This
article is written by our intern Ankita
Wani, who is pursuing LLM from A.K.K. New Law Academy, SPPU
University.
Introduction
"Privacy is not an option, and it shouldn't be the price we accept for just getting on the Internet." - Gary Kovacs, former CEO of Mozilla. The digital age has brought immense convenience and connection, but it has also raised critical concerns over personal data protection and privacy. The COVID-19 pandemic further amplified this issue, as individuals and businesses shifted online, relying heavily on digital platforms for work, communication, and daily activities. This dependence highlighted the urgent need for robust legal frameworks to safeguard personal data and prevent its misuse.
In India, the legal landscape concerning data privacy has evolved significantly in recent years. This article explores the key developments, including landmark judgments, legislative enactments, and ongoing challenges, to understand how India is navigating the complex landscape of data protection and privacy in the digital era.
Join our Telegram or WhatsApp group and
never miss a single update.
DEFINING DATA PROTECTION AND DATA
PRIVACY
Data
protection encompasses the systems and protocols implemented to safeguard any
important information from unauthorized access, theft, or loss. A comprehensive
data protection strategy involves proactive monitoring of data movements to
identify and mitigate potential risks effectively. For instance, encryption
protocols can be employed to secure sensitive data during transmission and
storage.
On
the other hand, data privacy, also referred to as information privacy,
emphasizes an individual's right to control their personal data, including its
collection, storage, and utilization by organizations. Privacy is considered a
fundamental human right, vital for upholding individual autonomy and fostering
a free society. An example of data privacy in action is the requirement for
explicit user consent before collecting and processing personal information for
targeted advertising purposes.
Failure
to uphold data protection and privacy principles can have severe repercussions,
such as identity theft, invasive marketing practices, and infringements on
individual freedoms. Therefore, it is imperative for organizations and
policymakers to prioritize data protection measures and enact robust privacy
regulations to mitigate these risks.
GLOBAL OUTLOOK
The
European Union's General Data Protection Regulation (GDPR) stands as a global benchmark
for data protection standards. Enacted in 2016 and enforced in 2018, the GDPR
mandates stringent measures for handling personal data, including prompt
reporting of data breaches and significant penalties for non-compliance. Its
impact extends beyond the EU borders, influencing data protection laws and
practices worldwide.
In
addition to the GDPR, other regions and countries have also enacted data
protection regulations tailored to their specific contexts. For example, the California Consumer Privacy Act (CCPA) in the United States grants
consumers greater control over their personal information held by businesses
operating in the state. Similarly, the Personal Data Protection Act (PDPA) in Singapore imposes
obligations on organizations to secure and manage personal data responsibly.
These
global initiatives reflect a growing recognition of the importance of data
protection and privacy in the digital age. As businesses operate in
increasingly interconnected and data-driven environments, adherence to
international data protection standards becomes imperative to foster trust and
accountability among users and stakeholders.
You
may like: Difference Between Ownership And
Possession, Jurisprudence
EVOLUTION OF DATA PRIVACY LAW IN INDIA
1. PRIVACY LAW AND INDIAN CONSTITUTION
The right to privacy, although not explicitly mentioned in the Indian Constitution, has been recognized as an intrinsic part of Article 21, which guarantees protection of life and personal liberty. This landmark interpretation came about in a series of judgements, beginning from M.P. Sharma vs. Satish Chandra (1954), Kharak Singh vs. State of U.P (1964), Govind vs. State of Madhya Pradesh (1975), PUCL vs. Union of India (1997), and culminating in K.S. Puttaswamy v. Union of India (2017), among others. These judicial pronouncements have affirmed the constitutional basis for the right to privacy and its critical importance in upholding individual freedoms in India.
2. IT Act and SAFEGUARDS
The Information Technology (IT) Act, 2000, serves as a foundational legislative framework for addressing data protection and privacy concerns in India. Section 43 A of the IT Act specifically addresses compensation for failures to protect data by corporate entities handling sensitive personal data. This provision imposes legal obligations on organizations to implement robust data protection measures and compensates individuals for privacy breaches.
3. LANDMARK SHIFT: PUTTASWAMY CASE
The watershed moment in
India's data privacy jurisprudence occurred with the landmark judgment of the
Supreme Court in K.S.
Puttaswamy v. Union of India in 2017. This judgment elevated privacy to the
status of a fundamental right, laying the foundation for comprehensive data
protection legislation in India.
In this case, the petitioner
challenged the legality of Aadhaar, a unique identification program that
assigns a 12-digit random number to Indian residents. Concerns were raised
about the program's potential for mass surveillance and the lack of robust data
protection safeguards.
While acknowledging the
petitioners' arguments, the court issued directions to the government to
implement safeguards to ensure its proportionate use. This included measures to
strengthen data protection and limit the scope of Aadhaar's usage to prevent
misuse and unauthorized access to personal data.
The judgment
not only affirmed the constitutional basis for the right to privacy but also
emphasized its critical importance in safeguarding individual autonomy and
dignity in an increasingly digitized society. By recognizing privacy as a
fundamental right, the Supreme Court acknowledged the need for robust legal
frameworks to protect personal data from unauthorized access, misuse, and
exploitation.
Also
read: Difference
Between Contract of Indemnity and Guarantee (Contract Law)
4. Enactment of
DPDP Act, 2023
Following
the landmark Puttaswamy judgement, the Indian government established the Sri
Krishna Committee in 2017 to recommend a framework for data protection. The
Committee's recommendations formed the basis for the Draft Personal Data
Protection Bill, introduced in 2018. After public consultations and revisions,
the Parliament of India finally passed the Digital Personal Data Protection Act
(DPDP Act) in 2023. This Act is a crucial step towards establishing a
comprehensive legal framework for data protection in India.
Rights and Duties of Individuals
Prescribed Under The Act
Under its sections 12-14, the DPDP Act grants individuals several key rights regarding their personal data, including:
1. Right to access information (Section 11).
2. Right to Correction and Erasure of Personal Data: (Section 12).
3. Right to Grievance Redressal: (Section 13).
4. Right to Nominate another individual who can exercise rights on one’s behalf in the event of death or incapacity. (Section 14).
Additionally, under its section 15, the Act also places obligations on organizations handling personal data, such as:
1. No impersonation while providing personal data.
2. No suppression of material information when submitting personal data for unique identifiers, documents, addresses, or identity proof.
3. No registration of false or frivolous complaints.
4. Providing authentic and verifiable information when exercising the right to correction or erasure.
5. Complying with all provisions of existing laws when exercising Data Principal rights.
Obligations of Data Fiduciary,
Section 8
The Data Fiduciary, according to Section 8 of the Act, must:
1. Handle personal data only with consent or for legitimate purposes.
2. Ensure accuracy and completeness of data.
3. Implement suitable measures to protect personal data.
4. Respond to data principal's communications promptly.
5. Notify authorities and affected persons in case of data breach.
Transfer of Personal Data outside
India:
Section 16 permits extraterritorial processing and transmission of Personal Data, except in such countries limited by Centre government through notice.
Critics of DPDP ACT, 2023
1. Limited Oversight of Data Collection by Large Tech Companies: Critics argues that the Act doesn't explicitly address how large technology companies collect and handle personal data of Indian citizens.
2. Exemptions for Government and Aadhaar Linking: This Act ignores the limitation as there is mandating linking of Aadhar card by the government in recent days has been done.
3. Broad Exemptions for Biometric Technologies: The Act allows exemptions for the use of facial recognition and other biometric technologies. Critics argue that these powerful technologies can pose significant privacy risks, and the broad exemptions weaken the Act's ability to safeguard individuals from potential misuse.
4. Lack of Clarity on Sensitive Personal Data Definition: The DPDP Act lacks a clear definition of "sensitive personal data." This vagueness creates challenges for both individuals and organizations in understanding what data falls under stronger protection measures.
SUGGESTIONS
Several suggestions can be considered to strengthen the DPDP Act:
1. Implement data privacy laws rigorously with strict penalties for violations.
2. Define sensitive personal data clearly.
3. Timely review and adopt and follow globally enacted data privacy regulations.
4. Specific regulations and oversight mechanisms should be established for how large tech companies collect, use, and transfer personal data of Indian citizens.
5. Exceptions for using biometric technologies like facial recognition should be carefully reviewed and narrowed down to minimize potential privacy risks.
You may like: Question:
Explain the Application of Doctrine of 'Relation Back' Under Hindu Law.
5. NEW
CRIMINAL LAW AND PRIVACY PROTECTION
The recent enactment of
the Bharatiya
Nyaya Sanhita (BNS), Bharatiya
Nagarik Suraksha Sanhita (BNSS), and Bharatiya
Sakshya Adhiniyam (BSA) has introduced significant changes
to India's criminal justice system. While these new laws aim to enhance public
safety and address emerging criminal threats, they also raise potential
concerns regarding privacy protection.
One major area of concern
is the advanced use of biometric facilities for keeping data of criminals,
along with provisions for the search and seizure of electronic devices. These
measures, while intended to strengthen law enforcement capabilities, may pose
risks to individual privacy rights. Additionally, there is a growing concern
about overreliance on electronic evidence, which may compromise privacy and due
process rights if not adequately regulated.
As India transitions to a
digital age, it becomes imperative to strike a balance between ensuring public
safety and protecting individual privacy rights. While the new criminal laws
offer opportunities for more effective crime prevention and investigation, it
is essential to implement safeguards to prevent privacy violations and abuse of
power by law enforcement agencies.
CONCLUSION
The
landscape of data protection and privacy in India has undergone significant
transformations in recent years, driven by landmark judicial decisions and
legislative enactments. The recognition of privacy as a fundamental right by
the Supreme Court in the Puttaswamy case laid the groundwork for the development
of comprehensive data protection legislation, culminating in the enactment of
the Digital Personal Data Protection Act in 2023.
This
legislative framework grants individuals important rights over their personal
data while imposing obligations on organizations to handle data responsibly.
However, challenges such as the implementation of these laws, the adequacy of
safeguards for sensitive data, and the evolving nature of technology underscore
the need for continued vigilance and adaptation in the realm of data privacy.
Looking
ahead, it is imperative for India to adopt a holistic approach to data
protection, one that combines legal frameworks with technological advancements
and societal awareness. By doing so, India can strive towards creating a digital
ecosystem that not only fosters innovation and economic growth but also
respects and safeguards the privacy rights of its citizens.
Confused
which books to purchase for various law subjects? We’ve a curated list for you:
for your Law School and Judicial services
exams.
Hello readers!
Hope you are all having a good time
here. We are trying our best to keep you updated with available paid internship
opportunities, our thoughtfully curated
question-answer series for aspirants of judiciary as well as other
competitive exams, the latest legal developments and much more like this.
But here's the thing: we can't do it
alone. We need YOUR support to expand our endeavors, to create incentive based
internship opportunities for our community members, to bring more eminent
scholars on the board, and foster fruitful collaborations.
Here's how you can contribute:
1. Become A Campus Leader At In Light Of Law: Gain Experience, Develop
Skills, and Make a Difference all by working just 20-30 minutes per week, Click Here to Know More.
2. Share Your Knowledge: Publish Your Work With Us - Help us grow by
sharing your insights and knowledge with our community. Click here to know more.
3. Financial Support: You can also support us with any amount you are
comfortable with. Click here to make a direct payment with your Installed UPI app or use UPI ID: 7297911597ss@paytm for manual transfers.
Every contribution toward a
goal is valuable, regardless of how small it may be. Thank You.
Note: the
content available on this site will remain always free.
0 Comments