Category: Legal Essay
Paper Code: LE-BS-15
Page Number: 427 - 433
Date of Publication: February 10, 2021
Citation: Bandana Saikia, Right to Privacy and Data Protection Law in India with a Brief Comparative Analysis with UK and USA, 1, AIJACLA, 427, 427-433, (2021).
Details Of Author(s):
Bandana Saikia, Student, Symbiosis Law School Pune
ABSTRACT During the pandemic, the use of online platforms has increased significantly across the world which requires uploading of personal information in the cyber world from where, if something is once uploaded, deletion becomes just a myth. Similarly, in India also during the lockdown use of the internet has increased at a massive scale which has made the personal data of most of the citizens in India available on the Internet. As such question arises regarding the protection and security of such personal data from their mis-utilizations. This is the reason why studying the legal framework regulating this issue becomes important. This short article to understand the legal framework on Data privacy has attempted to analyze very briefly the laws existing in the UK, USA, and India whereby it can be concluded that India is lagging by a huge margin on the issue of data protection compared to the other two countries, since India has no specific law enacted till now on that issue. KEYWORDS Data Protection, Information Technology, Privacy, UK and USA
INTRODUCTION The term ‘data privacy’ can be defined as the standard which is set to protect personal data. According to the General Data Protection Regulation (GDPR), the term ‘personal data’ can be defined as any means of information relating to an identified or identifiable natural person,for example- Subject names, initials, addresses, and genetic information. Working from homes in a pandemic age, almost all the IT Companies, public institutions, schools, colleges, and universities have shifted to remote operations to cope up with the pandemic situation and continue conducting their working activities. In such a scenario, people have started using unsecured devices and internet communications which have lower protection levels. The vulnerability that has raised especially reports of higher levels of cyberattacks, scammers, email-phishing during this pandemic era has posed a great threat to the data privacy of the people and in a country like India which has no comprehensive legislation about data privacy, such issues have raised a concern. In this short article, an attempt will be thus made to understand the relevancy of the existing data protection mechanisms in India for checking the increasing mis-utilizations of personal data of the citizens especially in the domain of ever-increasing technological innovations.
RIGHT OF PRIVACY- INTERNATIONAL CONVENTION The Universal Declaration of Human Rights is a milestone document in the history of human rights. The Declaration was proclaimed by the United Nations General Assembly in Paris on 10th December 1948 as a standard of achievements for all persons and all nations. Article 12 of the Declaration lays special emphasis on the privacy matter of individuals. It has provided that no interference shall be made arbitrarily in anyone’s privacy matters including family, correspondence, and honor, and reputation, and everyone has a right to seek protection of the law against such interferences. · Article 17 of the International Covenant on Civil and Political Rights has also provided a similar kind of right based on the wordings of Article 12 of UDHR and thereby making the Right to Privacy a Civil and Political Right of every human being. · Even Article 8 of the European Convention on Human Rights has provided the same category of Rights as a basic human right but here it has also added few exceptions that a person’s Right to Privacy can be withdrawn or suspended following the law and whenever it becomes necessary for protecting the best interests of National security, or for public safety, or prevention of crime and disorder, or for maintaining economic well-being of the country, etc. It means that one’s Right to Privacy under this Convention is guaranteed until and unless it interferes with the right to freedom of any other individual. It can therefore be stated that the Right to Privacy has been recognized as a basic human right in one or the other form by International Legal Documents. However, such Rights had never been granted absolutely. There have been restrictions made on the protection of this Right to the extent it is not in conflict with the other existing legally protected Rights of other individuals.
PRIVACY LAWS IN UNITED STATES OF AMERICA · Computer Fraud and Abuse Act, 1986 – It is an extensive federal PC crime enactment which amended the Title 18 United States Code Section 1030 to upgrade punishments against six kinds of PC exercises: Fraudulent dealing with PC passwords influencing interstate business, Unauthorized access of a PC to get ensured monetary or credit data, Unauthorized interstate or unfamiliar access of PC frameworks that outcomes in at any rate $1,000 total harm, Unauthorized interstate or unfamiliar access of a PC framework to swindle, Unauthorized access into a PC utilized by the government and Unauthorized access of a PC to acquire data of public security to harm the United States or offer a bit of leeway to a far off country.
· Children’s Online Privacy Protection Act, 1998 –This Act was ordered by Congress in 1998 which required the Federal Trade Commission to issue and uphold guidelines concerning children's online protection. Its essential objective is to guarantee that guardians have command over what data is gathered from their little youngsters on the web. The Rule just covers engineers that work portable applications that are coordinated to youngsters under 13 and gather, utilize or uncover individual data from kids, and the individuals who have genuine information that they are gathering, utilizing, or unveiling individual data from kids under 13 years old.
PRIVACY LAWS IN U.K · Data Protection Act, 1998 – Data Protection Act outgrew public worry about close to home security despite quickly creating PC innovation. This demonstration expresses that associations which store individual information should enlist and express the reason for which they need the data. All information regulators should keep to the Eight Principles of Data Protection i.e., Data should be kept secure, put away should be applicable, should be kept no longer than needed, should be stayed up with the latest, should be acquired and prepared legitimately, should be handled inside the information subject for legal purposes and should not be moved to nations without satisfactory information assurance laws.
· The Data Protect Act, 2018 – It is the United Kingdom's usage of the General Data Protection Regulation (GDPR). It controls how one's very own data is utilized by associations, businesses, or the public authority. Under this Act of 2018, individuals will reserve the privilege to discover everything data does the public authority and different associations store about them which incorporates the option to be educated about how their information is being utilized, approach individual information, have information deleted, etc.
INDIAN LEGAL SCENERIO Currently, there is no legislation specifically dealing with privacy and data protection but there are provisions under the Information Technology Act, 2000 which relate to the privacy of data. Section 43A & Section 72A are the two sections that deal with the implementation of “reasonable security practices for sensitive personal data or information which provides for the compensation of the person affected by wrongful loss or wrongful gain and also provides for a penalty of a period up to 3 years and/or a fine up to Rs.5,00,000 for a person who causes wrongful loss or wrongful gain by disclosing personal information of another person while providing services under the terms of a lawful contract respectively”. The Information Technology Reasonable Security Practices and procedures and sensitive personal data or information Rules, 2011 is worth a mention here. It applies to corporate bodies and persons located in the territory of India. The Rules cover definitions of many of the vital technological terms like Cyber incidents, data, information, intermediary, personal information, and so on. Rule 3 is considered to be the crucial one as it deals in the matter of sensitive personal data or information which includes a list of such personal information particularly- password, financial information such as Bank account details, physical, psychological, and mental health conditions, sexual orientation, medical records and history, and biometric information.
SUPREME COURT ON RIGHT TO PRIVACY The Supreme Court of India from time to time has taken a different stand when it came to the question of privacy as a matter before them. Before the Right to Privacy case of 2017, the Apex Court was not in favor per se of declaring the Right to Privacy as a right that is fundamental under the Constitution of India. Some of the previous decisions of the Supreme Court on the Right to Privacy can be discussed below- · M.P. Sharma and Ors. vs. Satish Chandra, District Magistrate, Delhi and Ors –The case was identified with the finding and capture of records of Dalmia group of companies following examinations concerning the undertakings of Ms Dalmia Jain Airways Ltd. The DM gave the warrant and searches were completed at places belonging to the group. Immense pieces of records were seized. In the writ request under the steady gaze of the Supreme Court, the abused gatherings tested the defendability of the hunts completed saying that their private records were removed, and asserted that it disregarded their key right under Article 19(1)(f) and 20(3). The Supreme Court dismissed the dispute and held that no privilege of protection is set out under the Constitution of India. · Kharak Singh vs. State of U.P – In this case, Kharak Singh was charged in a case of dacoity but as there was no evidences against him, he was released. The Uttar Pradesh Police subsequently opened a history sheet against him and bought him under surveillance. He contested this move of the Uttar Pradesh Police and contended that it violated his fundamental rights under Article 19(1)(d) and Article 21 intruded on the Constitution of India, which his privacy. The Apex Court however was of the view that there was no violation of his fundamental rights under Article 19(1)(d) and Article 21 and held that no private right of him was violated. · People’s Union of Civil Liberties v. Union of India –The case revolves around the issue of telephonic tapping and held that the tapping of an individual's phone line disregarded the privilege of privacy except if it was needed in the best grave circumstances, for example, crisis. For this situation, Sec 5(2) of the India Telegraph Act, 1885 was tested as it permitted the concerned specialists to capture messages for transmission in light of a legitimate concern for public power. The Supreme Court for this situation took a genuine choice bringing about a wide translation of Article 21 and subsequently proclaiming phone tapping as an infringement of privacy. · Govind v. State of Madhya Pradesh – In this case, the Supreme Court recognized that the Right to Privacy comes under the purview of Right to Life and Personal Liberty under Article 21, however, the court made it clear that it was not an absolute right and reasonable restrictions can be imposed based on public interest. If we search for some truly indispensable case laws like that of R. Rajagopal v. Territory of Tamil Nadu, the Apex Court for the absolute first-time laid accentuation on expressing that the right to privacy is verifiable morally justified to life and freedom ensured to the citizens under Article 21. Additionally, on account of Ram Jethmalani v. Association of India, the Supreme Court held that the right to privacy likewise requires the state not to unveil any private information or data about a person, which would disregard their protection. Lastly, on account of Puttuswamy v. Association of India, a nine-judge Bench of the Supreme Court announced that the right to privacy is a basic right that is ensured under Article 21 of the Indian Constitution. Taking a gander at the distinctive point of view of the Courts in achieving security concern shows the most extreme requirement for a complete enactment in ensuring the information protection of the people. The Personal Data Protection Bill, 2019 was introduced in the Lok Sabha by Minister of Electronics and Information Technology, Mr. Ravi Shankar Prasad on 11 December, 2019 but is currently before a Joint Parliamentary Committee for consideration of the same which aims to provide for protection of personal data of individuals and establishes a Data Protection Authority for the same.
CONCLUSION From this brief analysis, it becomes clear that both in the United Kingdom and the United States of America there is a well-defined set of legal rules to check threats to data privacy of individuals within their respective jurisdictions along with extra-territorial jurisdictions over certain matters related to the subject of data privacy. But in India, such a regulatory framework is still missing. We need to understand that the IT Act, 2000 was not enacted to engage in data protection. The scope for applying provisions under the IT Act, 2000 for data privacy breach is not strong enough as it fails to specify certain governmental agency which would govern the data protection of the individuals in India and certainly the IT Rules apply only to a limited scope of sensitive personal data so there is an utmost necessity for the legislature to enact the Data Privacy Law especially after the pandemic situation, there would be a huge chunk of reports about data privacy breach in the lockdown period. The concept of Privacy is very weak and the legislation about this matter is very gloomy. The rise of internet users in the pandemic era has resulted in users voluntarily or involuntarily disclosing personal data on the internet without even giving a second thought to its repercussions. A comprehensive legal policy framework to address data protection and privacy issues is the need of the hour in India.
 GDPR Regulations.  Universal Declaration of Human Rights, Art 12 (Nov. 2020, 12, 01:13 AM), https://www.un.org/en/universal-declaration-human-rights/.  International Covenant on Civil and Political Rights, Art. 17 (Nov. 2020, 12, 01:11 AM), https://www.ohchr.org/en/professionalinterest/pages/ccpr.aspx.  European Convention on Human Rights, Art. 8 (Nov. 2020, 12, 02:13 AM). https://www.echr.coe.int/Documents/Convention_ENG.pdf.  Information Technology Act, 2000, Sec 43A.  Information Technology Act, 2000, Sec72A.  M.P. Sharma and Ors. v. Satish Chandra, District Magistrate, Delhi and Ors, 1950 SCR 1077.  Kharak Singh v. State of Uttar Pradesh and Ors. 1962 (1) SCR 323.  People’s Union of Civil Liberties v. Union of India, (1997) 1 SCC 318.  Govind v. State of Madhya Pradesh, 1975 SCC 468.  Personal Data Protection Bill 2019, BILLTRACT (Nov. 2020, 13 01:12 AM), https://www.prsindia.org/billtrack/personal-data-protection-bill-2019.