DATA PROTECTION AND PRIVACY
DATA PROTECTION AND PRIVACY
By Nandini :-
As we all are well aware of the fact that we do have laws related to data security despite of this, our data is nowhere secured. People who are negligent about their privacy get trapped very easily and face a lot of bad consequences. Our data is unsecured in various ways as when we allow any app the permission for media, camera etc. It absorbs all your data and as we know there are no less hackers out there, they are just seeking a chance to commit a cybercrime.
Data protection and privacy is not defined as such but we can say that it deals with the ability an organization or individual has to determine what data in a computer system can be shared with third parties.
The IT Act provides for an adjudicating officer to be appointed to adjudicate whether a person has contravened the IT Act or its rules where the claim of injury or damages does not exceed 50 million rupees. If the claim exceeds 50 million rupees, the adjudicating authority would be the civil court. The Secretary to the Ministry of Information Technology in each state government has been appointed as the adjudicating officer. The adjudicating officer has all powers of a civil court. These include summoning the attendance of persons and examining them on oath, requiring the discovery or production of documents and other electronic records, receiving evidence on affidavits and issuing commissions for the examination of witnesses or documents
- It also authorizes police to investigate a offence under section 72 and 72 A of the IT Act.
The bill on Data Protection
In July 2018, a draft bill on data protection was recommended in B.N. Srikrishna Committee which was formed by the Ministry of Electronics & Information Technology. The Committee submitted their report in July 2018 along with the draft Personal Data Protection Bill, which will have jurisdiction on the processing of personal data, if that data is used, shared, disclosed, collected or otherwise processed in India, and its purpose is data localization, it mandates that every data fiduciary be stored in a server located in India.
It is divided into two parts:-
- Personal Data – Data relating to a natural person who is easily identifiable.
- Sensitive Personal Data – It means data revealing password, financial or health data, sexual orientation, caste or tribe, sex life, transgender status, etc.
Article 21- RIGHT OF LIFE AND LIBERTY
Under Article 21 of Indian constitution, which states that every citizen of India shall have a fundamental right of life and liberty except according to procedure established by law. The ambit of Article 21 is very vast and it includes a Right to Privacy clause in it . That no person shall be deprived of their right to privacy, everyone has a fundamental right of privacy. This was decided in 2017, from the below case.
- JUSTICE K.S PUTTASWAMY AND ANR VS. UNION OF INDIA
The Supreme Court held that privacy is a constitutionally protected right which arises out of Article 21 of the Indian Constitution.
INFORMATION TECHNOLOGY ACT,2000
Under IT Act 2000, some rules of private information which could be construes are enlisted which are as follows:-
(ii) financial information
(iii) health parameters (including physical, physiological and mental health conditions and medical records or history)
(iv) sexual orientation
(v) biometric information
- Section 43-A of the act says that Where a body corporates (company, firm or any sole proprietorship) possess any sensitive, personal data or information and is negligent about its protection and security and causes any wrongful loss or wrongful gain, then such a body corporate shall be held liable to pay damages to such affected person whose data was harmed through compensation.
- Section 72 prescribes criminal punishment if a government official discloses records and information accessed by him or her in the course of his or her duties without the consent of the concerned person or unless permitted by other laws.
- Section 72A – provides for criminal punishment if while performing any contract, a service provider discloses personal information without the consent of the person concerned or in breach of a lawful contract and he or she does so with the intention to cause, or knowing he or she is likely to cause, wrongful loss or wrongful gain.
- Section 75 – states that the provisions of the IT Act shall apply to an offence or contravention committed outside India by any person if the act or conduct constituting an offence or contravention involves a computer, computer system or computer network located in India.Disclosure of sensitive personal data which is availed to the body incorporated is not permitted under IT Act. It can be done only with prior permission from the provider of such information, or only if the disclosure is necessary for compliance of a legal obligation.
- LLOYD VS GOOGLE LLC
The data protection class action against Google which found that they are permissible in the case of DPA breaches for the Safari Workaround. The case sets a precedent for representative opt-out style class actions for data protection breaches under UK law. An application for permission to appeal to the Supreme Court is pending.
GENERAL DATA PROTECTION REGULATION (GDPR)
The GDPR is the new European Union (EU) legal framework governing the use of personal data across the EU. It lays down rules relating to the protection of natural persons with regard to the processing and free movement of personal data.
The GDPR regulates the processing of personal data wholly or partly by automated means and to the processing other than by automated means relating to individuals in the EU. The GDPR does not apply to the processing of personal data which is done by an individual in the course of a purely personal or household activity or by competent authorities for preventing, detecting or prosecuting criminal offences or executing criminal penalties.
The importance and need for the Data Protection Law is ~
- For regulating and processing the data.
- Protection of the rights of the individual
- Enforcement of Privacy and security rules against unauthorized access.
- Giving punishments if someone fails to comply with the policies prescribed.
15 thoughts on “DATA PROTECTION AND PRIVACY”
Data protection and privacy are two very important aspects of increasing cyber crime in India. Just to protect their confidential data and maintain privacy, companies around the world are spending crores. The data protection bill is something beneficial for not only the companies but also the individuals. Article 21 of constitution of India itself includes right to privacy. The article covered all the necessary aspects of data protection and privacy, providing us all the information at one single place.
Thanks for the useful tips!
Good article but some more elaboration abt aim of bill is preferable! This bill implemented will empower the effectivity of IT provisions related to data privacy and hold entities processing data of individual responsible for any unethical activity thereby putting restrictions on cyber criminals.under this aggrieved party can make complete use of remedies available U.A 21 of C.O.I ! This bill will establish effective data protection authority in india
Nice information article… I would like to add on in the bill for data protection was suggested for to provide for protection of the privacy of individuals relating to their personal data, specify the flow and usage of personal data, create a relationship of trust between persons and entities processing the personal data, protect the fundamental rights of individuals whose personal data are processed
The revised Bill (2019)was criticized by Justice B. N. Srikrishna.
It’s important article
I am seemingly hopeful about the implications of upcoming Personal Data Protection Bill that is yet to be enacted. The government has already made frequent changes that are subject to debate regarding the data of users being shared with the authorities for investigation purposes. It would also be interesting to see what the apex court has to mark on it, in case we see some developments on the Bill and possibly Act in future.
A great topic, Data privacy can misused in many ways, like terrorism, fraud , phishing etc. Great work .
Very useful tips article
this article about data and privacy is still a question on security of indiviual whether they are safe or not .while violation of the law and right to privacy article 21 it acts a catastrophic to humanity .hence by this sort of information given by the author will be going to fettered from making further mistakes
Nice article and gain good knowledge
Data protection and privacy both are important to be discussed as it is need of the hour to make people aware about them. With evolution of technology, people are becoming more dependent on electronic means.
This article not only talk about privacy and protection in general sense but also talk about legal provisions related to it.
This article is very informative and well written.
This Article is very useful as we get to know about relevant Act and sections related to it.
Data protection is an question of hour because this question comes to mind of every user. Very recently it was found that zoom should be banned because the company was selling it’s user’s data . BHIM was also reported to be of vulnerable towards data attack. Simple principle is that anything over internet can be hacked into and this is a fact one way or the other. We need a better legislation, better system so that we can make our data safe from these. New technologies can be used in doing this.
Data protection and privacy are most likely terms for cyber security . Need to be more secure update your system install anti virus
Data protection and privacy are the major concerns of today and knowing about the laws that protect them and how they do so is the need of the hour . A good informative article.