DATA PROTECTION AND PRIVACY
By Nandini :-
As we all are well aware of the fact that we do have laws related to data security despite of this, our data is nowhere secured. People who are negligent about their privacy get trapped very easily and face a lot of bad consequences. Our data is unsecured in various ways as when we allow any app the permission for media, camera etc. It absorbs all your data and as we know there are no less hackers out there, they are just seeking a chance to commit a cybercrime.
Data protection and privacy is not defined as such but we can say that it deals with the ability an organization or individual has to determine what data in a computer system can be shared with third parties.
The IT Act provides for an adjudicating officer to be appointed to adjudicate whether a person has contravened the IT Act or its rules where the claim of injury or damages does not exceed 50 million rupees. If the claim exceeds 50 million rupees, the adjudicating authority would be the civil court. The Secretary to the Ministry of Information Technology in each state government has been appointed as the adjudicating officer. The adjudicating officer has all powers of a civil court. These include summoning the attendance of persons and examining them on oath, requiring the discovery or production of documents and other electronic records, receiving evidence on affidavits and issuing commissions for the examination of witnesses or documents
- It also authorizes police to investigate a offence under section 72 and 72 A of the IT Act.
The bill on Data Protection
In July 2018, a draft bill on data protection was recommended in B.N. Srikrishna Committee which was formed by the Ministry of Electronics & Information Technology. The Committee submitted their report in July 2018 along with the draft Personal Data Protection Bill, which will have jurisdiction on the processing of personal data, if that data is used, shared, disclosed, collected or otherwise processed in India, and its purpose is data localization, it mandates that every data fiduciary be stored in a server located in India.
It is divided into two parts:-
- Personal Data – Data relating to a natural person who is easily identifiable.
- Sensitive Personal Data – It means data revealing password, financial or health data, sexual orientation, caste or tribe, sex life, transgender status, etc.
Article 21- RIGHT OF LIFE AND LIBERTY
Under Article 21 of Indian constitution, which states that every citizen of India shall have a fundamental right of life and liberty except according to procedure established by law. The ambit of Article 21 is very vast and it includes a Right to Privacy clause in it . That no person shall be deprived of their right to privacy, everyone has a fundamental right of privacy. This was decided in 2017, from the below case.
- JUSTICE K.S PUTTASWAMY AND ANR VS. UNION OF INDIA
The Supreme Court held that privacy is a constitutionally protected right which arises out of Article 21 of the Indian Constitution.
INFORMATION TECHNOLOGY ACT,2000
Under IT Act 2000, some rules of private information which could be construes are enlisted which are as follows:-
(ii) financial information
(iii) health parameters (including physical, physiological and mental health conditions and medical records or history)
(iv) sexual orientation
(v) biometric information
- Section 43-A of the act says that Where a body corporates (company, firm or any sole proprietorship) possess any sensitive, personal data or information and is negligent about its protection and security and causes any wrongful loss or wrongful gain, then such a body corporate shall be held liable to pay damages to such affected person whose data was harmed through compensation.
- Section 72 prescribes criminal punishment if a government official discloses records and information accessed by him or her in the course of his or her duties without the consent of the concerned person or unless permitted by other laws.
- Section 72A – provides for criminal punishment if while performing any contract, a service provider discloses personal information without the consent of the person concerned or in breach of a lawful contract and he or she does so with the intention to cause, or knowing he or she is likely to cause, wrongful loss or wrongful gain.
- Section 75 – states that the provisions of the IT Act shall apply to an offence or contravention committed outside India by any person if the act or conduct constituting an offence or contravention involves a computer, computer system or computer network located in India.Disclosure of sensitive personal data which is availed to the body incorporated is not permitted under IT Act. It can be done only with prior permission from the provider of such information, or only if the disclosure is necessary for compliance of a legal obligation.
- LLOYD VS GOOGLE LLC
The data protection class action against Google which found that they are permissible in the case of DPA breaches for the Safari Workaround. The case sets a precedent for representative opt-out style class actions for data protection breaches under UK law. An application for permission to appeal to the Supreme Court is pending.
The GDPR is the new European Union (EU) legal framework governing the use of personal data across the EU. It lays down rules relating to the protection of natural persons with regard to the processing and free movement of personal data.
The GDPR regulates the processing of personal data wholly or partly by automated means and to the processing other than by automated means relating to individuals in the EU. The GDPR does not apply to the processing of personal data which is done by an individual in the course of a purely personal or household activity or by competent authorities for preventing, detecting or prosecuting criminal offences or executing criminal penalties.
The importance and need for the Data Protection Law is ~
- For regulating and processing the data.
- Protection of the rights of the individual
- Enforcement of Privacy and security rules against unauthorized access.
- Giving punishments if someone fails to comply with the policies prescribed.