Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.


Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence


Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
LIVE TV DownloadNews18 App
News18 English
News18 » India
2-min read

Right to Privacy: Nine Principles of Data Privacy in AP Shah Report

The Justice AP Shah Committee report outlined nine principles that were central to and defined the Right to Privacy.


Updated:August 24, 2017, 11:27 AM IST
Right to Privacy: Nine Principles of Data Privacy in AP Shah Report
A woman goes through the process of eye scanning for Aadhaar. (REUTERS)

New Delhi: In 2012, the Planning Commission and the Group of Experts on Privacy Issues held meetings on the question of the Right to Privacy. The meetings were chaired by Justice (retd.) AP Shah.

The Justice AP Shah Committee report outlined nine principles that were central to and defined the Right to Privacy.

Principle of Notice: This principle requires a data controller to notify all individuals of its information practices before collecting information from them.

Principle of Choice and Consent: Individuals divulging information must have a choice in the matter, according to this principle. There are two methods of getting the consent of an individual – the opt-in method and the opt-out method. No collection or processing of personal data should take place without consent, with the exception of authorized agencies.

Principle of Collection Limitation: A data controller should collect only as much information as is directly necessary for the purposes identified. The controller should also notify the person giving the information (data subject) through ‘lawful’ and ‘fair’ means.

Principle of Purpose Limitation: It requires that the collection or processing of information be restricted to only as much information as is adequate and relevant. It further states that the collection, procession, disclosure, usage of personal information by a data controller should be limited to the purpose notified and consented to the individual by the data controller, and that any change in this purpose must be notified to the individual.

Principle of Access and Correction: This principle requires that data subjects have access to the data held about them, the ability to seek corrections, amendment, or deletion of such data in case of inaccuracy, and the ability to confirm if a data controller is holding any information on them.

Principle of Disclosure of Information: According to this principle, the data subject (person whose information is taken) has the right to privacy in case their personal information is disclosed to a third party.

Principle of Security: This principle requires that a data controller ensure the security of the collected personal information by ‘reasonable security standards’ to protect from reasonably foreseeable risks. It specifically mentions the following possible dangers: loss, unauthorized access, destruction, use, processing, storage, modification, deanonymization (a strategy in which anonymous data is cross-referenced to identify the source) and unauthorized disclosure, either accidental or incidental.

Principle of Openness: This principle requires a data controller to make public all the information it can about the practices, procedures, policies and systems that it implements in order to comply with the National Privacy principles.

Principle of Accountability: This principle pins accountability on the data controller to comply with measures that fulfil the other eight principles. It states that such measures should include mechanisms to implement privacy policies. It specifically mentions the following: training and education, external and internal audits, and requiring organizations or overseeing bodies extend all necessary support to the Privacy Commissioner and comply with the Commissioner’s orders.

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

Subscribe to Moneycontrol Pro and gain access to curated markets data, trading recommendations, equity analysis, investment ideas, insights from market gurus and much more. Get Moneycontrol PRO for 1 year at price of 3 months. Use code FREEDOM.

| Edited by: Ananya Chakraborty
Read full article
Next Story
Next Story

Also Watch


Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results