What are the Data Protection Laws in India

Data Protection Laws in India

What are the Data Protection Laws in India?

Data Protection is a rising concern across the globe. Almost all countries are setting up laws that govern data protection is some form or the other. Data protection is basically enforcing certain laws and guidelines to minimize and avoid the violation of anyone’s privacy through the collection, storage, dissemination or wrongful usage of data. This usually refers to personal data which can be identified as the data pertaining to a person which is collected and/or stored by the government or a private agency.

The right to privacy is not identified as a fundamental right in the Constitution of India. However, recently the constitution bench of the Hon. Supreme court ruled that Right to privacy is a fundamental right, barring reasonable circumstances. This has opened the doors for a whole new discussion over privacy in the digital era. India does not currently have legislation which addresses data protection explicitly. However, there are laws which address these issues individually. Also, the government is working on a codified law to be introduced ondata protection, similar to the GDPR of the EU.

Data Protection in India

The Information Technology Act of 2000 addresses issues pertaining to payment and compensation over the digital platforms. It also addresses the misuse of personal data by any individual or entity. According to the law, if anybody is dealing with sensitive information or data, and they are negligent in their security measures in any respect, they are liable to pay damages to the aggrieved party. The following provisions are in place in India which pertains todata protectionin various forms-

The Information Technology Act, 2000

The IT Act is an act which provides a legal framework for every transaction carried out via the electronic means and it is recognized by the government of India as a crucial part of the constitution. It covers all aspects of electronic commerce which replace the communication and the transactions which are usually undertaken through paper-based systems. This includes online payments, online form fillings, digital communication channels, and electronic filing of documents.

Government Interference with Data

Due to the Supreme Court identifying the right to privacy as one of the fundamental rights, even the government cannot violate the privacy of a person under normal circumstances. But there are certain situations in which the government can interfere with the data. So what are these grounds specifically?

According to the section 69 of the IT Act, if any person representing the government and authorized by the government, is satisfied that the interference of data is in the interest of the sovereignty and integrity of the nation, security of the defense, public order, international relations, preventing any cognizable offense, or for investigation of any offence, can direct the orders for interference with the Data. This section also deals with the viewing and blocking of websites in the country. The government has recently blocked various objectionable websites under the IT Act, 2000.

Penalty for breach of confidentiality

According to section 72 of the IT Act, 2000, a penalty is imposed for breaching the privacy or confidentiality of a person or entity. Any person who solicits electronic data or information of any kind without the explicit permission of the owner of the data, and reproduces, shares or publishes this data is liable to a penalty under the IT Act. The punishment can be imprisonment up to 2 years or a penalty of INR 1,00,000 or both in certain cases. It is, therefore, a crucial act in terms of the right to privacy and confidentiality.

The Information Technology Amendment Act, 2008

In 2008, several clauses were inserted and amended in the IT Act to make it more relevant to the times. It covers various aspects such as the freedom of expression through electronic means and the barring of certain websites for objectionable content. Some of the other amendments to the act are listed as below-

  • Section 43A
  • Section 66
  • Section 66A
  • Section 66B
  • Section 66C
  • Section 66D
  • Section 66E
  • Section 66F
  • Section 67
  • Section 67A
  • Section 67B
  • Section 67C
  • Section 69
  • Section 69A
  • Section 69B
  • Section 72A
  • Section 79
  • Section 84A
  • Section 84B
  • Section 84C

The above amendments range from cyber terrorism to Intermediary Liability and Encryption. It also covers privacy, surveillance, identity theft and various other pointers that specifically ensure that data is not violated or misused without consent and that security protocols are undertaken in order to ensure that personal data is protected at all costs.