Protection of Action taken in Good Faith in Personal Data Protection Bill,
2019 - A Comparative Analysis with Indian and International Jurisprudence
Privacy, as an essential human right recognized under Article 12 of the
Universal Declaration of Human Rights, has also been guaranteed under Article
21 of Constitution of India as a fundamental right by the Supreme Court
in Justice K.S. Puttuswamy v Union of India
. It is imperative to realize
that, to preserve the integrity and dignity of a human being, one's personal
life needs to kept private i.e. non-accessible to the public view. Privacy
enables a person to create a barrier and manage as to what kind of information
and to what extent it can be accessed by the public.
In the current epoch of
digital revolution, where most of the privacy of an individual can be accessed
by social media companies like Facebook, Twitter or Microsoft, it became a
critical factum to create specific rules and regulations in order to preserve
privacy of an individual. Therefore, in the wake of such revolution, most of
countries like Latin America, Chile, Columbia, Mexico and all of the Europe
created specific statutes which legalized the privacy of their citizens. In
India however, a committee of experts headed by Justice B.N. Srikrishna submitted
a report which lead to enunciation of Personal Data Protection Bill, 2019.
Analysis - Good Faith In Personal Data Protection Bill, 2019
In the aforementioned Bill,
the terms Data Principal and Data Fiduciary are stated, in which the former
includes any individual whose privacy is in question and the latter regards to
any individual or a team which established the purpose and means of processing
that specific data.
Handling any individual's privacy requires an element of
trust, and therefore, Data Fiduciary are intended to perform their set of
regulations in accordance with the expectations of the Data Principal and the
specific statute. Any act which is not performed in good-faith or not intended
to be in compliance with the said statute would be considered a violation of the
Bill. Under article 88 of the Data Protection Bill, 2019, it states that no
suit, prosecution or any other legal proceedings shall lie against the Authority
or Chairperson... for anything which is done in good faith or intended to be
done under this act. Good faith has not been defined under the said act but
have been used in numerous legislation and statutes in India for example, 2(h)
of the Limitation Act, 1963 which defines good faith as an act not done
with due care and attention.
In Jitender Kumar Gupta v Sukhbir Singh Saini,
court held that:
What amounts to good faith or due diligence on the part of the
plaintiff will depend upon facts of each case and no hard and fast rule can be
laid down for the same. In any event of the matter, the said provision of law
will not help a party who is guilty of negligence, lapse or inaction and in a
casual approach continues to pursue a remedy before a court of law where no
prudent person after exercising reasonable care would invoke or continue to
pursue such a remedy. However, in the case law of the European Court Of
Justice, the notion of Good faith refers to the legitimate belief on the part of
the parties regarding the certain existences of certain applicable rules of law.
ECJ has consistently held that national courts must apply the rules of community
law as interpreted by the ECJ, but in the case of Sarah Margaret Richards v
Secretary of State for Work and Pensions
, the court has held that, this
restriction can be spared if there is a significant uncertainty regarding the
implications of community provisions and the legal relationships have been
formed in Good faith.
In General Clauses Act, 1897, the term good faith
has been defined under
section 3(22), which states that:
a thing shall be deemed to be done in good
faith where it is in fact done honestly, whether it is done negligently or
However, in the headnote of the same section, it has been stated that,
unless there is anything repugnant in the subject or context, which basically
infers that, this definition of the term would not be applicable if it poses a
conflict with the intention of the said provision or the statute.
In Maung Aung
Pu v Maung Si Maung
, it was cited that the Indian Contracts Act, 1872 didn't
have the definition of the term good faith
however, with the reference to the
General Clauses Act, the court stated that the definition would not be
applicable simply because the term would pose an incompatibility with the said
The definition of good faith
in Indian Penal Code, 1860 is
mentioned under section 52, which states a negative corollary as, an act done
without due care and attention. Due care, or reasonable care, has been
defined in Blackstone's dictionary as, such a degree of care, precaution, or
diligence as may fairly and properly be expected or required, having regard to
the nature of the action, or of the subject-matter and the circumstances
surrounding the transaction.
It is such care as an ordinary prudent person would exercise under the
conditions existing at the time, he is called upon to act. Moreover, the
preamble of the Data Protection Act, 2019 emphasizes on the element of trust
with reference to the data privacy of an individual, therefore, the threshold
for application of the defense of protection of action taken in good faith
becomes higher and the courts would probably have to satisfy whether at the
time, the data fiduciary or any relevant authority complied with due care and
It's also imperative to understand the fiduciary relationship that
the data fiduciary or any individual processing the data under the scope of
article 88 in the said act and the data principal holds to infer the good faith
The relationship can be analogized to the public information officer,
defined under section 5(3) of the RTI Act, 2005 as an authority which deals with
the requests and assists the concerned individual filing the RTI under the RTI
In Central Board of Secondary Education v Aditya Bandyopadhyay
court expanded the term fiduciary relation as, The term fiduciary
refers to a
person having a duty to act for the benefit of another, showing good faith and candour,
where such other person reposes trust and special confidence in the person owing
or discharging the duty. The term fiduciary relationship
to describe a situation or transaction where one-person (beneficiary) places
complete confidence in another person (fiduciary) in regard to his affairs,
business or transaction(s).
The term also refers to a person who holds a thing
in trust for another (beneficiary).The fiduciary is expected to act in
confidence and for the benefit and advantage of the beneficiary and use good
faith and fairness in dealing with the beneficiary or the things belonging to
the beneficiary. Under section 8(1)(j) and section 11 of the RTI Act, 2005,
the requirements of privacy and confidentiality while assisting and processing
the RTIs to the relevant public authority creates such a fiduciary relationship
with higher standards of trust and honesty. Furthermore, under section 21 of the
said act, there is similar immunity granted as article 88 of the DPB, 2019,
which creates further requirement of test under action taken in good faith or
intended to do under the act.
In Harjeet Singh v DM (North)
, the central
information commission held that, the SPIO was exempted from protection under
the good faith clause under the RTI Act, since he wasn't due diligent enough,
acted negligently and recklessly while processing the relevant documents and
through factual circumstances, also was deduced to having mala fide
In Swift Knit Pvt. Ltd v ITO
which dealt with the mistake of
bona fide which exempted an accountant from the liability imposed under the
Income Tax Act, the court held that, Bona fide error is a very general and
sweeping statement. It should be demonstrated with circumstantial evidence as to
how this error has happened; what is operating force in the mind of person who
has prepared the return, and how he failed to comprehend a particular item.
In Central Estates Ltd v Woolgar
which was a case in which the courts have
attempted to decipher the meaning of good faith as accordance with the
Leasehold Reforms Act, 1967, Megaw Law LJ stated that, The words 'in good
faith', in my opinion, mean 'honestly'. A claim is not made honestly if it is
made with the intention of committing a criminal offence, or of facilitating the
future commission of a criminal offence.
This seems a contrast with Indian
statutes granting far more restrictions and limitations on how good faith clause
can be used in order to exempt from liabilities of the violating parties, but it
also depends on the intention of the legislator behind that statute.
In Herrington and Carmichael v The Trustee
, the case which dealt with the
defense of good faith by creditor on preferential payments, Russel J held that:
good faith requires more than personal honesty, it required an acknowledgment
of the creditor that the action would also not amount to such preferential
payment. Therefore, the type of relationship that the statute creates also
becomes an important factum to derive the threshold with the regards to the
applicability of the good faith defense.
In article 88 of the DPB, 2019, the second part of the section also
includes the defense, intended to do under the act
which also can be a
corollary to the good faith principle. In Mahesh Kumar Agarwal v State of Madhya
, the plaintiff filed a case against the Municipal Council for
non-performance of sending a notice prior to an anti-encroachment drive. In this
case, the respondents used section 318 under the Municipalities Act, 1961 which
exempted the Municipal Council for any act done in good faith or intended to be
performed in pursuant of the said act. The court held that, the use of words
intended to be done under this Act
is of paramount importance.
If a person has intention of performing any duty under the Act, then he would be
covered under this phrase. The intention can be gathered from the surrounding
circumstances and the conduct of the parties. In the present case, even
according to the plaintiffs when a notice was given to the Municipal Council,
then it was specifically replied that, a notice was given to the plaintiffs for
removal of encroachment. Only when the plaintiffs did not remove the
encroachment, then anti-encroachment drive was undertaken.
Therefore, in this case, the court still emphasized that it was important for
the Municipal Council to act in accordance with the statute, however, if because
of any externalities, the act could not be duly performed would still exempt the
council from any suit against such inaction.
However, this wouldn't be an
inference to state that any negligence on the account of the party to which the
duty was owed would also be exempted from such action. It's important to
understand that, the requirement for due diligence under the Data Protection
Bill would be read with the exemption of intention to perform an act under the
said clause. Furthermore, in this said clause, the second half should not be
read independently without concluding that the action was done in good faith.
In Municipal Corporation of Hyderabad v T.V. Sarma,
the court held that:
It is settled law that the word or can be read as and
and the word
and can be read as or where it is necessary to do so in order to give effect
to the intention of the legislature. Therefore, any action intended to be
performed with accordance with the said statute would be presumed that it was
performed with due diligence and good faith, since it's necessary to achieve the
objective and purpose of the act.
Therefore, we can conclude on this note that, the term Good faith by Indian
jurisdictions have provided as a defense, notwithstanding the fact that it
should be honest, and not negligent conduct of the individual in question. The
Personal Data Protection Bill, 2019 would have similar analogous interpretations
of the said Article, which would further enforce much more preservation and
shield to a Data principal's privacy with respect to the Data Fiduciary.
- Article 12, UNHCR.
- Article 21, Constitution of India.
- K.S. Puttuswamy v Union of India.
- Article 88, Personal Data Protection Bill, 2019
- Section 2(h), Limitation Act, 1963.
- Jitender Kumar Gupta v Sukhbir Singh Saini.
- Sarah Margaret Richards v. Secretary of State for Work and Pensions.
- General Clauses Act, 1897.
- Maung Aung Pu v Maung Si Maung.
- Indian Penal Code, 1860.
- Blackstone Dictionary.
- Central Board of Secondary Education v Aditya Bandyopadhyay.
- Harjeet Singh v DM (North).
- Swift Knit Pvt Ltd v ITO.
- Central Estates Ltd v Woolgar.
- Herrington and Carmichael v The Trustee.
- Mahesh Kumar Agarwal v State of Madya Pradesh.
- Municipal Corporation of Hyderabad v T.V. Sarma.