The Evolution of Privacy Laws in India

Leave a Comment / Legal Articles / By

Published On: 19th August, 2023

Authored By: Jyoti Tripathi
Career College of Law, Bhopal
Linkedin

INTRODUCTION

 Privacy and secrecy are two very relevant words that we come across but the meanings of these two are very different. The context and use of these words in today’s technical World make it essential not only to define these words but also to specify the meaning to protect individualistic rights along with confidentiality and security. Thus there is a need for a law that has a balanced approach towards the welfare of people along with social justice in society.

 Law becomes more effective when it starts to focus on every dimension of society. The foundation of any law is based on the essence of the requirements of society, what it needs, and how it impacts the various people in society. Today’s law or legal prism has shifted its dimension towards ensuring justice not only to society collectively but also at the individual level. The Article 21 of part 3 of the constitution has provided a very broad and wide dimension towards ensuring personal liberty and freedom to the citizens.

Thus, there came the concept of privacy law in India through various precedents and legislative action with the rise of technology and the advanced data world. The digital inclusion of people under Article 21 as the right to access to internet along with advanced global development and the emergence of new threads brought some new issues that restrict the rights of individuals along make them vulnerable to data thefts and digital crimes. When it comes to protecting the dignity of an individual and promoting the growth of society, and economic boost there is a need to respect the right that individual holds for themselves. The ambit of Article 21 is ever-expanding due to the agreement over the years among Supreme Court judges as a result of which a plethora of rights has been included.[1]

EMERGENCE OF PRIVACY LAW

The evidence of privacy could be traced back to European society, On 28 January 1981, a treaty related to the protection of individuals about automatic processing of personal data was signed at the Council of Europe convention. In 2016 the EU adopted the General Data Protection Regulation[2].

  1. In India the idea can be traced to an amendment to the IT ACT,2000 as section 43A which states[3] ” compensation for failure to protect data” and since its introduction, It has intensified the argument over how far the act extends to cover it. It is divided into two parts:

       A body corporate negligently fails to implement and maintain reasonable security practices and procedures while handling sensitive personal data on a computer resource that it owns, controls, and operates, and

       As a result, causes a wrongful loss/wrongful gain to any person.

It may be prescribed by the central government what is sensitive personal data and information.

  1.   SPDI RULES, 2011 Central government introduced Information Technology ( Reasonable Security Practices and Procedures and Sensitive Person Data or Information provides information about any individual related to

       Password;

       Financial information

       Physical, physiological, and mental health conditions;

       Sexual orientation;

       Medical records and history

       Biometric information;

       Exception that no information is freely accessible or available in the public domain, provided under the RTI Act, 2005, or disclosed under any law currently in effect.

There is a conflict between transparency and confidential information. The dilemma of today’s legal world lies in the balance between transparency, information, and inclusion in terms of knowledge needed in the current technology world to protect individual rights related to confidential personal information. Judiciary and legislature both have to balance between individual rights and collective rights on one hand and ensure inclusive growth, especially during a changing technical World.[4]

Data protection laws and regulations are present in many different industries, along with appropriate remedies and safeguards. The fragmentation in the set of regulations and changing trends in technology have exposed the world to concerns related to privacy.

When we speak of rights, it is not possible to neglect dignity. Justice for Hedgehogs entails two requirements:

       Self-respect

       Taking rights seriously

Life seriously represents the free will of a person, their capacity to think for themselves and control their own life. The moral duty we owe to others. Living well is a continuous process that is not a Static condition of character but a mode that an individual constantly endeavors to imbibe.

The basic principles of dignity and freedom of individuals are attributed to natural law which becomes the rights of all individuals in a constitutional democracy. Dignity is a central normative as well as constitutional value. In society at large human dignity is based on various other factors and protected under fundamental rights.

 Autonomy is an ethical element of human dignity. It is the foundation of the free will of individuals which entitles them to pursue the idea of free, living a good life. As for legal implications, it underlines a set of fundamental rights associated with democratic constitutionalism.

CASE LAWS:

       M.P. SHARMA V. SATISH CHANDRA ( 1954 AIR 300, 1954 SCR 1077):

It was an eight-judge bench, the power of search and seizure is an overriding state authority for the protection of social justice and power is necessarily regulated by law in any system of jurisprudence. We have no justification to convert it to completely different fundamental rights. Firmly decided it is not a basic right.

       GOBIND V. STATE OF M.P. ( AIR 1975 SC 1378,1975 SCC 148):

According to the three judge’s bench, it was held that the right to privacy is not absolute, it is not necessary that surveillance by domiciliary visits would always be an unreasonable restriction on the right to privacy. Legislature imposing reasonable restrictions upon it for the compelling interest of the state must be upheld as legal since the right to privacy of movement cannot be absolute.

       STATE OF M.H. V. BHARAT SHANTI LAL SHAH ( AIR 2008, 13 SCC 5 2008 (12) SCALE 167):

Three judges panel in the present case found that rights can be limited according to legal sound procedures. The court must therefore ensure the process is fair, just, and reasonable and is not arbitrary, whimsical, or oppressive.

       SC ADVOCATE ON RECORD V. UOI ( AIR 2016, 5 SCC1,2SCC LS 253):

The five-judge bench stated the balance between transparency and confidentiality is very delicate and if sensitive information is made public it impacts the dignity and reputation of a person.

       PUTTASWAMY CASE ( AIR 2017, SC 4161):

It was held that privacy concerns in the day and age of Technology can arise from both the state as well as non-state entities and as such a claim of violation of privacy lies against both of them. The court also held that information privacy in the age of the internet is not an absolute right and when an individual exercises the right to control data may lead to the violation of privacy to a considerable extent. Several rights have been included as a result of the Supreme Court judges’ agreement over the years, which was also stipulated. Article 21’s scope is constantly expanding.

The judgment is a landmark judgment pronounced by 9 judges of the Supreme Court on August 24, 2017, upholding the foundation of fundamental rights to privacy and an inherent integral part of the Constitution.

CURRENT LAWS AND PROVISIONS

1. The concept originated in India after the revision of the IT Act, 2000 as Section 43A, which states “compensation for failure to protect data,” and since its adoption, it has spurred discussion regarding the act’s reach.

It is divided into two parts:

       A body corporate negligently fails to implement and maintain reasonable security practices and procedures while handling sensitive personal data on a computer resource that it owns, controls, and operates, and

       As a result, causes a wrongful loss/wrongful gain to any person.

  It may be prescribed by the central government what is sensitive personal data and information. 

2. SPDI RULES, 2011: Central government introduced Information Technology (Reasonable Security Practices and Procedures and Sensitive Person Data or Information provides information about any individual related to

       Password;

       Financial information

       Physical, physiological, and mental health conditions;

       Sexual orientation;

       Medical records and history

       Biometric information;

       Exception that no information is freely accessible or available in the public domain, provided under the RTI Act, 2005, or disclosed under any law currently in effect.

3.   Information Technology (intermediary standards and norms for the digital media ethics code) 2021: Requires social media platforms to use greater caution about the material on their platforms.

4.   Digital Personal Data Protection Act 2022:

 This applies to the processing of digital employee data in India, whether the data was digitalized after being collected offline or online. It might also apply to searches conducted outside of India if they are used to profile Indian citizens or to provide products or services.

Personal data may be processed only for lawful purposes for which an individual has given consent. In some situations, consent might be regarded as given. Data will be obligated to maintain the accuracy of data, keep it secure, and delete data once its purpose has been met. Data is defined as any person who alone or in conjunction with another person determines the purpose and means of processing personal data.

The Indian federal government is set to create the Data Protection Board of India, responsible for assessing violations of the legislation’s terms. The new digital India envisages acting as a catalyst for the Indian economy by enabling more innovations and protection for the citizens.

CHALLENGES 

       Insufficient awareness as the limited understanding among individuals and organizations regarding the significance of data protection and potential risks linked to data breaches.

       Legal framework today concerns data protection in India and lacks robust mechanisms for enforcing compliance.

       A significant hurdle to implementing and enforcing data protection is the absence of standard practice among organizations. There is a lack of uniformity in data protection protocol.

       The current data protection framework in India fails to offer significant safeguards for sensitive data such as health and biometrics.

 Implementing any law depends upon the effective discharge of duties, providers, and the government. Maintaining equilibrium among data and information’s confidentiality, integrity, and accessibility is equally crucial.

 CONCLUSION

The protection of individual rights along with confidentiality and transparency in various parts of the globe now emerges a different concept related to privacy and security. It is shaping the world collectively and enhancing people equally but being part of a society every human has different needs and requirements regarding Privacy. The state accordingly gives laws as per the requirement of individuals and provides a layer of security between the web of technology and the prevention of dignity.  Autonomy is a special thing that a person enjoys freely in a free democratic secular country and is free to live their life peacefully.

The person has a right both against the state and the person. They are provided to keep their secrets and the right to protect their interests. We are the only one who truly knows what our privacy is and what definition lies within us.

REFERENCE:

       Britannica dictionary: Terms related to privacy and secrecy.

       Supreme court judgments and citations, PUTTASWAMY CASE ( AIR 2017,10 SCC1, SC 4161), Maneka Gandhi case(AIR1978, SC597)

       Abhinav Chandrachud, THE SUBSTANTIVE RIGHT TO PRIVACY: Tracing the doctrinal shadow of the Indian constitution,2006

       D. D. Basu constitution of India, 2nd edition, LexisNexis

       M. P. Jain Administrative law

       Indian Express article on digital securityhttps://indianexpress.com/article/explained/explained-economics/data-protection-bill-approved-by-cabinet-content-concerns-8780035/

       Legal journal https://www.aironline.in/homePageSearchResultPost.html

       Rajya Sabha debate on ethics in data security and protection https://youtu.be/UFp3wYV1-3M


[1] PUTTASWAMY CASE ( AIR 2017,10 SCC1,SC 4161)

[2] Brief history of information privacy law, section 1:3.1(A),PLI 2006, DANIEL J.SOLOVE

[3] Ministry of law, justice and company affairs ( legislative department), 9 June 2000, chapter 11,sect 72

[4] Maneka Gandhi V. Union of India ( AIR 1978, SC 597)

 

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Subscribe
Subscribe
Scroll to Top