NHRC Hosts Open House Discussion on Privacy, Data Protection, and Corporate Digital Responsibility

New Delhi: The National Human Rights Commission (NHRC), India, organized an open house discussion on ‘Ensuring Privacy and Human Rights in the Digital Era: A Focus on Corporate Digital Responsibility’ at its premises. The session, held in hybrid mode, was chaired by NHRC Chairperson, Justice V. Ramasubramanian, in the presence of Justice (Dr) Bidyut Ranjan Sarangi, Secretary General Bharat Lal, and other senior officials, domain experts, and industry representatives.

Safeguarding Privacy in the Digital Age

Addressing the participants, Justice V. Ramasubramanian underscored the importance of protecting privacy as a fundamental human right in the digital world. He emphasized that technological advancements must align with human rights and data protection principles. Stressing individual responsibility, he urged citizens to maintain digital hygiene and be mindful of their data security. He also highlighted the declining value systems and warned about the long-term consequences of neglecting privacy concerns.

Challenges in Digital Literacy and Regulatory Gaps

NHRC Member, Justice (Dr) Bidyut Ranjan Sarangi, expressed concern over the lack of digital literacy, which leaves many individuals vulnerable to fraud and data misuse. He stressed the need to simplify digital processes to maximize safe usage for all citizens.

Setting the agenda for the discussion, NHRC Secretary General, Shri Bharat Lal, outlined the session’s key focus areas:

1. Establishing a proper regulatory framework and compliance mechanism
2. Building a culture of data privacy
3. Identifying threats and best practices

Citing 2023 data, he noted that India generates over 20% of global data but has only 3% of the world’s data storage capacity, making corporate involvement crucial. While regulations like the Digital Personal Data Protection Act, 2023 exist, data breaches and privacy concerns continue to rise. He emphasized that entities collecting and storing personal data must act as trustees, and any breach of this trust is unacceptable.

Key Discussions: Data Usage, Corporate Responsibility, and Consumer Rights

Participants raised concerns over the dominance of global technology companies, which complicates regulatory enforcement. Law enforcement agencies struggle to access critical data, as many firms store information offshore, posing jurisdictional challenges.

Cyber Law and Data Protection Framework

Discussions also covered gaps in India’s data protection regulations, particularly in enforcing timely reporting of data breaches (within 72 hours) and holding research institutions accountable for handling personal data. Government representatives highlighted ongoing consultations to strengthen data privacy laws and introduce the Right to Nomination to further protect user data.

Corporate Digital Responsibility & Compliance

Industry representatives shared best practices in data protection and digital well-being while also addressing challenges in adapting to evolving regulations. Companies transitioning from low digital penetration to structured data protection frameworks stressed the need for regulatory flexibility to comply with global standards like the EU’s General Data Protection Regulation (GDPR).

Corporate stakeholders also recommended that the Draft Digital Personal Data Protection Rules, 2025 include explicit penal provisions for non-compliance and clear guidelines for obtaining verifiable parental consent for minors.

Consumer Rights and Policy Simplification

The discussion also highlighted consumer concerns, with many users having little choice but to consent to data collection due to mandatory data-sharing models in digital services. Participants pointed out the ineffectiveness of TRAI’s Do-Not-Disturb (DND) mechanism, calling for more robust consumer protection policies.

Industry and Government Participation

The event witnessed participation from key representatives, including:

• Reserve Bank of India (RBI)
• Ministry of Electronics & Information Technology (MeitY)
• Centre for Railway Information Systems (CRIS)
• HDFC Bank, ICICI Bank, Policy Bazaar, MakeMyTrip, and NASSCOM
• Centre for Internet & Society (CIS) and SKOCH Development Foundation

The discussions underscored the need for joint efforts between individuals, corporations, and the government to safeguard privacy, promote digital security, and ensure responsible corporate practices in the evolving digital landscape.

With data privacy concerns intensifying, the NHRC’s initiative sets the stage for stronger legal frameworks, corporate accountability, and greater public awareness in India’s digital age.