[Shatakshi Singh, a fourth-year student at Symbiosis Law School, Noida, writes about the legal provisions associated with data protection.]


Governments around the world today find themselves shouldered with the dual responsibility of managing economies oiled by data and protecting individual privacy. Such a dichotomous situation begs clarity on three aspects of an effective data protection regime- protection of what, from whom and for whom. These three questions have today emerged as the most pensive issues regarding data protection that policymakers and interpreters around the world are faced with. The article seeks to answer these three questions drawing from the experiences of three parts of the world- the United States of America, the European Union and India. The article, after briefly introducing the concept and need of a data protection regime, discusses in some length the evolution of the right to privacy in India through an analysis of the judicial discourse on the same. Hereinafter, each of the three questions has been discussed in detail under three headers- each header dealing with one of the three jurisdictions. Answers to the three questions, in context of the three countries under study, shed light on the three aspects of an effective data protection regime- personal data, data subject and data controller. The subsequent section builds upon the answers thus obtained to present a scheme of standards that have gained repute and accolade at the international level and use the same as a benchmark to critically analyse the current nuances of the data protection laws in India. The concluding section of the article indicates the need for a consolidated data protection regime in the country while discussing the recent developments towards the same which is taking shape in the form of the data protection bill.