File Copyright Online - File mutual Divorce in Delhi - Online Legal Advice - Lawyers in India

Laws in India governing Facial Recognition Technology

The right to privacy has been included under the ambit of A.21 thus making it a fundamental right after the judgement of the Hon'ble S Supreme Court in the case of Justice K.S. Puttaswamy (Retd.) v Union of India[1]. Facial recognition technology has been more or less unregulated before the Personal Data Protection Bill, 2019.

Information Technology Act, 2000

The Information Technology Act, 2000 classifies biometric data as sensitive personal data, and contains rules for collection, disclosure and sharing of such information.

In the event of violation, recourse can be taken to section 43A of the IT Act, which reads as follows:
Body corporate' possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates is negligent in implementing and maintaining reasonable security practices and procedures, and thereby causes wrongful loss or wrongful gain to any person, this body corporate will become liable to pay damages as compensation to the affected person.

However, the fundamental flaw with this is that it only applies to body corporates and leaves scope of misuse by the government and its agencies.

The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016
The Aadhaar Act was the first legislation in India specifically dealing with the collection, storage and processing of biometric data. Three categories of information are prescribed by the Aadhar Act:
  • Section 2 (n) 'identity information' in respect of an individual, includes his Aadhaar number, his biometric information and his demographic information;
  • Section 2 (g) 'biometric information' means photograph, finger print, Iris scan, or such other biological attributes of an individual as may be specified by regulations;
  • Section 2 (j) 'core biometric information' means finger print, Iris scan, or such other biological attribute of an individual as may be specified by regulations;

It goes on to classify biometric information as 'sensitive personal data or information' as defined under the Information Technology Act, 2000.

The Aadhaar scheme permits a requesting entity (whether an individual or agency)[2], to seek authentication of the UID of an individual in relation to his/her biometric information.[3] The Act incorporates some principles reflected in the GDPR such as seeking consent of principal[4], keeping individuals informed about the purpose of data collection[5] and provision for one's own information[6].

The violations of the Aadhaar Act may result in imprisonment that may extend to 3 years in some cases and a penalty with a maximum cap ranging from ten thousand rupees to one-lakh rupees or both.

Personal Data Protection Bill, 2019

The PDP Bill has classified the use of facial recognition technology as 'sensitive personal data'. Relevant provisions of the bill:
  • Clause 3 (7): 'biometric data' defined which includes 'facial images' as a part of it.
  • Clause 3 (36): categorizes 'biometric data' as 'sensitive personal data', as compared to critical or general data.
  • Clause 33: It states that 'sensitive personal data' may be transferred outside India, but must be stored in India. Nevertheless, transfer of 'sensitive personal data' shall be subject to conditions laid out in.
  • Clause 34: Lays down the conditions for transfer of sensitive personal data outside India.
    1. After explicit consent is given by the data principal, transfer may be made if:
      1. It is for an intra-group scheme approved by the Authority if rights are protected and the data fiduciary assumes liability for non-compliance.
      2. The Central Government allows such transfer if it finds that such data has had an adequate level of protection and the transfer does not affect the enforcement of laws
      3. Such transfer has been allowed by the Authority for any specific purpose.
    2. Sensitive personal data may be transferred outside India on specified grounds such as:
      1. A medical emergency as per S. 12.
      2. Transfer to a country or international organization where the Central Government has concluded that it does not harm the security or strategic interest of India.
  1. KS Puttaswamy v. Union of India, (2017) 10 SCC 641
  2. AA 2016, s. 2(u).
  3. AA 2016, s. 8(1).
  4. AA 2016, s. 8(2)(a).
  5. AA 2016, s. 8(3).
  6. AA 2016, s. 28(5).

Law Article in India

Ask A Lawyers

You May Like

Legal Question & Answers

Lawyers in India - Search By City

Copyright Filing
Online Copyright Registration


How To File For Mutual Divorce In Delhi


How To File For Mutual Divorce In Delhi Mutual Consent Divorce is the Simplest Way to Obtain a D...

Increased Age For Girls Marriage


It is hoped that the Prohibition of Child Marriage (Amendment) Bill, 2021, which intends to inc...

Facade of Social Media


One may very easily get absorbed in the lives of others as one scrolls through a Facebook news ...

Section 482 CrPc - Quashing Of FIR: Guid...


The Inherent power under Section 482 in The Code Of Criminal Procedure, 1973 (37th Chapter of t...

The Uniform Civil Code (UCC) in India: A...


The Uniform Civil Code (UCC) is a concept that proposes the unification of personal laws across...

Role Of Artificial Intelligence In Legal...


Artificial intelligence (AI) is revolutionizing various sectors of the economy, and the legal i...

Lawyers Registration
Lawyers Membership - Get Clients Online

File caveat In Supreme Court Instantly