Data Protection laws in India

“Data Protection Laws in India”

-by Prachi Jain

“Cambridge Analytica Scandal came into limelight in which, it was alleged that facebook saw millions of user’s data by illegal means and use the data in an improper manner to hinder the election of other countries. Us Federal Trade Commission imposed a penalty of 35,000crore on facebook, alleged to influence the outcome of 2016 US election.”

In present scenerio, with the rapid changes in our society, every person somehow depend on modern technologies for their everyday transactions. Therefore, it is necessary to secure data to avoid crimes related to cyber law and to protect the privacy of individual. In India, there is no proper laws or acts enforceable for the protection of data. Even our country is not yet a part or a member to any convention or protocol on protection of personal data. Legistative authority of our country has also not enacted specific laws or legislation on data protection. In 2018, government has tried to pass an act in relation to the protection of data but unfortunately, the Parliament did not pass the act due to some conflicts in the bill. Hence, there is no active law of data protection is enforceable in India.

Right to privacy as Fundamental Right:

Finally after so long a safeguard is provided by courts in a landmark Judgement given by Hon’ble Supreme Court of India in August 2017 i.e. K.S. Puttuswami (Retd.) v. Union of India (2015) 8 SCC 735, famously known as “Aadhar Card Case” in which it was held that “Right to Privacy” is considered as “Fundamental Right” under “Article21” of “Indian Constitution” as a part of right to “life” and “personal liberty”.”Information privacy” has been recognised as being a facet of the right to privacy and the court held that information about a person and the right to access that information also needs to be given the protection of privacy (Privacy Judgement). The court stated that every person should have the right to control commercial use of his or her identity. However, this is the first time when court recognised the protection of data as individuals right1.

GDPR (General Data Protection Regulation) :

European Parliament has approved and adopted the GDPR in April, 2016 with effect from May 25, 2018. When a report was prepared in Europe which clearly shows that how companies use the data of its consumer which is an infringement of their privacy. European government has adopted this to protect the personal data or privacy of the citizens.

In India
By this step of EU, India also moved its focus to enacted data protection laws in India. In accordance to this, in July 2017, Indian government appointed a committee under the chairmanship of former judge of Supreme Court Justice B.N. Shri Krishna to draft a bill on data protection but at that time Parliament rejected the bill and decided to reintroduced the bill again in 2020.

Information Technology Act,2000

Information technology act 2000 deals with relevant laws in India. The IT Act, 2000 deals with the issues relating to use of data for illegal purpose and misuse of personal data.

The Information Technology Act, 2000 amended by the Information Technology (Amendment) Act (2008) which add on the provisions for the protection of electronic data. The purpose of this act is not to fullfil all the needs of data protection but the provisions under this act somehow is in relation to data protection. It has provisions for punishment (criminal) and compensation (civil) actions for wrongful disclosure and misuse or transfer of data. Section 43(A) and section 72(A) of IT act came into force on 27th October 2009. And the rules came into force on 12th September 20162.

• Compensation:

Section 43(A), Compensation for failure to protect data.–Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected3.

• Criminal Liability:

Section 72(A), Punishment for disclosure of information in breach of lawful contract.–Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likelyto cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both.]4

Conclusion:

As it is said that “Data is the oil of 21st century”. It means that companies possess and sell the personal data of the users. And through this, it is easy for a state to take control over any other state. In 21st Century, to control a state it isn’t necessary to send military force. Now, it can be take place by capture the personal data of that state. In India, we need to enact strict laws because we cann’t protect our country by mere declaring a cat as a tiger. We need to take proper actions by way of enactment of laws or acts for such purpose.

Reference and bibliography:

1. www.linklaters.com

2. www.linklaters.com

3. Ins. by S.37 ibid. (w.e.f. 27-10-2009)

4. Ins. by S.22 ibid. (w.e.f. 27-10-2009)

• Bare Act of Constitution of India
• Bare Act of Information Technology Act, 2000
• Information Technology (Amendment) Act, 2008

Thank you