India has followed the EU’s General Data Protection Regulation (GDPR) in allowing global digital companies to conduct business under certain conditions, instead of following the isolationist framework of Chinese regulation that prevents global players like Facebook and Google from operating within its borders.

India does not have a stand-alone personal data protection law to protect personal data and information shared or received in a verbal or written or electronic form. Though, protections are available, they are contained in a mix of statutes, rules and guidelines. The most prominent provisions are contained in the Information Technology Act, 2000 (as amended by the Information Technology Amendment Act, 2008) read with the Information Technology [Reasonable Security Practices And Procedures And Sensitive Personal Data Or Information] Rules, 2011 (SPDI Rules). It is the primary law in India dealing with cybercrime and electronic commerce. SPDI Rules, as the name suggests, only cover data and information which is exchanged in an electronic form and not those received through non-electronic communication form.

When this IT Act, 2000 came into force on October 17, 2000, all the laws and procedures in reference to the given Act lacked the protection and provisions required to protect one’s sensitive personal information provided electronically. This eventually led to the introduction of the Information Technology Bill, 2006 in the Indian Parliament which then led to the Information Technology (Amendment) Act, 2008 whose provisions came into force on October 27, 2009.

Section 43A and Section 72A were inserted in the IT Act. Under Section 43A, a corporate body was held liable in case they were negligent in possessing or dealing with sensitive information or data, thereby causing wrongful loss or wrongful gain to some other person. Section 72A stated that the punishment for disclosure of information in breach of lawful contract and any person may be punished with imprisonment for a term not exceeding three years, or with a fine not exceeding up to five lakh rupees, or with both, in case disclosure of the information is made in breach of lawful contract.

However, the scope and coverage of the IT Act and Rules are limited. Majority of the provisions only apply to ‘sensitive personal data and information’ collected through ‘computer resource’. The provisions are restricted to corporate entities undertaking the automated processing of data and consumers are only able to take enforcement action in relation to a small subset of the provisions.

Right to privacy is a fundamental right under Article 21 of the Constitution of India, which lays down our fundamental rights. This was affirmed by a nine-judge bench of the Supreme Court in Justice K.S. Puttaswamy vs Union of India in its historic judgment dated 24th August 2017 wherein it was declared that ‘the right to privacy’ is an integral part of Part III of the Constitution of India. After the Supreme Court’s landmark judgment in the Justice KS Puttaswamy case, which held that privacy is a constitutional right, the MEITY formed a 10 member committee lead by retired Supreme Court judge B.N. Srikrishna for making recommendations for a draft Bill on protection of personal data. After working on it for a year, the committee submitted its report titled “A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians ” along with the draft bill on personal data protection. The revised Personal Data Protection Bill, 2019, was introduced by Mr. Ravi Shankar Prasad, Minister for Electronics and Information Technology, in the Lok Sabha on December 11, 2019. 

In the present COVID-19 situation, people are compelled to maintain social distancing and necessitating them to stay home and work from home. This situation has triggered a huge dependence on digital platform. Under these circumstances, India urgently needs to fast track the clearance of the new Personal Data Protection Bill. The Bill, as stated in its preamble, provides for protection of the privacy of individuals relating to their personal data, specifies the flow and usage of personal data, creates a relationship of trust between persons and entities processing the personal data, protecting the rights of individuals whose personal data are processed in order to create a framework for organizational and technical measures in processing of data, laying down norms for social media intermediary, cross-border transfer, accountability of entities processing such personal data. The Bill also seeks to provide remedies for unauthorized and harmful processing, and to establish a Data Protection Authority of India for the said purposes and for matters connected therewith or incidental thereto.

Aishwarya Says:

I have always been against Glorifying Over Work and therefore, in the year 2021, I have decided to launch this campaign “Balancing Life”and talk about this wrong practice, that we have been following since last few years. I will be talking to and interviewing around 1 lakh people in the coming 2021 and publish their interview regarding their opinion on glamourising Over Work.

If you are interested in participating in the same, do let me know.

Do follow me on Facebook, Twitter  Youtube and Instagram.

The copyright of this Article belongs exclusively to Ms. Aishwarya Sandeep. Reproduction of the same, without permission will amount to Copyright Infringement. Appropriate Legal Action under the Indian Laws will be taken.

If you would also like to contribute to my website, then do share your articles or poems at adv.aishwaryasandeep@gmail.com

We also have a Facebook Group Restarter Moms for Mothers or Women who would like to rejoin their careers post a career break or women who are enterpreneurs.