Empire, c. 1830, London: Palgrave, pp. 1130.
     [Google Scholar]
  20. Chowdhury, N. (2023), ‘Intermediary responsibility for constitutional harms’, Journal of Information Policy, 13, pp. 6084, https://doi.org/10.5325/jinfopoli.13.2023.0006.
     [Google Scholar]
  21. Cohn, B. S. (2021), Colonialism and Its Forms of Knowledge: The British in India, Princeton, NJ: Princeton University Press.
     [Google Scholar]
  22. Dar, M. A. and Wani, S. A. (2023), ‘COVID-19, personal data protection and privacy in India’, Asian Bioethics Review, 15:2, pp. 12540, https://doi.org/10.1007/s41649-022-00227-0.
     [Google Scholar]
  23. Deepak, M., Mansi, K., Aarti, R., Mayank, M. and Krithika, R. (2024), The State of India's Digital Economy Report 2024, New Delhi: Indian Council for Research on International Economic Relations.
     [Google Scholar]
  24. Digital Personal Data Protection Act (2023), CG-DL-E-12082023-248045, https://www.meity.gov.in/static/uploads/2024/06/2bf1f0e9f04e6fb4f8fef35e82c42aa5.pdf. Accessed 20 June 2024.
  25. Giuliani, E. M. (2015), ‘Strangers in the village? Colonial policing in rural Bengal, 1861 to 1892’, Modern Asian Studies, 49:5, pp. 1378404, https://doi.org/10.1017/s0026749x14000262.
     [Google Scholar]
  26. Greenleaf, G. (2011), ‘Promises and illusions of data protection in Indian law’, International Data Privacy Law, 1:1, pp. 4769, https://doi.org/10.1093/idpl/ipq006.
     [Google Scholar]
  27. Gupta, I. and Naithani, P. (2023), Separating personal data protection from non-personal data governance’, Economic and Political Weekly, 58:36, pp. 1923.
     [Google Scholar]
  28. Headrick, D. (2010), ‘A double-edged sword: Communications and imperial control in British India’, Historical Social Research/Historische Sozialforschung, 35:1, pp. 5165, https://doi.org/10.12759/hsr.35.2010.1.51-65.
     [Google Scholar]
  29. Henne, K. (2019), ‘Surveillance in the name of governance: Aadhaar as a fix for leaking systems in India’, in B. Haggart, K. Henne and N. Tusikov (eds), Information, Technology and Control in a Changing World: Understanding Power Structures in the 21st Century, New York: Springer Publishing, pp. 22345.
     [Google Scholar]
  30. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules (2021), Ministry of Electronics and Information Technology (MeitY), Government of India. Pub. L. No. No. 98, REGD. No. D. L.-33004/99 CG-DL-E-25022021-225464, https://www.meity.gov.in/static/uploads/2024/02/Information-Technology-Intermediary-Guidelines-and-Digital-Media-Ethics-Code-Rules-2021-updated-06.04.2023-.pdf. Accessed 24 March 2025.
  31. Jain, A., Bapat, K. and Waghre, P. (2022), ‘IFF’s first read of the draft Digital Personal Data Protection Bill, 2022’, Internet Freedom Foundation, 18 November, https://internetfreedom.in/iffs-first-read-of-the-draft-digital-personal-data-protection-bill-2022/. Accessed 24 June 2024.
  32. Karppinen, K. and Moe, H. (2019), ‘Texts as Data I: Document analysis’, in H. Van den Bulck, M. Puppis, K. Donders and L. Van Audenhove (eds), The Palgrave Handbook of Methods for Media Policy Research, London: Palgrave, pp. 24962, https://doi.org/10.1007/978-3-030-16065-4_14.
     [Google Scholar]
  33. Kaviraj, S. (2003), ‘A state of contradictions: The post-colonial state in India’, in The Imaginary Institution of India: Politics and Ideas, Cambridge: Cambridge University Press, pp. 14563, https://doi.org/10.7312/kavi15222-006.
     [Google Scholar]
  34. Khera, R. (2017), ‘Impact of Aadhaar on welfare programmes’, Economic and Political Weekly, 52:50, pp. 6170.
     [Google Scholar]
  35. Kumar, T. (2020), ‘How welfare shapes beneficiaries’ political and economic behavior: Evidence from two programs in India’, Doctoral thesis, California: University of California, Berkeley, https://escholarship.org/uc/item/4wb8b20t. Accessed 12 March 2025.
  36. Mahapatra, S. (2021), Digital Surveillance and the Threat to Civil Liberties in India, Hamburg: German Institute for Global and Area Studies.
     [Google Scholar]
  37. Mignolo, W. D. (2007), ‘Coloniality of power and de-colonial thinking’, Cultural Studies, 21:2–3, pp. 15567, https://doi.org/10.1080/09502380601162498.
     [Google Scholar]
  38. Mohanty, Bedavyasa (2016), ‘Inside the machine: Constitutionality of India’s surveillance apparatus’, Indian Journal of Law and Technology, 12:2, pp. 208–35, https://doi.org/10.55496/XQBG3866.
     [Google Scholar]
  39. Mukhopadhyay, A. (2002), ‘Crime and criminality in colonial Bengal’, Proceedings of the Indian History Congress, 63, pp. 96886.
     [Google Scholar]
  40. Noorani, A. G. (1985), ‘Legislation on phone-tapping’, Economic and Political Weekly, 20:19, pp. 82222.
     [Google Scholar]
  41. Noorani, A. G. (2009), ‘India: A security state’, Economic and Political Weekly, 44:14, pp. 1315.
     [Google Scholar]
  42. Pagallo, U. (2017), ‘The group, the private, and the individual: A new level of data protection?’, in L. Taylor, L. Floridi and B. van der Sloot (eds), Group Privacy: New Challenges of Data Technologies, New York: Springer Publishing, pp. 15973, https://doi.org/10.1007/978-3-319-46608-8_9.
     [Google Scholar]
  43. Panigrahi, S. (2022), ‘Marginalized Aadhaar: India’s Aadhaar biometric ID and mass surveillance’, Interactions, 29:2, pp. 1619, https://doi.org/10.1145/3517173.
     [Google Scholar]
  44. Pickard, V. (2019), ‘Historical analysis’, in H. Van den Bulck, M. Puppis, K. Donders and L. Van Audenhove (eds), The Palgrave Handbook of Methods for Media Policy Research, London: Palgrave, pp. 50918.
     [Google Scholar]
  45. Prasad, M. D. and Menon, C. S. (2020), ‘The Personal Data Protection Bill, 2018: India’s regulatory journey towards a comprehensive data protection law’, International Journal of Law and Information Technology, 28:1, pp. 119, https://doi.org/10.1093/ijlit/eaaa003.
     [Google Scholar]
  46. Press Information Bureau (2023), ‘80.10 crore beneficiaries availing benefits of public distribution system through 5.45 lakh fair price shops across the country’, 21 July, https://pib.gov.in/pib.gov.in/Pressreleaseshare.aspx?PRID=1941387. Accessed 7 June 2024.
  47. PUCL v. Union of India and Ors (1997), AIR 1997 SC 568, https://privacylibrary.ccgnlud.org/case/pucl-vs-union-of-india. Accessed 26 June 2024.
  48. Puttaswamy v. Union of India and Ors (2017), 10 SCC 1, AIR 2017 SC 4161, https://privacylibrary.ccgnlud.org/case/justice-ks-puttaswamy-ors-vs-union-of-india-ors.
  49. Puttaswamy and ANR v. Union of India and Ors (2018), https://privacylibrary.ccgnlud.org/case/justice-ks-puttaswamy-and-ors-vs-union-of-india-uoi-and-ors. Accessed 27 June 2024.
  50. Raman, B. (2012), Document Raj: Writing and Scribes in Early Colonial South India, Chicago, IL: University of Chicago Press, https://press.uchicago.edu/ucp/books/book/chicago/D/bo13657793.html. Accessed 20 June 2024.
     [Google Scholar]
  51. Rangaswamy, N. and Arora, P. (2016), ‘The mobile internet in the wild and every day: Digital leisure in the slums of urban India’, International Journal of Cultural Studies, 19:6, pp. 61126, https://doi.org/10.1177/1367877915576538.
     [Google Scholar]
  52. Regan, P. M. (2002), ‘Privacy as a common good in the digital world’, Information, Communication & Society, 5:3, pp. 382405, https://doi.org/10.1080/13691180210159328.
     [Google Scholar]
  53. Ricaurte, P. (2019), ‘Data epistemologies, the coloniality of power, and resistance’, Television & New Media, 20:4, pp. 35065, https://doi.org/10.1177/1527476419831640.
     [Google Scholar]
  54. Saluja, D., Shrivastava, K., Jacob, A. and John, O. (2022), ‘The urgent need for actionable and comprehensive data protection legislation in India’, Economic and Political Weekly, 57:53, https://www.epw.in/journal/2022/53/special-articles/urgent-need-actionable-and-comprehensive-data.html. Accessed 26 June 2023.
     [Google Scholar]
  55. Sengoopta, C. (2003), Imprint of the Raj: How Fingerprinting was Born in Colonial India, London: Macmillan.
     [Google Scholar]
  56. Singha, R. (2015), ‘Punished by surveillance: Policing “dangerousness” in colonial India, 1872–1918’, Modern Asian Studies, 49:2, pp. 24169, https://doi.org/10.1017/S0026749X13000462.
     [Google Scholar]
  57. Sinha, A. (2018), ‘India’s data protection framework will need to treat privacy as a social and not just an individual good’, Economic and Political Weekly, 53:18, pp. 112, https://www.epw.in/engage/article/for-indias-data-protection-regime-to-be-efficient-policymakers-should-treat-privacy-as-a-social-good. Accessed 19 June 2024.
     [Google Scholar]
  58. Sinha, A., Hickok, E., Bedi, P., Mohandas, S. and Rajwade, T. (2020), ‘Comments to the Personal Data Protection Bill 2019’, The Centre for Internet and Society, 20 February, https://cis-india.org/internet-governance/blog/comments-to-the-personal-data-protection-bill-2019. Accessed 24 June 2024.
  59. Sombra, T. L. (2020), ‘The general data protection law in Brazil: What comes next?’, Global Privacy Law Review, 1:2, pp. 16119, https://doi.org/10.54648/gplr2020083.
     [Google Scholar]
  60. de Sousa Santos, B. (2021), ‘Postcolonialism, decoloniality, and epistemologies of the south’, Oxford Research Encyclopedia of Literature, online first, https://doi.org/10.1093/acrefore/9780190201098.013.1262.
     [Google Scholar]
  61. Srikrishna, B. N. (2018), ‘A free and fair digital economy: Protecting privacy, empowering Indians: Committee of Experts under the chairmanship of Justice B. N. Srikrishna’, Meity, 27 July, https://www.meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf. Accessed 19 June 2024.
  62. Srinivasan, J., Bailur, S., Schoemaker, E. and Seshagiri, S. (2018), ‘The poverty of privacy: Understanding privacy trade-offs from identity infrastructure users in India’, International Journal of Communication, 12:20, pp. 122947.
     [Google Scholar]
  63. Stalder, F. (2002), ‘Privacy is not the antidote to surveillance’, Surveillance & Society, 1:1, pp. 12024, https://doi.org/10.24908/ss.v1i1.3397.
     [Google Scholar]
  64. The Personal Data Protection Bill (2019), The Ministry of Electronics and Information Technology (MeitY), Government of India, Bill No. 373 of 2019, https://prsindia.org/files/bills_acts/bills_parliament/2019/Personal%20Data%20Protection%20Bill,%202019.pdf. Accessed 25 March 2025.
  65. Thomas, P. N. (2019), ‘The expansion of politics as control: Surveillance in India’, in A. Athique, V. Parthasarathi and S. V. Srinivas (ed.), The Politics of Digital India: Between Local Compulsions and Transnational Pressures, Oxford: Oxford University Press, pp. 3366, https://doi.org/10.1093/oso/9780199494620.003.0002.
     [Google Scholar]
  66. Thorat, D. (2020), ‘Colonial topographies of internet infrastructure: The sedimented and linked networks of the telegraph and submarine fiber optic internet’, South Asian Review, 40:3, pp. 25267, https://doi.org/10.1080/02759527.2019.1599563.
     [Google Scholar]
  67. Vila Seoane, M. F. (2021), ‘Data securitisation: The challenges of data sovereignty in India’, Third World Quarterly, 42:8, pp. 173350, https://doi.org/10.1080/01436597.2021.1915122.
     [Google Scholar]
  68. Xynou, M. and Hickok, E. (2016), ‘Security, surveillance and data sharing schemes and bodies in India’, The Centre for Internet and Society, https://cis-india.org/internet-governance/blog/security-surveillance-and-data-sharing.pdf/view. Accessed 20 June 2024.
     [Google Scholar]
  69. Taylor, L. (2017), ‘What is data justice? The case for connecting digital rights and freedoms globally’, Big Data & Society, 4:2, https://doi.org/10.1177/2053951717736335.
     [Google Scholar]
/content/journals/10.1386/jdmp_00177_1
Loading
  • Article Type: Article
Keywords: decolonization ; privacy ; India ; surveillance ; digital policy ; Global South ; data protection ; post-structuralist policy analysis

Most Cited Most Cited RSS feed

This is a required field
Please enter a valid email address
Approval was a success
Invalid data
An error occurred
Approval was partially successful, following selected items could not be processed due to error
Please enter a valid_number test