What if data protection and privacy laws were not implemented in India?
INTRODUCTION?
Indian Jurisprudence on Right to Privacy?
The right to privacy is included in the scope of fundamental rights according to the judicial interpretation of those rights.?
The concept of privacy in Indian law dates back to the late 1800s, when local British courts affirmed a pardanashin woman's right to step outside on her balcony without worrying that someone would be watching her from her neighbourhood. Although the Indian Constitution does not expressly recognise the right to privacy, article 21 of that document states that "No?
person shall be deprived of his life or personal liberty except in accordance with the procedure established by law." Since the right to privacy was first recognised under that provision, the law has developed.?
Evolution of right to privacy?
1. MP Sharma and Ors vs Satish Chandra, District Magistrate, Delhi and Ors?
In this case, the Supreme Court for the first time considered the question of, whether the ‘right to privacy’ is a fundamental right or not. It was argued that the search and seizure warrant obtained under sections 94 and 96(1) of the code of criminal procedure violated the individual's right to privacy. The Supreme Court ruled that no constitutional clause is violated by the ability to search and seize property. According to a report, the state's legal right to search and seize property is mandated by the need to maintain social security. It was claimed that the constitution's authors did not specify or foresee the right to privacy as a basic right, analogous to the 4th amendment in the US.?
2. Kharak Singh v. State of Uttar Pradesh and Ors?
The issue posed in this case, which followed the M.P. Sharma case, was "whether the right to privacy was inclusive of Article 21." The question posed was whether Article 21 of the Indian Constitution was violated by a domiciliary visit for nighttime surveillance against the accused. The Supreme Court determined that such a visit violated Article 21. However, the majority of judges disagreed, believing that as Article 21 does not include any provisions for privacy, the right to private cannot be regarded as a fundamental right. They said that the right to privacy is not a guaranteed right and that such surveillance does not infringe article 19(1)(D).?
They said that the right to privacy is not a guaranteed right and that such surveillance does not infringe article 19(1)(D). As a result, Article 111 of the constitution's prohibition on violating fundamental rights does not apply to keeping an eye on the suspect's movements.
Although Hon. Mr. Justice Subbarao held the minority position that privacy is a crucial component of human liberty.?
3. Govind v. State of Madhya Pradesh?
The problem in this instance was comparable to that in the Kharak Singh case. The Hon'ble Supreme Court ruled that police laws did not respect an individual's right to personal freedom. The right to privacy is a fundamental right, but it should be taken into account and developed on a case-by-case basis.?
4. Maneka Gandhi v. Union of India?
In this instance, the Hon'ble Supreme Court interpreted Article 21 in a more general manner. In this case, the Right to Life was read broadly and differently, bringing the Right to Privacy into its purview.?
5. Justice K.S. Puttaswamy (Retd.) and Anr. v. Union of India and Ors?
The Hon'ble Supreme Court rendered a historic decision in this matter, concluding that the Indian Constitution's articles 14, 19, and 21 guarantee and/or codify the right to privacy. The Kharak Singh and M.P. Sharma ruling was overturned by this case.?
In this instance, the "Aadhar Card Scheme" was contested because it was collecting and exploiting citizens' biometric data for other purposes, which violated their right to privacy. The petitioner stated that Article 21 of the Indian Constitution should include the right to privacy because it is a basic right.?
In response, the respondents argued that the Constitution merely recognises personal liberty and that it has partially granted persons the right to privacy. The nine-judge Constitutional bench was established to get a unanimous decision on this matter. The Hon'ble Supreme Court ruled that the right to privacy is integral to the freedoms of life and the pursuit of happiness guaranteed by Article 21. It also falls under the category of rights protected by Part III of the Indian Constitution. The State's responsibility to safeguard its citizens' privacy was also asserted.?
As a result, the "Aadhar Card Scheme" was found to have violated the citizens' right to privacy. The Supreme Court's ruling gives people the right to file a lawsuit if their rights to data privacy are violated. Additionally, this decision has an impact on the guidelines established by Indian tech corporations.?
Existing data protection framework in India
Even while India is not a very technologically advanced nation, it has embraced the digital age, raising concerns about data protection. Data is the compilation of knowledge for a certain field or subject. And the day data gathering and possession began, the problem of data protection arose.?
As of right present, India does not have any explicit laws or regulations governing data protection. But certain laws and statutes contain provisions that address this issue, including the following:?
1) Constitution of India?
The Indian Constitution protects data privacy by recognising the right to privacy. The Honourable Supreme Court has ruled that Article 21's right to privacy is fundamental and protects personal information as a citizen's private property. Since the protection of the database is under the right to subsistence, it cannot be violated or removed except in accordance with the proper legal procedure.?
Additionally, the current legal system recognises that each individual has a right to own private property that is unrestricted and unafraid of being violated. Even the state is not permitted to deprive a citizen of this right without first following the due process of law. In light of this, Article 21 of the Fundamental Rights.?
领英推è
2) Indian Contract Act, 1872?
The Indian Contract Act provides the parties to have a clause in their contracts which protects the data like a confidentiality clause, etc. under Section 27.?
3) Indian Penal Code, 1860?
To stop data theft, the Indian penal code has been modified and put into effect. It successfully deters data theft. Theft, misappropriation of property, and criminal breach of trust are all considered offences under this code, and they all carry jail time and fines. Data theft is considered an offence under the Indian Penal Code, even though these offences only pertain to movable property because this Code has defined "movable property" to include corporeal property of "every description," with the exception of land and objects permanently anchored to the earth. Thus, the computer data or databases are protected under the IPC as they are movable in nature.?
4) Copyright Act?
Copying computer databases is copyright infringement, which is punishable by law under the Copyright Act, as amended, which recognises them as literary works. It safeguards the intellectual property rights of all works, including artistic, dramatic, and literary ones. The computer's database is likewise a part of the literary work. Therefore, copyright infringement
occurs when someone takes a specific database from a computer and shares or distributes it further. This can result in both civil and criminal penalties.?
As databases are a type of intellectual property, the act safeguards them. Although it can be challenging to distinguish between database protection and data protection under the Copyright Act. The primary goal of data protection is to safeguard an individual's private information, but the primary goal of database protection is to safeguard the work—creativity, investment of time, and presentation of a work—or databases.?
Additionally, many businesses and companies seek to protect their data under common law and contract law by including a confidentiality or data protection clause in their contracts themselves. This saves time and effort by allowing for the aforementioned remedies to be requested in the event of a breach.?
5) Personal Data Protection Bill, 2019 (“PDP Billâ€)?
In 2019, Mr. Ravi Shankar Prasad, Minister of Electronics and Information Technology, introduced this bill in the Rajya Sabha. This bill establishes a Data Protection Authority and sets laws expressly for the protection of personal data. Whether public or private, all Indian corporations are subject to this law.?
The measure also cites "sensitive personal data," which calls for stricter restrictions and more oversight. It requires data fiduciaries and processors to uphold specific criteria for data protection. There are also several exemptions in this law. The measure was very contentious from the start because it included a data localization policy requiring foreign businesses that collected personal information about Indian individuals to also keep or store a copy of that information in India.?
The 3rd of August 2022 This law was withdrawn, with the main justification being that it made it difficult for new businesses to comply.?
Many of the Bill's provisions, including those relating to data localization, hardware authenticity clauses, and other issues, according to sources, moved beyond data protection and into the territory of privacy.?
Need for revamping the data protection framework in India?
Due to the numerous gaps that must be closed, the current data protection rules urgently need to be updated. Which are:?
1. The Information Technology Act's clause only addresses the gathering and processing of data by "bodies corporate." Therefore, except from that, no additional data is protected.
2. Even though the data is sensitive, it is not protected as it is freely accessible in the public domain.?
3. Even though your personal information will stay private when your Aadhar is linked to it and will be shared with the Income Tax Department, the Income Tax Act does not contain any provisions for data protection.?
4. The Personal Data Protection Bill gives the Data Protection Authority unrestricted power, enabling the authority to enforce steps against a person such an arrest, detention, or any other required action, without the consent of the court.?
5. The PDPB bill makes no reference to a deadline or specific period of time for reporting a data breach. Additionally, a complaint may only be made after harm has been done, so this does not at all prevent data breaches. Additionally, even though the bill has not yet been passed, it may grant the government full access to civilian data.?
6. The measure provides that if the State so desires, the data may be processed even without consent. Predicting what the State could need is irrational and extremely unclear because anyone, even those acting on behalf of the State, has the ability to alter the data and exploit it for nefarious ends.?
7. In addition, there is no minimum age requirement in India for joining the social media sites that are most susceptible to data breaches.?
Conclusion?
Though India is working towards developing and creating laws for data protection and privacy, there are still some loopholes that need to be looked upon It will become very complicated without data protection and privacy laws.?
Hence, our Indian legislature needs to incorporate the merits of the “data protection and privacy laws†from around the world and take a step forward in the implementation and development of this new branch of law owing to the paramount importance it has in today’s times. There are various laws for data protection around the world, which could contribute to curb the issues related to data protection if adopted and implemented strictly in India.