HomeLaw ,Cyber law & JusticeDATA PROTECTIN LAWS IN INDIA


Data Protection refers to the set of privacy laws, policies and procedures that aim to minimize intrusion into one’s privacy caused by the collection, storage and dissemination of personal data. Personal data generally refers to the information or data which relate to a person who can be identified from that information or data whether collected by any Government or any private organization or an agency. The Constitution of India does not patently grant the fundamental right to privacy. However, the Courts have read the right to privacy into the other existing fundamental rights, i.e., freedom of speech and expression under Article 19(1) (a) and right to life and personal liberty under Article 21 of the Constitution of India. However, these Fundamental Rights under the Constitution of India are subject to reasonable restrictions given under Article 19(2) of the Constitution that may be imposed by the State. India presently does not have any express legislation governing data protection or privacy. However, the relevant laws in India dealing with data protection are the Information Technology Act, 2000 and the (Indian) Contract Act, 1872. A codified law on the subject of data protection is likely to be introduced in India in the near future.
The (Indian) Information Technology Act, 2000 deals with the issues relating to payment of compensation (Civil) and punishment (Criminal) in case of wrongful disclosure and misuse of personal data and violation of contractual terms in respect of personal data.
Under Section 43A of the (Indian) Information Technology Act, 2000, a body corporate who is possessing, dealing or handling any sensitive personal data or information, and is negligent in implementing and maintaining reasonable security practices resulting in wrongful loss or wrongful gain to any person, then such body corporate may be held liable to pay damages to the person so affected. It is important to note that there is no upper limit specified for the compensation that can be claimed by the affected party in such circumstances.
Under Section 72A of the (Indian) Information Technology Act, 2000, disclosure of information, knowingly and intentionally, without the consent of the person concerned and in breach of the lawful contract has been also made punishable with imprisonment for a term extending to three years and fine extending to INR 5,00,000 (Approx. US$ 10750). As of now, the issue of data protection is generally governed by the contractual relationship between the parties, and the parties are free to enter into contracts to determine their relationship defining the terms personal data, personal sensitive data, data which may not be transferred out of or to India and mode of handling of the same.
It is to be noted that section 69 of the Act, which is an exception to the general rule of maintenance of privacy and secrecy of the information, provides that where the Government is satisfied that it is necessary in the interest of:
• the sovereignty or integrity of India,
• defence of India,
• security of the State,
• friendly relations with foreign States or
• public order or
• for preventing incitement to the commission of any cognizable offence relating to above or
• for investigation of any offence,
it may by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource. This section empowers the Government to intercept, monitor or decrypt any information including information of personal nature in any computer resource.
Where the information is such that it ought to be divulged in public interest, the Government may require disclosure of such information. Information relating to anti-national activities which are against national security, breaches of the law or statutory duty or fraud may come under this category
For sustaining and encouraging the BPO boom, India needs to have a legal framework that meets with the expectations, both legal and of a public nature, as prevail in the jurisdictions from which data is being shipped to India. In practical terms the biggest hurdle is for India to have its framework of domestic data protection laws officially adjudged and publicly perceived as “adequate”. The EU officially declares and lists ‘adequate’ countries in terms of its 1995 Data Protection Directive. Only a handful of countries like Argentina, Canada, Australia and Switzerland, have so far made it to this “white list.” If India were also to make it to this list by enacting a suitable legislation, industries within the EU Member states would be able to export data to India without having to follow otherwise compulsory difficult and cumbersome procedures.
India rather than limit itself to being a supplier of services to corporate America and Europe, India sees itself as the place where such corporations can establish themselves. Thus by creating a good data protection law India could extend well beyond being a mere supplier of services to the world’s multi-national corporations. In effect, it wants to establish corporate India.

- Advertisment -

Most Popular