Privacy Policy and Data Protection Laws in India

Data security refers to a system of privacy rules, regulations, and procedures aimed at mitigating the interference into one's privacy triggered by the processing, storing, and distribution of personal data. Personal data usually refers to information or data belonging to a person that can be recognized by that information or data, whether obtained from any government or any private entity or department.

  Cyber   Dec 1, 2020   0  Add to Reading List
Privacy Policy and Data Protection Laws in India

Data Privacy Law in India

Data security refers to a system of privacy rules, regulations, and procedures aimed at mitigating the interference into one's privacy triggered by the processing, storing, and distribution of personal data. Personal data usually refers to information or data belonging to a person that can be recognized by that information or data, whether obtained from any government or any private entity or department.

The Constitution of India does not patently confer a constitutional right to privacy. However, in addition to the current constitutional rights, i.e. Freedom of Speech and Expression under Art 19(1)(a) and the Right to Life and Personal Liberty under Art 21 of the Constitution of India, the courts have read the right to privacy. However, these constitutional rights under the Constitution of India are subject to fair limitations laid down in Article 19(2) of the Constitution which may be enforced by the State. Recently, the landmark case of Justice K S Puttaswamy (Retd.) & Anr. In the case of the Union of India and Ors, the Constitutional Court of the Hon'ble Supreme Court held the Right to Privacy as a human right, subject to certain fair limitations.

India actually does not have any clear laws regulating data security or privacy. However, the related data security laws in India are the Information Technology Act, 2000 and the Indian Contract Act, 1872. Codified data security regulation is expected to be implemented in India in the near future. The (Indian) Information Technology Act, 2000 deals with problems relating to the payment of liability (Civil) and prosecution (Criminal) in the event of wrongful exposure and abuse of personal data and breach of contractual provisions with regard to personal data.

Pursuant to Section 43A of the (Indian) Information Technology Act, 2000, a corporate entity that owns, manages, or handles any confidential personal data or information and is lax in enforcing and sustaining fair protection standards resulting in unfair injury or wrongful benefit to any person may be held responsible for damages to the person concerned. It is necessary to remember that there is no upper limit on the compensation which can be sought by the person involved under certain circumstances.

Information Technology (Reasonable Protection Policies and Procedures and Confidential Personal Data or Information) Regulations, 2011 have been advised by the Government. The Rules concern only the protection of Sensitive personal details or records of an individual,' and covers such personal information as consists of information relating to:-

  • Passwords,

  • Financial documents such as checking statement or credit card or debit card or other specifics of payment instruments;

  • Physical, biochemical, and mental health conditions;

  • Women orientation;

  • Health history and histories;

  • Data on biometrics;

The rules provide for the necessary security policies and protocols to be implemented by a corporate body or any individual who gathers, owns, shops, trades or manages information on behalf of a corporate body when dealing with Personal sensitive data or information" In the event of such wrongdoing, the corporate body or any other individual working on behalf of the corporate body may be found responsible for damages to the person concerned.

Pursuant to Section 72A of the (Indian) Information Technology Act, 2000, the publication of information, knowingly and deliberately, without the permission of the individual concerned and in violation of the lawful contract, was also punished by imprisonment for a period of up to three years and a fine of up to Rs 5,000 (approximately US$ 8,000).

It should be noted that Section 69 of the Act, which is an exception to the general law of confidentiality and confidentiality of records, specifies that when the Government is convinced that it is appropriate in the interests of:

  • the sovereignty or dignity of India;

  • Protection of India,

  • Security of the State,

  • Friendly ties or relations with foreign countries

  • Public order or civic order

  • Preventing incitement to commit any identifiable crime related to the aforementioned or the above.

  • for the prosecution of some crime,

It can, by order, direct any government agency concerned to intercept, track or decode, or allow any information produced, distributed, obtained, or stored in any computer resource to be intercepted or monitored or decrypted. This provision empowers the Government to capture, track, or decode any information, even information of a personal nature, stored in any electronic resource.

Where the information is such that it should be revealed in the public interest, the Government may warrant the disclosure of such information. Details relating to anti-national actions against national security, infringements of the law or contractual duties, or theft which fall under this group.

To know more about, Privacy Policy laws in India, see the video below-

 

 


 

Law on Information Technology, 2000

The Information Technology Act, 2000 (hereinafter referred to as the 'IT Act is an act providing legal recognition for transactions carried out by way of electronic data transmission and other means of electronic communication, generally referred to as 'electronic commerce,' which includes the use of alternatives to paper-based methods of communication and storing of information to promote electronic commerce.


 

Grounds in which the Government can interfere with the data

Under Section 69 of the IT Act, any person appointed by the Government or any of its officials specially authorized by the Government, if it is satisfied that it is required or reasonable to do so in the interests of the sovereignty or dignity of India, the protection of India, the welfare of the State, ties of friendship with foreign States or public order, or to prevent the commission of any kind of cognition. Section 69 of the IT Act covers both interception and tracking as well as decryption for the purpose of prosecuting cybercrimes. Information Technology (Procedures and Protections for Interception, Tracking, and Monitoring) has also been advised by the Government

The Government has also notified the 2009 Rules on Information Technology (Procedures and Protections for Blocking Access to Information) pursuant to section 69A of the IT Act, which deals with the blocking of websites. Entry to numerous websites has been banned by the Authorities.


 

Penalty for injury to computers operating networks, etc. under the IT Act

Section 43 of the IT Act introduces a sentence, without prescribing any upper limit, on any of the following acts:

1. Entry or safe access to such a device, computer system, or data network;

2. Downloads, copies, or extracts any data, archive, or information from such device, computer system, or computer network, including information or data saved or stored in any disposable storage medium;

3. Introduces or allows any data contaminant or computer virus to be inserted into any computer, computer device, or computer network;

4. Damage or damage to any machine, computer system or computer network, records, computer database, or other programs within that computer, computer system, or computer network;

5. disrupts or disrupts any device, computer system, or computer network;

6. denies or induces denial of access by any means to any person allowed to access any device, computer system, or computer network; (g) offers any assistance to any person to allow access to a computer, computer system, or computer network in contravention of the provisions of this Act, the rules or regulations thereunder;

7. Charges for services made available by a person on behalf of another person by tampering with or accessing any computer, computer device, or computer network shall be liable for negligence by means of restitution to the person concerned.

8. destroys, deletes, or changes any knowledge that exists in a computer resource or diminishes its importance or usefulness, or injuriously affects it through any means;

9. Steel, conceals, removes or changes or allows any entity to cheat, cover, kill or modify any programming source code used for a computer resource intended to cause harm.


 

Modification of electronic source documentation as provided for in the IT Act, 2000.

Section 65 of the IT Act provides that anyone who deliberately or purposely conceals removes or changes any electronic source code used by a computer, computer device, computer system or computer network shall be liable for incarceration for up to three years or for a fine that may be extended if the computer source code is needed to be retained or maintained by statute for the time being in effect.

Computer-related Crimes

Section 66 states that if a person performs any act referred to in Section 43 in an unholy or dishonest manner, he or she shall be punished with imprisonment for a period which may extend to three years or a fine which may extend to Rs 5,000,000 (approximately US$ 8,000)) or both.

Penalty over breach of secrecy and confidentiality

Section 72 of the IT Act allows for a penalty for violations of secrecy and privacy. The Section provides that any person who in compliance with any of the powers bestowed on him or her by the Rules or Regulations of the IT Act, has secured access to any electronic record, journal, registry, correspondence, records, paper, or other material without the consent of the person concerned, shall be liable to imprisonment for a period of imprisonment without the consent of the person concerned.

To know more about, how to file a cyber-crime complaint in India, see the video below-

 


 

Conclusion

It's widely said, "Data is a new oil." If we want to dig into the genesis of this argument, we need to go back in time, when mineral oil was the most lucrative commodity, and almost every nation raced after it. Data displaced oil to become the most expensive commodity of the 21st century. This is obvious from the fact that five of the most valuable businesses in the world, including Amazon, Google, Apple, Microsoft, and Facebook, are part of the data business. At present, India does not have any clear laws implemented specifically for data security purposes. India's Data Security and Privacy Enforcement Framework are the Information Technology Act, 2000 and its related Information Technology Regulations, 2011. In addition, personal data is also covered under Article 21 of the Indian Constitution, which grants the right to privacy as a constitutional right to any individual. In a number of cases, the Supreme Court has ruled that information about a person and the ability to access that information from that person is also protected by the right to privacy.

To know more about, how to prevent data leak by employees in companies, see the video below-

 


 

By –

Kosha Doshi


 


 


 

Tags