Introduction:
We live in a time where everything is either on the internet or is in the process of being uploaded on the internet, be it our identity proof, our documents, even our money is on the internet. But the question is whether this data is safe or not. We have our right to privacy with us but that doesn’t mean that other people won’t try to infringe it. The topic of data safety comes into our mind when we browse on the internet. Many cyber-crimes are happening every-day. Some companies steal our data to know what kind of things we browse, what kind of things we like, and using that data, they make advertisements that would interest us. Many political parties also steal our data to know what we like and by doing that, they make a manifesto or a political campaign that would attract our attention and make us vote for them. This is why many countries have made data privacy laws so that we can browse our data and store our data on our devices without being worried about the safety of our data.
Indian Laws
In India, there is no specific act for Data protection, rather India has its Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules (Privacy Rules 2011) which has provisions for data protection and privacy to safeguard personal information and data of the public and other data privacy necessities.
Some of the main laws in the Information Technology Act are Section 43 and Section 72A of the IT act is for data protection and they are explained below:
Section 43 of the Information Technology Act, 2000 states that if a corporate firm or organization holds the authority of sensitive information and data of people and is negligent in handling necessary security practices for that data which results into the wrongful loss or wrongful profit of a person would be liable to pay compensation to the aggrieved person.
Section 72A of the IT Act, 2000 states that if there is any leak of personal data, intentionally by an organization or a firm without the consent of the aggrieved person, it would be liable for a fine extending to 5,00,000 and arrested for a term extending to three years
Other than that, there is a bill proposed in the Indian Parliament by the Ministry of Electronics and Information Technology on 11 December 2019 Which is exclusively for data protection, namely Personal Data Protection Bill, 2019. As of March 2020, the Bill is being analyzed by a Joint Parliamentary Committee (JPC) in consultation with experts and stakeholders. Personal Data Protection Bill, 2019 proposes to establish a Data Protection Authority of India which will be responsible for preventing misuse of personal data and ensuring compliance with the new law. It also proposes that significant data fiduciaries will have to register with this authority.
European Union Laws
General Data Protection Regulation is the most important legislation for data protection in the European Union. This regulation governs the organizations and individuals in all the member states of the European Union but it also applies to organizations from outside the union who supply or cater to the European Union.
One of the most important features of this regulation is that the organizations don’t only have to make sure that the data gathered is legally secure, they also have to make sure that the data they have is not to be misused or exploited by them, if they do not follow this, they will have to pay penalties for that.
GDPR also requires organizations to notify the consumers when their data has been breached or hacked. Consumers have the right to information in this. They also have to inform the organizations that govern them so that they can ensure EU citizens can take steps to make sure that they don’t let their data be misused. The organizations also have to tell consumers how they are using their data.
And coming to its most important feature is that the regulation gives the consumers the right to be forgotten so that they can ask to delete their personal data, if they don’t have grounds to keep it.
United State Laws
The United States, like India, doesn’t have a specific or individual act for data protection, rather they have many different kinds of laws related to data protection in different acts.
The federal trade commission act empowers the FTC to protect customers against malpractices and unfair practices but also to enforce federal privacy and data protection regulations. Other than this, there is no general legislation about data protection but there are sectoral data protection laws. Some of them Driver’s Privacy Protection Act of 199 (DPPA) which makes sure that the data collected by the state departments of motor vehicles like photographs, Social Security Number, Name, Address, etc. is private and not used for unfair means, and there is Children’s Online Privacy Protection Act (COPPA) which restricts the collection of data or information from a child under the age of 13 online and requires the consent of parents if the data is to be collected. Just like the above mentioned, there are many more sectoral laws in the United States
The federal government and state governments have passed laws that criminalize recording communications without obtaining consent from one or all of the parties, depending on the statute.
Lawmakers in the country have proposed legislation to change the current scenario of data privacy and how organizations handle consumer information. One of the most important proposals is The Right to Know Act which means that if passed, every organization would have to provide the information gathered by them to the users when the user’s request for it.
Californian Consumer Privacy Act (CCPA), does come close to addressing consumer data privacy at least for California residents CCPA and gives consumers the right to access, the right to delete, and the right to opt-out of processing at any time.
Comparison in Data Privacy Laws between the US, European Union and India
USA and India both don’t have a specific law for data privacy whereas the European Union has a law specifically for data privacy which is GDPR. GDPR is the toughest privacy law in the world which can be used as the basis for privacy laws in different countries. USA has different sectoral laws which include data privacy while California Consumer Private Act (CCPA) is a law specifically for Consumer Privacy which has provisions for consumers’ data privacy but it is only for California. There have been proposals for laws by lawmakers which would help consumers safeguard their online information. India also doesn’t have a specific law for data privacy, some provisions of data privacy are included in the Information Technology Act. Although, there is a law proposed in the Indian parliament solely for Data privacy, called Personal Data Protection Bill which might resolve the problems of Data Privacy in India.
As there is no Data privacy law specific for the US, there can be no comparison with it as of now, but there can be a comparison between India’s proposed bill PDPB and European Union’s Law GDPR. Some of the comparisons are:
- PDP Bill states that the government has access to non-personal data for specific purposes, whereas GDPR doesn’t give access to the government for this kind of data.
- In the GDPR, all breaches of data are to be reported to the supervising authority, except the breach might not be damaging to individuals. In PDP Bill breaches are to be notified only if they might be harming the owner of the data, but only when the Data Protection Authority allows the data collecting authority to do so which is not the case with GDPR.
- When a grievance arises, the PDP bill gives a deadline of 30 days to the victims to address the grievance to the concerned authorities, but GDPR has no period for this, one can address their issue anytime.
- PDP states, in a grievance, anyone can file an appeal for the issue, while GDPR states that only the data principal can file an appeal.
Landmark Case Law: Justice. K.S. Puttaswamy v. Union of India
Facts
A nine-judge bench of the Supreme Court sat on August 24, 2017, which held that the Right to Privacy is a fundamental right for all citizens. They also talked about the need for data privacy in this time of evolving digitalization.
Issue
Nine- bench judges also talked about how humans are intertwined with technology and the right to privacy just doesn’t specify this interconnection and data privacy. Constant sharing valuable data that can be used maliciously is a concern
Justice Chandrachud states that “the dangers of privacy in an age of information can originate not only from the state but from non-state actors as well”, which suggested the state must make a data protection regulation for individuals and state’s interest. Justice Kaul agreeing with the fact observed “Social network providers, search engines, email service providers, messaging applications are all further examples of non-state actors that have extensive knowledge of our movements, financial transactions, conversations – both personal and professional – health, mental state, interest, travel locations, fares and shopping habits. He also was worried about Chandrachud’s concern.
Justice Chandrachud thought that while there is a data protection regulation, the regulation must contain a special role to consent, which is currently prevalent in European Union, so that the individual can decide what to share and what not to share with state actors and non-state actors. There were also discussions on the right to be forgotten and anonymity.
Conclusion
Because of the above judgments, the groundwork for data protection was made as it was the basis for privacy in India. A commission was made by the Ministry of Electronics and Information Technology so that the issues related to data protection are. The commission submitted the draft Personal Data Protection Bill, 2018in July 2018. After further discussions, the Bill was approved by the cabinet minister of India on 4 December 2019 as the PersonalData Protection Bill 2019 and tabled in the Lok Sabha on 11 December 2019. It is yet to be passed.
0 Comments