Data privacy, occasionally also appertained to as information privacy, is an
area of data protection that concerns the proper running of sensitive data
including, especially, particular data but also other nonpublic data, similar to
certain financial data and intellectual property data, to meet nonsupervisory
conditions as well as guarding the confidentiality and invariability of the
Roughly speaking, data protection spans three broad orders, videlicet,
traditional data protection (similar as backup and restore clones), data
security, and data privacy as shown in the Figure below. icing the privacy of
sensitive and particular data can be considered an outgrowth of stylish
practices in data protection and security with the overall thing of achieving
the continual vacuity and invariability of critical business data.
Security becomes an important element in guarding the data against external and
internal pitfalls but also when determining what digitally stored data can
participate and with whom. In a practical sense, data privacy deals with aspects
of the control process around participating data with third parties, how and
where that data is stored, and the specific regulations that apply to those
nearly all countries in the world have introduced some form of legislation
concerning data privacy in response to the requirements of a particular
assiduity or section of the population.
Data Privacy isn't a single concept or approach. rather, it's a discipline
involving rules, practices, guidelines, and tools to help associations establish
and maintain needed situations of sequestration compliance.
Data sequestration is generally composed of the following six rudiments:
- Legal frame. Prevailing legislation legislated and applied to data
issues, similar to data privacy laws.
- Programs. Established business rules and programs to cover workers and
stoner data sequestration.
- Practices. Stylish- practices put in place to guide IT structure, data
sequestration, and protection.
- Third-party associations. Any third-party associations, similar to pall
service providers, that interact with data.
- Data governance. norms and practices used to store, secure, retain, and
- Global conditions. Any differences or variations of data sequestration
and compliance conditions among legal authorities around the world similar
to the U.S. European Union( EU).
Data sequestration is a subset of the broader data protection conception. It
includes traditional data protection-- similar to data backups and disaster
recovery considerations-- and data security. The thing of data protection is to
ensure the continued sequestration and security of sensitive business data while
maintaining the vacuity, thickness, and invariability of that data.
Data Privacy Laws and Acts
The Constitution of India doesn't patently grant the abecedarian right to
sequestration. still, the courts have read the request to sequestration into the
other being abecedarian rights, ie, freedom of speech and expression under Art
19( 1)( a) and right to life and particular liberty under Art 21 of the
Constitution of India. still, these Abecedarian Rights under the Constitution of
India are subject to reasonable restrictions given under Art 19( 2) of the
Constitution that may be assessed by the State.
Lately, in the corner case of Justice K S Puttaswamy( Retd.) & Anr. vs. Union
of India and Ors
., the constitution bench of the Hon'ble Supreme Court has
held the Right to sequestration as an abecedarian right, subject to certain
India presently doesn't have any express legislation governing data protection
or sequestration. still, the applicable laws in India dealing with data
protection are the Information Technology Act, of 2000, and the (Indian)
Contract Act, of 1872. A codified law on the subject of data protection is
likely to be introduced in India in the near future.
The (Indian) Information Technology Act, of 2000 deals with the issues relating
to the payment of compensation( Civil) and discipline( Criminal) in case of
unlawful exposure and abuse of particular data and violation of contractual
terms in respect of particular data.
Under section 43A of the( Indian) Information Technology Act, 2000, a corporate
body who enjoys, dealing or handles any sensitive particular data or
information, and is careless in enforcing and maintaining reasonable security
practices performing in unlawful loss or unlawful gain to any person, also
similar body corporate may be held liable to pay damages to the person so
affected. It's important to note that there's no upper limit specified for the
compensation that can be claimed by the affected party in similar circumstances.
The Government has notified the Information Technology (Reasonable Security
Practices and Procedures and Sensitive Personal Data or Information) Rules,
2011. The Rules only deal with the protection of" Sensitive particular data or
information of a person", which includes similar particular information which
consists of information relating to:
- Fiscal information similar to a bank account or credit card or
disbenefit card or other payment instrument details;
- Physical, physiological, and internal health conditions;
- Sexual exposure;
- Medical records and history;
- Biometric information.
Computer related offenses
Section 66 provides that if any person, dishonestly or fraudulently does any act
referred to in section 43, he shall be punishable with imprisonment for a term
which may extend to three years or with fine which may extend to Rs 5,00,000
(approx. US$ 8,000)) or with both.
Data Subjects' Rights
Data subjects (people whose data is collected and processed) have certain rights
regarding their personal information. These rights should be communicated to
- The right to be informed. Data subjects must be informed about the
collection and use of their personal data when the data is obtained.
- The right to access their data. A data subject can request a copy of
their personal data via a data subject request. Data controllers must
explain the means of collection, what's being processed, and with whom it is
- The right of rectification. If a data subject's data is inaccurate or
incomplete, they have the right to ask you to rectify it.
- The right of erasure. Data subjects have the right to request the
erasure of personal data related to them on certain grounds within 30 days.
- The right to restrict processing. Data subjects have the right to
request the restriction or suppression of their personal data (though you
can still store it).
- The right to data portability. Data subjects can have their data
transferred from one electronic system to another at any time safely and
securely without disrupting its usability.
- The right to object. Data subjects can object to how their information
is used for marketing, sales, or non-service-related purposes. The right to
object does not apply where legal or official authority is carried out, a
task is carried out for public interest, or when the organization needs to
process data to provide you with a service for which you signed up.
Why does India need to modernize its data protection laws?
Because of the numerous gaps that must be closed, there is an urgent need to
update the current data protection regulations. As follows:
- The Information Technology Act's clause only addresses "body corporate"
data gathering and processing. As a result, other than that, no other data
is protected. Even if the data is sensitive, it is not protected by this as
it is freely accessible in the public domain.
- Even while the Aadhar will stay private when connected to your personal
information and that information would be shared with the Income Tax
Department, the Income Tax Act does not contain any provisions for data
- The Personal Data Protection Bill gives the authority unrestricted power
and allows the officer or the Data Protection Authority to enforce steps
against a person such as an arrest, detention, or any other required action
without the consent of the court.
- The PDPB law makes no reference to a required or specified period of
time for reporting a data breach. Additionally, a complaint may only be made
after harm has been done, so this does not at all prevent data breaches.
Additionally, even though the bill has not yet been passed, it may grant the
government full access to civilian data.
- Acc. to the measure, if the State so desires, data may be processed even
In addition, there is no minimum age requirement in India for joining the
social media sites that are most susceptible to data breaches.
Govind v. State of Madhya Pradesh
In this case, the issue was similar to that in the Kharak Singh case. It was
held by the Hon'ble Supreme Court that the police regulations were not in
conformity with the personal freedom of a person and the right to privacy is
part of a fundamental right but it should be considered and looked upon
according to each case or developed by case to case.
Maneka Gandhi v. Union of India
In this case, the interpretation of Article 21 by the Hon'ble Supreme Court was
done in a broader sense. This case interpreted the Right to Life in a different
and wide way that made the Right to Privacy fall within the ambit of the right
There are still certain gaps that need to be addressed even though India is
attempting to establish and create legislation for data protection and privacy.
Due to the critical importance of this new area of law in the modern day, our
Indian legislature must take into account the benefits of data protection and
privacy legislation from around the globe and advance its implementation and
development. There are numerous data protection regulations in other countries
that, if adopted and effectively enforced in India, might help to reduce
problems with data protection.