Updated: Jul 27, 2020

[Authored by Deb Zyoti Das, 1st-year B.B.A LL.B student at National Law University, Shimla (HPNLU)]


Smartphone has become one of the basic necessities along with cloth, shelter and food. With the wave of digitization, the usage of mobile phones has increased in every sector of the economy. Payments, bookings, shopping, academic excellence, and even suit proceeding are made effective, by sitting in one place. But, loopholes are associated with every good system. On average there is a minimum of 30 applications installed on a mobile phone. Every time an app is installed, it asks for access to a person’s data including contacts, gallery, camera, navigation, etc. Recently, due to tension along the Indo-China border, the Indian government banned 59 apps of Chinese origin, owing to breach of privacy and issue of National security. Further, it would be elaborated about the confidentiality of personal information shared with apps and law associated with it. In addition to it, specific emphasis would-be put-on the necessity and move of the central government banning the apps.

Whenever an app is installed through Play Store or Apple Store, subconsciously we click on the term ‘I Agree/Accept’. This term is associated with the legal agreement between the mobile application and the user. It consists of the terms and condition, that users have to be agreed upon to enjoy the service. All the terms and conditions specified therein are rarely read by us. This causes trepidation regarding personal data security. By accepting the terms and conditions, we agree to share our contact details, bank card details, message details, access to the gallery, location, address, and even individual taste.

Privacy Norms For Apps

Every application has to fulfill certain requirements so that the application does not get rejected. These requirements are different for every operating system (iOS, MacOS, and Android). The common requirement among both is data privacy.

Following are the basic requirement that every app’s privacy policy should have:

i) Description about app owner.

ii) The data that has been collected and mode by which that data is collected.

iii) The legal basis for collection of data.

iv) The purpose for which data is collected.

v) Which third party will have information about personal data?

vi) The right of the users

vii) Notification regarding change in the privacy policy, if any.

In iOS and MacOS, from October 3, 2018, a new guideline has been issued. The app store connect requires adoption to the privacy policy for all the new apps and updates for the old apps before they can be presented for the distribution on the app store.[1] The privacy guideline is specified in Article 5.1.1 of the Apple app store review guideline. It states that:

A) Identify the data that app collects and how and where that data is used

B) If an app shares the data with a third party, then it had to ensure compliance with the apps privacy guideline and protect the personal data.

C) Explain its data deletion policy and procedure by which the consent of the user can be revoked.

For an Android App, user privacy is subject to Google Developer Policy Centre’s User Data Guidelines. It states that the user’s data usage must be transparent. It includes the use of data, sharing of data, and disclosing the collection. If the app handles the sensitive data of individuals, then certain additional norms have to be followed. The policy also makes it mandatory to comply with Google Play’s minimum privacy requirement and additional requirements if required by the applicable statute.[2] The basic element for the app’s privacy policy for android is the same as that of iOS. The non-compliance to privacy norms may lead to a huge and hefty amount of fine and leave open to litigation.

Data Protection and Privacy in India: Laws & Policy

India is not a party to any convention on the protection of personal data which is equivalent to the GDPR or the Data Protection Directive. It is a party to other international declarations and conventions, which recognize the right to privacy. But, India doesn’t have legislation especially aimed at securing the privacy

concerns of its citizens.

Although, the Information Technology Act, 2000 is amended in order to secure personal information and privacy. There is the addition of Section 43-A & Section 72-A, which provides damages on disclosure of personal data. There is Information Technology (Reasonable Security Practices and Procedure and Sensitive Personal Data or Information), issued by the central government of India under 43-A of IT act. These rules provide the business and commercial entities to meet basic elements of the privacy policy and prevent disclosure of sensitive information which are in consonance with the General Data Protection Regulation and Data Protection Directives.

The personal data is also protected by the precedent set up court under common law principle, the principle of natural justice and principle of justice, equity, and good conscience. The Privacy Judgment was deciphered, in the landmark case of Justice Puttaswamy v Union of India.[3] In the case, SC asserted that informational privacy is the part of the right of privacy under Article 21 of the constitution of India. The information about the person and the right to access the information also needed to be protected under the right to privacy. Every person has the right to restrict the use of his personal information and disseminate it. It was the first time that SC has recognized the right in respect to personal data.

To ensure that this right is available against private entities, the Government of India has constituted a committee to draft a bill in respect of the same. Committee has framed ‘Personal Data Protection Bill 2019’. It will be recognized as India’s first statue on personal data. The PDP bill proposes that personal data must have complied with seven principles:

i. The processing of personal data should be fair and reasonable.

ii. It should be for a special purpose

iii. The necessary personal data should be only collected.

iv. Lawful

v. Adequate notice of data processing should be given to individual

vi. The personal data processed should be complete and not misleading

vii. The data can be stored so long as it is necessary.

Banning of 59 Chinese Apps: Legal Aspect

The government of India on 29th June 2020, banned the functioning of 59 China-based mobile applications. The action as stated by officials were taken “for safety, security, defense, sovereignty & integrity of India and to protect data & privacy of people of India”.

Under what provision was the action taken?

The Ministry of Electronics and Information & Technology invoked its power under Section 69A of IT Act 2000 r/w IT Rules 2009. Section 69A of the act[4] states that:

(1) Where the Central Government or any of its officer specially authorized by it in this behalf is satisfied that it is necessary or expedient so to do, in the interest of sovereignty and integrity of India, defense of India, the security of the State, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offense relating to above, it may subject to the provisions of sub-section (2) for reasons to be recorded in writing, by order, direct any agency of the Government or intermediary to block for access by the public or cause to be blocked for access by the public any information generated, transmitted, received, stored or hosted in any computer resource.

(2) The procedure and safeguards subject to which such blocking for access by the public may be carried out shall be such as may be prescribed.

(3) The intermediary who fails to comply with the direction issued under sub-section (1) shall be punished with imprisonment for a term which may extend to seven years and shall also be liable to fine.

Assessing the Constitutional Validity of 69A of the IT Act

Supreme Court of India in the case of Shreya Singhal v Union of India[5] has upheld the constitutional validity of section 69A of IT Act, 2000. Section 69A permits the government to block the application or any content for accessibility of public in lieu of happening of certain conditions. SC ruled that the proper procedure must be followed if such conditions are met. The originator of content must be given an opportunity of representation. It also involves multiple levels of decision making and review. All the safeguards must be followed.


The IT Ministry contended that these China-based apps were stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers that have locations outside India and don’t sufficient reasons under the privacy laws to do so. The firms behind these were given 48 hours to provide clarification concerning data sharing norms under Chinese law. The Chinese law requires every firm to share its data with the country’s intelligence agency irrespective of the country in which they are functioning. Following the rules of natural justice i.e. fair opportunity of being heard, there is the formation of Joint secretary Panel. The panel consists of officials from the ministry of law, telecom, IT, and Home Affairs. This panel will hear the clarifications from the representative of the company. The panel is honored with all power to ask for documents and issue show-cause notice. The final decision to permanently ban the apps or not is of the secretary-level panel.


So, on the grounds of national security and sovereignty of India, action taken by the government is sound as well as lawful. In my opinion, a compilation of data and its categorization by firms, in a way that is harmful to the nation’s security, defense and impede upon sovereignty and integrity of the country, is a matter of immediate concern and thus urgent measures undertaken is need of the hour. The privacy of 130 crore Indians is at stake, in some aspect or other. Yes, there will be financial losses to both sides. But, amidst border tensions and Chinese laws mandating companies to share information of users with it, the action taken by the government to prevent the transmission of data is appropriate. The action is as of now interim but with the scope of being permanent. Although the ban can be challenged in the courts and it will be by the companies, but for now the Government has asked the judiciary to hold off on it.

[1] Privacy Policy for iOS and macOS Apps, URL: https://www.iubenda.com/en/help/401-privacy-policy-for-ios-and-macos-apps, accessed on 2nd July, 2020

[2] Privacy Policy for Android Apps, URL: https://www.iubenda.com/en/help/11552-privacy-policy-for-android-apps, accessed on 2nd July, 2020

[3] Justice Puttaswamy (Retd.) and Anr. v Union of India and Ors., available at (https://www.supremecourtofindia.nic.in/supremecourt/2012/35071/35071_2012_Judgement_26-Sep-2018.pdf)

[4] Information Technology Act, 2000, URL: https://indiankanoon.org/doc/10190353/, accessed on 3rd July, 2020


114 views0 comments