DATA PROTECTION LAW IN INDIA
The era of digitization gave birth to entirely new markets which deal with the collection, organization, and processing of personal information, whether directly or as critical component of business. The outburst of Covid-19 and the lock-down has led to several challenges in various sectors regarding data privacy and protection; hence protection of data and privacy plays a much important role now, as there are several loopholes in which data can be breached and its security is at major risk.
Section 2 (o) of Information Technology Act,2000 defines “data” which means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts, magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.
Data protection is the process of safeguarding important information from corruption, compromise or loss. Through the landmark judgment of Justice K.S Puttaswamy vs Union of India (AIR 2017 SC 4161), the Hon’ble Supreme Court held right to privacy is declared as a fundamental right under Article 21 of Indian Constitution. This judgment made general public realize that their data is intrinsic, important and therefore worthy of protection.
At present India does not have specific legislation in regard to data protections and privacy, although a Personal Data Protection Bill, 2019 was introduced in Lok sabha. There are many ambiguities as to the implementation of this bill, but there are some important enactments which focuses and governs privacy protection and personal data
• Information Technology Act, 2000.
• The Right to Information Act,2005
• Information Technology (Guidelines for intermediaries and digital media ethics code) Rules, 2021
Section 43A of the IT Act 2000 provides that whenever a corporate body possesses or deals with any sensitive personal data or information, and is negligent in maintaining a reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, then such body corporate shall be liable to pay damages to the persons so affected.
Section 72A of the IT Act 2000 provides that any person (including an intermediary) who, while providing services under the terms of a lawful contract, has secured access to any material containing personal information about another person, with the intent of causing or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both.
Section 8 (1)(j) of Right to Information Act – This section provides that the authorities are under no obligation to provide information to citizens regarding inter alia information which relates to personal information, the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the Central Public Information Officer or the State Public Information Officer or the appellate authority, as the case may be, is satisfied that the larger public interest justifies the disclosure of such information.
The Information technology (Guidelines for intermediaries and digital media ethics code) Rules, 2021 have been passed under sections 69A(2), 79(2)(c) and 87 of the Information Technology Act, 2000. Rule 4(2) provides that a significant social media intermediary providing services primarily in the nature of messaging shall enable the identification of the first originator of the information on its computer resource as may be required by a judicial order passed by a court of competent jurisdiction or an order passed under section 69 by the Competent Authority as per the Information Technology (Procedure and Safeguards for interception, monitoring and decryption of information) Rules, 2009. This rule is clearly a major threat to the privacy of the users and this was challenged by Whatsapp in Delhi High Court to quash a new government rule which is against right to privacy.
CONCLUSION:
India has gone more digital in this covid-19 pandemic era, than ever before. In this digital era, data is a valuable resource that needs to be protected and regulated. Right to privacy cannot be exercised effectively unless data is protected through a legal regime; therefore implementation of personal data protection bill becomes very important.
Authored by
RAMYA C N
Associate