admin 
DATA PROTECTION LAWS IN INDIA
by Sameer Samal
Introduction:
A multitude of opportunities are currently emerging from data-centred-technologies in India causing rapid innovation and development in sectors such as the financial, healthcare, agricultural, manufacturing and the transport and logistics industry. These data-centred-technologies are and will be increasingly responsible for the safety and security of the ever-expanding personal data involvement. Hence, it is important to establish a regulatory framework that promotes innovation and development in the data-driven digital economy while ensuring informational privacy of individuals. In its decision, Hon’ble Supreme Court of India has already held informational privacy as a vital part of an individual’s right to privacy under Article 21 of the Constitution of India. However, apart from the privacy perspective, there exists various other facets to personal data security. Therefore, data protection laws in India are examined with an object to understand the existing regulatory obstacles, if any.
Existing Laws:
The Information Technology Act, 2000: The Information Technology (Amendment) Act, 2008 inserted the following data protection provisions:
- Section 43A- Compensation for failure to protect data- Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.
- Section 72A- Punishment for disclosure of information in breach of lawful contract- save as otherwise provided in this Act or any other law for the time being in force, any person including any intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both.
The Central Government had issued a ‘clarification’ to the Information Technology (Reasonable Security Practices & Procedures & Sensitive Personal Data or Information) Rules, 2011. On a closer examination of the above provisions it can be understood that they are only compensatory in nature. The provisions provide only compensatory measures after data has been already been breached and no preventive and regulatory provisions are prescribed.
Proposed Laws:
The Ministry of Electronics and Information Technology of the Government of India, on the directions of the Hon’ble Supreme Court, established a committee led by Justice (Retd.) Shrikrishna to frame a data protection legislation. The committee submitted its report and proposed the Draft Personal Data Protection Bill, 2018. The Bill faced negative feedback from the involved stakeholders and thus an amended Bill was introduced as the Personal Data Protection Bill, 2019. It is a comprehensive data protection framework consisting of all facets of personal data and its involvement in various fields. It deals with the following aspects:
- Categorization of personal data into general personal data, sensitive personal data and critical personal data depending upon the type and nature of personal information.
- Data ownership
- Data collection
- Data transmission
- Data processing
- Data dissemination
- Data storage
- Relationship between data principal and data fiduciary
- Data localisation measures
- Third-party involvement
These are but a few aspects that the Personal Data Protection Bill, 2019 governs. However, the Bill has not been presented and passed in the Parliament yet.
This blog is very informative about Cyber laws in India. Loads of people do not know about them so this helps a lot!!
The cyber laws is India is a weak law . We should adopt a hybrid of Germany and China model.
The proposed laws should be implemented as soon as possible. The cyber security laws in India is yet to reach a place where the victims are comfortable enough to report.
The thinking of we can do anything and everything by sitting at our homes and on laptop’s is what the hackers and cyber criminal think off but the data protection law are the laws which governs and rules the cyber world as to protect people digitally and this is more effective only when people support and come forward against these crimes and how to deal with such crimes the law is provided which is detailed in the article
Extremely informative and helpful. As most of the people don’t know about the cyber laws.
India has plethora of laws but when it comes to its enforcement it’s total zero even the existing laws are more than enough to deal with the cyber crimes but cyber crime cannot be only dealt with well formed laws but it need an expert and skilled manpower in order to prevent these attacks and also to investigate them. It is pressing need of future that we take this seriously and form an body capable of preventing these cases.
Really good article it really help me to understand things easily
Great article got to know about the laws regarding information and security
This is an informative article and the cyber law in India is not much strong so to make it work at the track and more than compensation there must be punishment for heinous crimes for this we the people have to spread that what are the changes can be made to make the law more better and convenient to the people so that they can get the justice they deserve. the proposed law consist of many new things which are required to be added and the bill must be passed as it can lead to betterment of cyber protection law. well researched and explained article.
This article explains the data protection laws in India, the existing laws, and its provisions. It also mentions the proposed law regarding the same. The people need to be aware of all these basic things and this could be very useful for basic information.
Great Article
The article at primary level proves to be informative for the readers. It is listing out how India is concerned with protecting the data, till what level. Still the article needs to elaborate the topic with current apps used by government , status of laws and application in regard to data protection day by day, when the cyber crimes are advancing and creating a lot problem for users . It should also be seen that whether current laws are just okay or need any further amendments to cope up with cyber crimes relating to data protection and management…….
The article effectively explains about data protection laws in India and also discuses the Personal Data Protection Bill, 2019. The data protection bill is need of the hour as in this time of pandemic data protection is a serious concern which should not be overlooked.
This article clearly gives information regarding data protection law in India. This law does not correctly address privacy-related harms in the data economy in India.
Finding all the important details at a single place is hard , but this article mostly covers everything.This article is very informative about Cyber laws in India which is helpful to be aware of.