Ensuring Digital Confidentiality: A Comprehensive Guide to Data Privacy Laws in India
The term "personal data" refers to any information about an individual that
can be used to either directly or indirectly identify that individual. As a
result, this information can be linked to a person's physical, psychological,
economic, cultural, or other identity in the social world. Since the advent of
the internet age, technological advancement has experienced a previously
unheard-of and steadfast increase.
A considerable lot of these innovations should be taken care of with genuine
information to appropriately work. Hence, there has been an expansion in the
need and accordingly, interest for information on the lookout. As a result,
businesses and other stakeholders have recently gathered, stored, transferred,
shared, and utilized a significant amount of data.
This led to what we today know as large information. This only gets worse with
each new user who joins the internet and uses web services in different ways.
Despite the fact that the convenience it offers the human race makes the
internet age seem like a utopia, we now know that there are also negative
aspects to it. The idea of "data privacy" has sparked human interest due to this
The collective need of individuals, organizations, and nations for ensuring
privacy and security of personal data has gained momentum as humans realize the
numerous shortcomings and security concerns associated with sharing data,
particularly when done through an online medium (which can be said to be more
dangerous than offline data collection endeavors due to its spontaneity, lack of
public awareness, and unregulated nature).
The Indian government's recent decision to ban hundreds of computer and mobile
phone applications that it found were collecting, sharing, and using consumer
data in a way that could pose a threat to India's citizens and national security
is one example of this realization. The Indian government's move can be seen as
a practical extension of the Supreme Court's decision in Justice K.S.
Puttaswamy v. Union of India, which recognized and confirmed a person's
"right to privacy" as a fundamental right guaranteed by Article 21 of the Indian
Data privacy laws in IndiaAt present, the Information Technology Act, 2000 (as amended by the Information
Technology Amendment Act, 2008) read with the Information Technology Rules are
at the forefront of what can be pursued as India's data privacy or security
regime as they primarily deal with electronic commerce and cybercrime in India.
Therefore, it does not cover offline data transactions.
The 2008 Amendment was significant because it added Section 43A to the Act and
tried to fill a protection gap and provide the necessary provisions for the
protection of electronically provided sensitive personal information by
individuals. The section makes it the responsibility of any corporate body that
deals with sensitive personal data or information to protect it. It holds the
corporate body obligated to pay harms to the impacted person(s) in instances of
carelessness in keeping up with sensible security to safeguard concerned
information bringing about improper misfortune or unjust addition to any
As a result, it is a provision that aims to improve the security of personal
data. Further, Segments 72 and 72A reinforce this situation by giving "the
discipline for any individual who has tied down admittance to referenced
information or data in compatibility of any of the powers gave under the IT Act
Rules or Guidelines and reveals it to some other individual without the assent
of the individual concerned" and "the discipline for divulgence of data in break
of legal agreement", separately.
The penalties include substantial fines and up to three years in prison. These
provisions demonstrate that the Act has a limited scope because they only apply
to businesses that collect automated processing of "sensitive personal data and
information" through "computer resource" and allow victims of data breaches to
take legal action based on limited provisions.
However, Section 75 of the Act makes its application extraterritorial, making it
applicable to "an offense/ contravention committed outside India by any person
if the conduct constituting an offense involves a computer/ computer network
located in India." This broadens the Act's scope. However, due to restrictions
imposed by jurisdictions, the Act's effectiveness at the extraterritorial level
cannot be considered high.
As a result, the current data privacy situation in India is evidently endless
and limited in scope. By introducing a data privacy law geared toward consumers,
the cutting-edge Data Protection Bill, 2021 aims to improve India's position on
this front. India is also working on a data localization policy and limiting
cross-border data transfers.
In the ongoing period of globalization, it has become a lot simpler than it was
ever before to save and move Information. Nonetheless, this has had positive
outcomes as well as a few negative ramifications like the scandalous WhatsApp
Information spill case. Exploiting data and violating the general public's
privacy has become easier. There is no specific law on the subject because it is
a recent issue.
The Personal Data Protection Bill of 2019 was put forward in Parliament with the
intention of enacting a comprehensive central level law on the subject, but it
has not yet been implemented. Information Protection is critical in all circles
of life yet generally significantly in the corporate world. We have high hopes
for the Indian Data Protection Bill of 2021 because it is still being debated in
parliament and significantly outperforms the Personal Data Protection Bill of
2019, which was previously proposed. In addition, it attempts to be
one-of-a-kind legislation that is tailored to India's growing need for data
privacy and security as one of the world's largest consumer markets.
Written By: Saurabh Dwivedi
Law Article in India
You May Like
Legal Question & Answers