The Story

Data Protection applies here to range of privacy rules, regulations and practices aimed at mitigating privacy infringement induced by sensitive personal data, preservation and distribution. Personal data refers specifically to data and information regarding an individual identifiable through this information or data whether obtained through government or private entity or an individual. The right to privacy is a principle of a multidimensional. The right to privacy has been recognized in contemporary world in the eye of the law as well as in common language.

India is also heavily influenced by the digital/technological revolution. Recognizing its significance, and that it promises to bring large disruptions in almost all sectors of society, the Government of India has envisaged and implemented the “Digital India” initiative. While the transition to a digital economy is ongoing, the collection of personal data has also become widespread. The irony of today's digital world is that virtually every single operation an person undertakes encompasses some sort of data transaction, or the other. Although data is being used for full potential, the uncontrolled and arbitrary use of data, especially personal data, has raised concerns about an individual's privacy and autonomy. This was in fact the subject of the Supreme Court’s landmark decision, which acknowledged as a fundamental right the right to privacy.

Article 21 of the Constitution of India grants all persons the right to life. The expression “life” assured under Article 21 does not connote mere animal existence  it holds a much wider meaning which includes right to be free from restrictions and encroachments. Similarly, in another case, it was held that the right to life also under Article 21 meant the right to live with dignity and free from exploitation.  Thus this article protects the right to privacy and promotes the dignity of the individual. Data Protection under Indian law is termed as personal information. Under the Rules, personal information was described as ‘any information relating to a natural person that is capable of identifying such a individual, either directly or indirectly, in combination with other information available or likely to be available to a corporate body.’ Personal information could be in the form of personal interests, habits and activities, family records, educational records, communications (including mail and telephone) records, medical records and financial records, to name a few.  The presence of computerized data about him / her which is inaccurate or deceptive and could even be transmitted to an unauthorized third party at high speed at very low cost could easily damage a person. The rise in the use of personal data includes various advantages but it may also cause problems.

Article 19(1)(a) of the Constitution of India provides the right to freedom of speech and expression which implies that a person is free to express his or her will on certain issues. As per Article 21 of the Constitution of India  as the concept of privacy overlap with that of liberty. Right to Privacy is an integral part of Right to life and Personal Liberty,  and it can be curtailed only in accordance with the “Procedure established by Law”, as provided under Art. 21 of the Constitution of India.  The SC in Maneka Gandhi’s case has laid down a triple test for any law to be considered to being in accordance with the ‘Procedure established by law’: (1) The law must prescribe a procedure (2) the procedure must satisfy the requirements of Arts. 14 and 19 (3) And, it should be just, fair and reasonable. The Supreme Court in the landmark judgement of K.S. Puttaswamy v. Union of India  has adjudged that Right to Privacy is a facet of the Right to life. Although there is no separate provision made in our Constitution for the protection of privacy of an individual, thus it can be said that right to Privacy is the basic in alienable right of an individual  concomitant of his right to exercise control over his personality and is essential for his development as a human being. The liberty of a person is fundamental and privately preserved and must be safeguarded from unnecessary interference.  The right to privacy or the right to be let alone is an intrinsic part of the Right to life and personal liberty under Art. 21  and hence has been accorded the status of a basic fundamental right.  Also the Apex Court has also reiterated earlier in the case of Maneka Gandhi v. Union of India and Anr where it was held that the expression “personal liberty” in Article. 21 could be read in its broadest spectrum and covered a variety of rights which went in constituting the personal liberty of man and some of which have been raised to the status of distinct fundamental rights. As such, the relevance of the right to privacy as a fundamental right can be seen in this Article 21 of the Constitution of India.

Privacy and data protection Privacy and data security ensure that personal information should not be made accessible automatically to other individuals and organizations. That individual must be in a position to exercise comprehensive control over the data and its use. Data security is a legal safeguard to avoid abuse of individual person information on a medium like computer. Implementing administrative, technical, or spatial disincentives. Secure Personal Information. Privacy is inextricably connected to data security. The basic premises of data protection and privacy outlined under The Information Technology Act, 2000  data defining, civil and criminal liability in the event of data security violations and confidentiality and privacy breaches.

The Information Technology Act , which came into effect in 2000, is the only legislation to date that addresses key data privacy issues, but not every issue. Nonetheless, the Information Technology Act, 2000 passed by the Indian Parliament, is the first statute to include data protection provisions. Under section 43A of the (Indian) Information Technology Act, 2000, a corporate entity that owns, distributes or handles any confidential personal data or information and is deficient in enforcing and maintaining fair security practices resulting in unfair loss or benefit to any individual, that corporate body may then be held accountable for paying damages to the individual concerned. It is worth mentioning that in certain cases, there is no maximum ceiling defined for the compensation which can be sought by the party concerned.

In July, 2017, Government of India though its Ministry of Electronics and Information Technology, formed a committee, to examine and propose changes to the data protection laws in India (which are presently not as advanced and extensive as compared to European countries.)

 The committee introduced Personal Data Protection Bill, 2018 (2018 Bill). Thereafter, various stakeholders gave several suggestions and the committee then introduced Personal Data Protection Bill, 2019 (2019 Bill) in the Indian House of People ( Lok Sabha) on 11.12.2019. The Bill presently has been referred to a joint parliamentary committee for approval.

Indian Constitution recognizes the right to privacy, but its expansion is left entirely at the mercy of the judiciary. In today's connected world, preventing information from escaping into the public domain is very difficult if some people are determined to put it out without using methods of extreme repression. Data security and privacy is discussed in the Information Technology Act , 2000 but not in an exhaustive way. The IT Act needs to set specific standards concerning the methods and purpose of reintegrating the right to privacy and personal data. Thus I can draw the conclusion that the IT Act addresses the issue regarding data protection and also that separate legislation is much required for data protection which strikes a viable emphasis on personal liberties and privacy.