Mentoassociates.com – Legal Articles

The era of digitization gave birth to entirely new markets which deal with the collection, organization, and processing of personal information, whether directly or as critical component of business. The outburst of Covid-19 and the lock-down has led to several challenges in various sectors regarding data privacy and protection; hence protection of data and privacy plays a much important role now, as there are several loopholes in which data can be breached and its security is at major risk.

Section 2 (o) of Information Technology Act,2000 defines “data” which means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts, magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

Data protection is the process of safeguarding important information from corruption, compromise or loss. Through the landmark judgment of Justice K.S Puttaswamy vs Union of India (AIR 2017 SC 4161), the Hon’ble Supreme Court held right to privacy is declared as a fundamental right under Article 21 of Indian Constitution. This judgment made general public realize that their data is intrinsic, important and therefore worthy of protection.

At present India does not have specific legislation in regard to data protections and privacy, although a Personal Data Protection Bill, 2019 was introduced in Lok sabha. There are many ambiguities as to the implementation of this bill, but there are some important enactments which focuses and governs privacy protection and personal data
• Information Technology Act, 2000.
• The Right to Information Act,2005
• Information Technology (Guidelines for intermediaries and digital media ethics code) Rules, 2021

Section 43A of the IT Act 2000 provides that whenever a corporate body possesses or deals with any sensitive personal data or information, and is negligent in maintaining a reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, then such body corporate shall be liable to pay damages to the persons so affected.

Section 72A of the IT Act 2000 provides that any person (including an intermediary) who, while providing services under the terms of a lawful contract, has secured access to any material containing personal information about another person, with the intent of causing or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both.

Section 8 (1)(j) of Right to Information Act – This section provides that the authorities are under no obligation to provide information to citizens regarding inter alia information which relates to personal information, the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the Central Public Information Officer or the State Public Information Officer or the appellate authority, as the case may be, is satisfied that the larger public interest justifies the disclosure of such information.

The Information technology (Guidelines for intermediaries and digital media ethics code) Rules, 2021 have been passed under sections 69A(2), 79(2)(c) and 87 of the Information Technology Act, 2000. Rule 4(2) provides that a significant social media intermediary providing services primarily in the nature of messaging shall enable the identification of the first originator of the information on its computer resource as may be required by a judicial order passed by a court of competent jurisdiction or an order passed under section 69 by the Competent Authority as per the Information Technology (Procedure and Safeguards for interception, monitoring and decryption of information) Rules, 2009. This rule is clearly a major threat to the privacy of the users and this was challenged by Whatsapp in Delhi High Court to quash a new government rule which is against right to privacy.

CONCLUSION:
India has gone more digital in this covid-19 pandemic era, than ever before. In this digital era, data is a valuable resource that needs to be protected and regulated. Right to privacy cannot be exercised effectively unless data is protected through a legal regime; therefore implementation of personal data protection bill becomes very important.

Authored by

RAMYA C N
Associate

Information Technology Act 2000 enlists various cyber offences and their punishments. The Acts gives serious punishment for tampering with computer source documents. Whoever intentionally conceals, destroys or alters any computer source code is liable for punishment with imprisonment up to 3 years or with fine which may extend up to Rs.2 lakh or with both. 

The Act views hacking with utmost seriousness. Whoever with intension to cause a wrongful damage to the public or any person destroys, deletes or alters any information residing in a computer resource commit hacking. Whoever commits hacking shall be punished with imprisonment up to 3 years or with fine which may extend upto Rs.2 lakh or with both.

  Whoever publishes information which is obscene in electronic form shall be punished with imprisonment which may extend to 5 years and with fine which may extend to Rs.1 lakh.  In the event of a second conviction for a similar offence, then imprisonment may extend to 10 years and with fine which may extend to Rs.2 lakhs.

  A certifying authority or any employee of such authority who fails to comply with an order of the controller may be punished with   imprisonment for a term not exceeding 3 years and also with fine not exceeding Rs.2 lakhs or both.

 If the subscriber or any person in-charge of any computer resource fails to assist any agency of the government when ordered to intercept any information transmitted through any computer resource, he may be punished with imprisonment for a term which may extend to 7 years. Similarly any person who secures access or attends to secure access, to a protected system will be punished with imprisonment for a term which may extend to 10 years and also be liable to fine.

Whoever makes any misrepresentation to or suppresses any material fact from the controller or the Certifying Authority for obtaining any license or Digital Signature Certificate, may be punished with imprisonment which may extend to 2 years or with fine which may extend to 1 lakh or with both.

Whoever knowingly creates, publishes or otherwise makes available a Digital Signature Certificate for any fraudulent or unlawful purpose shall be punished with imprisonment for a term which may extend to 2 years or with fine which may extend to 1 lakh or with both. The Information Technology Act also applies to an offence or contravention committed outside India by any person if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.

 Any computer, computer system, floppies, compact discs, tape drives or any other accessories related thereto, in respect of which any provision of the Information Technology Act, rules, orders or regulations made there under has been or is been contravened, shall be liable to confiscation.