DATA PRIVACY REGIME IN INDIA- RIGHT TO PRIVACY
The rapid growth of information technology and Internet has a
transformative effect on society as it has completely changed the
communication patterns. With the advancement of technology, privacy and
personal data laws are constantly under threat in cyberspace because the
scope of privacy has been untouched and to provide complete protection to
information it is necessary cover it. In 2017 Supreme Court of India issued
a major decision defining the right to privacy as a fundamental right under
the framework of our Constitution. Article 21 safeguards the right to
privacy and promotes individual dignity. In India there is no separate and
comprehensive privacy law. Data protection consists of a technical framework
of security measures meant to ensure that data is handled in a way that
protects them from malicious uses. The Information Technology Act, which
went into effect in 2000, is the only Act to date that, while not entirely
comprehensive, addresses the major issues relating to data
protection.
There is
conflict between right to privacy and data protection. These competing
interests in information should be the main goal of data protection.
Furthermore, the privacy rights of people and organizations should be
maintained so that their data is not misused.
In 2017
Supreme Court of India delivered a landmark judgment defining the right to
privacy as a fundamental right under the framework of our Constitution.
Article 21 safeguards the right to privacy and promotes individual dignity.
In India, there is no separate and comprehensive privacy law.
NEW
DATA PROTECTION BILL, 2022
In India, a
protection law is currently in its fourth iteration. The Personal Data
Protection Bill, 2018, is the first version of the bill. The Personal Data
Protection Bill, 2019 was introduced by the government after amendments were
made to the draft. The bill is intended to lay out the procedures and
guidelines for data collecting for businesses as well as the rights and
obligations of citizens. This updated bill on personal data protection
proposes a significant rise in penalties up to 500 crore and also relaxed
regulations on cross-border data transfers. This amended draft is known as
Digital Personal Data Protection Bill, 2022. The main issues include
decreased integrity of the proposed Data Protection Board and broad
exemptions granted to the Centre and its agencies with minimal to no
protections. The fact that the new Bill comprises only 30 provisions as
opposed to the more than 90 in the previous one is also noteworthy,
primarily because many practical details have been assigned to later
regulation. The Data Protection Board is currently a central
government-established board, whereas the Data Protection Entity was
previously intended to be a statutory authority (under the 2019
Bill).
The bill is
based on seven principles -
• Organizations must use personal data in
a way that is legal, fair to the individuals involved, and transparent to
individuals.
• Personal data must be used for the
purpose for which it is collected.
• Processing of personal data must be
sufficient, pertinent, and restricted to what is required in light of the
objectives for which it is being done.
• Personal information must be accurate,
maintained up to date, all reasonable measures must be made to ensure that
inaccurate personal information is immediately deleted or corrected.
• Data collected can not be stored
perpetually by default, and storage should be limited to a fixed
duration.
• There should be reasonable safeguards to
ensure there is no unauthorised collection or processing of personal
data.
• A person should be held accountable for
whatever purpose and methods are used to process personal data.
Two crucial
rights for data principals are absent from the Data Protection Bill 2022.
The first is the right of data portability. The right to data
portability provided data subjects access to all of their personal
information that they had given the data fiduciary as well as any
information that was created about them as a result of processing it for the
performance of the data fiduciary's services. This increased consumer
welfare by empowering data principals to select from a variety of platforms
and promoting competition among data fiduciaries.
CONCLUSION
Private data
protection is not specifically governed by any laws or provisions in India.
The Supreme Court has, however, recognized that the idea of privacy will
change and advance throughout time. Further, Digital Personal Data
Protection Bill, 2022 which have been recently framed are a step in the
right direction but its implementation is still not clear and thus they
remain obscure. However they provide adequate safeguards with respect to
sensitive personal data or information which has paved the way for a
stronger data privacy regime. Although a person can remain somewhat
anonymous online, every time they access the internet, they always leave
behind traces of their digital footprints. If users are to respect and value
privacy as much as possible, they must also recognise the need for
self-control and responsibility in their online behaviour. However, hackers
who are skilled at misusing data that is kept or sent in cyberspace are
constantly attacking the online world. Every website must also contain a
privacy statement that makes it clear what information is being gathered,
how it might be used by the organization, and how it will not be abused in
any way, whether for profit or otherwise. To address valid concerns, a
comprehensive legal framework addressing privacy both generally as well as
online is necessary.
Written
by:
Ms.
Kashish Shah
(Intern)
M/s
Aura & Co.
Date:
28.12.2022