THE CURIOUS CASE OF DATA PROTECTION IN INDIA
Author – Advocate Rahul Dhote and Associate Shristi Keshri
Data is an information that can be presented in raw and in unorganized pieces. It is an information stored and processed by a computer in the form of text documents, files, software programs, etc. In the today’s economy, data is of immense importance. With social, economic, corporate and governmental activities the flow of data is expanding fast. As all these data are stored in the computer can be created, processed, saved and transferred digitally with the help of an internet network connection or by using various other forms of media devices.
Therefore, online data protection is of paramount importance and must be protected.
Data Protection is a process of protecting and safeguarding such vital information from either misappropriation, misuse, corruption or loss or from unauthorized access. The significance of data protection is increasing as the amount of data created and processed is increasing. Subsequently, Data Protection Strategies are assuring and ensuring us that the lost data can be recovered and restored, if any misfortune or misappropriation happens with the impugned data.
Data protection must be applied to corporate as well as personal data. As far as, privacy of the data is concerned it must be only made available to the persons who are authorized or who to those who have access privilege to it, the confidentiality must be maintained and privacy must not be hampered.
The main objective of Data Protection is to prevent interruption into one’s privacy caused by illegally storing or collecting someone else’s personal informational data. Data Protection basically refers to a set of privacy and security related policies and procedures. As even the Constitution of India has recognized Right to Privacy as one of the Fundamental Rights. And when a certain rule or provision has got a legal backing, if infringed then legal consequences and aftermath will follow. Penalties must be levied if the person has failed to perform his duties or has failed to comply with the rules and procedures as prescribed.
Although there is no specific law as pertaining to Data Protection until now. However such issues is being dealt under the relevant laws prescribed under the Information Technology Act, 2000. The Information Technology Act deals with the violation of contractual terms and conditions concerning personal data, payment of compensation and punishment in case of wrongful disclosure and misappropriation of personal data.
Also, a notification is made by the Government regarding the privacy matters and non-disclosure of such data by the Ministry of Communications and Informational Technology which has enacted a set of rules and regulations in 2011 as Sensitive Personal Data or information which includes a person’s personal data such as –
Provided that, any other information that is either freely available or accessible under public domain under the Right to Information Act, 2005 or any other law at the time being enforced shall not be considered as Sensitive Personal Data.
However, this set of rules and policies was considered to be inadequate. After European Union’s General Data Protection Regulation (GDPR) which aims at protection of an individual’s personal data globally and preventing it from misuse and misappropriation. India’s has taken a step forward and has drafted a Indian Personal Data Protection Bill, a committee of experts which is headed by former Supreme Court Judge B.N. Srikrishna. The bill drafted provides for the Data Protection and to examine the issues regarding the data protection and recommendations to prevent misuse of data by unauthorized access.
The relationship between the data service providers and individuals must be a fiduciary relationship. It must be a consent based processing, i.e. consent must be taken in prior. And to prevent abuse of power by service providers, law must establish some basic obligations towards individuals, i.e.
The importance and need for the Data Protection Law –
The Data Protection Bill passed proposes Right to Privacy. The word data is treated as a subject matter of trust and not just as an individual’s property. NASSCOM along with Data Security Council of India (DSCI) has been advocating in India for some stringent data protection laws for quite some time now. The Digital Economy should aim to benefit the citizens and strengthen the security in the digital environment by providing them with information of digital technologies. The bill recommends to set up a mechanism to oversee the regulation process and deal with the risks associated with them.
Recently, Microsoft India launched free online courses to allow the relevant section of public who are concerned with such issues to understand the data compliance and other best practices concerning their privacy and security which help safeguard customer data.