December 3, 2020

PERSONAL DATA PRIVACY, PROTECTION AND SAFETY IN THE E- CONTEXT WITH EMPHASIS ON CYBER LAW

This Article on the effects of Data Privacy and Protection of Individuals has been chosen for a detailed analysis on the causes of frequent altercations between the individuals, web sites and the Governments. It seeks to adopt a modern approach by analysing the various modes of virtual world and its impact on the preferences of today’s youth. This Article seeks to question if the online processing of data and lack of privacy is worth the modern technological advancements in the society today.

Introduction:

Privacy is that aspect that individuals can rightfully claim that their personal data regarding their hobbies, their residence, their fancies not be made available to others and that if the data is to be available to others, it must be only after the individuals can be said to possess control of ownership over the data subject to such privacy. According to the Black’s Law Dictionary[1] privacy can be summed to be non- interference into a person’s life by public especially with matters the public is not concerned.

Article 12[2] states that no one can shall be subjected to interference with a person’s family or home. Article 17[3] states that no one shall face interference that is either unlawful or arbitrary. Article 8 brings in aspects of interference by a public authority except according to law and unless it is essential in light of protection of morals of a healthy society[4].

Right to Privacy has been enshrined in Article 21 of the constitution, which though not explicitly involved, has evolved through precedents in the Indian Courts of Law. Right from Govind v, State of Madhya Pradesh[5] (privacy is not an absolute right), to Maneka Gandhi v. Union of India[6] (subscribing a procedure to authorise personal liberty) to Naz Foundation case[7] (homosexuality circumscribing right to privacy), Right to privacy has been embedded in the Constitution and is of utmost importance and is at par with Right to Life in today’s era.

Privacy Bill, 2011[8]: The Bill has been established to support that an individual has privacy even in the basic systems of personal correspondence, phone conversations and electronic mail to an extent and to high end amenities like surveillance, banking and medical services and facilities. The Punishment inflicted has been fixed with a fine of Rs. 5 lakhs.

OECD Principles: the Organisation for Economic Co-operation and Development[9] has issued guidelines on the relevance of data protection on an international forum proving to be a form of holy manuscript today. The 8 Principles of National Application:

1.1 Limitation of Collection principle that states that only lawful collection can be permitted under the rules of privacy.

1.2 Data Quality Principle that revolves around the barriers that data application, protection and privacy cannot exceed.

1.3 Purpose Principle that requires that data collected must be specified as to the reason and the usage of the same.

1.4 Limitation of Use Principle: it states that the data collected must not be disclosed except when especially provided to be declared by law.

1.5 Safeguard of Security Principle that seeks to protect data against alteration or deletion of data.

1.6 Openness regarding the policies and other practices by the Government or other users of data.

1.7 Individual Participation Principle that confers on Individuals the right to verify if a data controller has right over certain information relating to the individual or not.

1.8 Accountability Principle: Data Controller must assume responsibility regarding accordance with law and its principles.

Impact of Technology and Ill- Effects[10]:

Though there has been technological advancement to massive levels, it is pertinent to note that it has brought with unwarranted attention and a growing tumour of personal data violations.

Websites today not only collect information explicitly through surveys, feedbacks, orders, online deliveries but also implicitly through cookies and tracking software.

Mass undisclosed information is on the rise as it warrants for third parties to make a summarised analysis by collecting information for advertising purposes[11]. One of the measures undertaken for this purpose includes “cookies” which is a code that is generally on a computer and it stores personal information and preferences of the consumer. It is generally used as a tracker that stores information from the site visited by the consumer.

Unfolded in the Indian Information Technology Act, 2000: Though the concept of data privacy has been discussed only in a short snap under Section 72, it establishes it an offence to cause a breach in the confidentiality or privacy. It sums it up as if any person has secured access to electronic record, book, register, information, document or other material is to be punished with imprisonment which may extend to two years or fine of one lakh or both.

Its of a narrow perspective as it only relates to those offences that are made by officers in charge and not of a person who has committed an offence. Online privacy has not been adequately addressed and thus malicious use of online data is still a pending question.

Personal Data Protection Bill, 2019[12]: has been introduced by India that sought for protection of data of every individual and an authority called the Data Protection Authority has been appointed for the same.

The personal data can be said to be kept in check, that which is accessible by the Indian Government, Indian Companies, foreign companies that deal with the personal data of Indian Individuals.

It states that data can be processed, collected and analysed only if the individual gives his/her free consent and confers certain rights on the individuals as to the amendment of his/her data, verify if data has been processed and whether data can be continuously processed or not.

Express consent is not needed only when its for an emergency in medical terms, by legal institution proceedings or a State fulfils duty to provide for certain amenities to the individual.

Offences and Penalties have been imposed as punishable with fine of Rs. 5 crore or imprisonment up to 3 years or both, if it’s a scenario of failure to contain the data audit.

The Bill has amended the Information Technology Act, 2000 and sought to delete the provision that deals with the failure of protection of data by companies.

US position to curb misuse: The Federal Trade Commission has played a key role[13] to curb the misuse by recognising core principles like Awareness, Security and Consent. It has also brought that the norm that self – regulation is the best means to ensure that the information is traded fairly and stored efficiently.

Another important initiative is the Children’s Online Privacy Protection Act, 1998[14] which addresses websites dealing with children below 13 years as that the operators must post a notice link of the practices from the site where they collect the information.

A development to curb the same includes Seal Programmes that require the website licensees to submit to compliance monitoring to deal with more fair information practices.

Data Protection in UK: The Data Protection Act, 1998[15] was introduced that dealt with both paper based data and online context as well. Section 15(2) clearly emphasis on action to be taken in case of a knowing breach committed by the data controller and whether it falls within the ambit of personal data disclosure or not.

Conclusion:

Thus, the article sought to approach on the aspects of data privacy in not just the country of India, but also US and UK which have developed laws through the Federal Trade Commission and the Data Protection Act respectively. Data Protection has been analysed from an individual’s perspective and this has paved way to a summarised analysis on the aspects of the rights that the individual possess and the ambit that data protection can be valid for.

A major shortcoming in the Indian territory is the absence of a codified and a stand-alone Data Protection Act. The need for the hour is still in a bill stage and is not able to take a step ahead and bind the people under a separate Act for the same. Thus, the Purpose of the Article can be summed up as curbing the menace of unlawful data collection, abuse of disclosure of data and data misuse in the wrong hands by introduction of reforms and policies for the same.

References:

  1. Law Relating to Computers, Internet and E- Commerce by Nandan Kamath. 5th edition reprinted in 2019, Forwarded by N. R. Madhava Menon. Published by Lexis Nexis.
  2. Constitutional Law of India- Dr. J.N. Pandey by Central Law Agency 54th Edition, 2017. ISBN- 978-93-84852-68-9.

  1. http://www.legalserviceindia.com/articles/Data_Safety.htm. Last accessed- 21-04-2020.
  2. https://www.prsindia.org/billtrack/personal-data-protection-bill-2019. Last accessed – 21-04-2020.
  3. Freedom of Information and Data Protection Act, by Dr. Suhail Amin Tarafdar, DR. Michael Fay. First Published 28-11-2017. https://journals.sagepub.com/doi/10.1177/1755738017735139. Last accessed- 21-04-2020.


[1] Black’s law Dictionary by Henry Campbell Black, 6th Edition by Publisher’s Editorial Staff, St.Paul, West Publishing Co. 1990.

[2] Article 12 of Universal Declaration of Human Rights (1948)

[3] Article 17 of International Covenant of Civil and Political Rights (16 December 1966)

[4] Article 8 of European Convention on Human Rights (signed- 4 November 1950)

[5] Govind v. State of Madhya Pradesh, 1975 AIR 1378 1975 SCR (3) 946

[6] Maneka Gandhi v. Union of India- 1978 AIR 597, 1978 SCR (2) 621

[7] Naz Foundation v. NCT Delhi WP (C) No. 7455/2001.

[8]https://www.indiatoday.in/india/story/right-to-privacy-fundamental-right-parliament-1031136-2017-08-24. Originally published by Prabash K Dutta on August 24, 2017. Last accessed- 21-04-2020.

[9] OECD- Established- 30-09-1961. https://www.oecd.org/india/. Last accessed- 21-04-2020.

[10] Law Relating to Computers, Internet and E- Commerce by Nandan Kamath. 5th edition reprinted in 2019, Forwarded by N. R. Madhava Menon. Published by Lexis Nexis.

[11] http://www.legalserviceindia.com/articles/Data_Safety.htm. Last accessed- 21-04-2020

[12] https://www.prsindia.org/billtrack/personal-data-protection-bill-2019. Last accessed – 21-04-2020

[13] Report in 1998 titled “Privacy Online: A Report to Congress”, a three- year Privacy Initiative by the Federal Trade Commission.

[14]https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule Last accessed- 21-04-2020

[15] Freedom of Information and Data Protection Act, by Dr. Suhail Amin Tarafdar, DR. Michael Fay. First Published 28-11-2017. https://journals.sagepub.com/doi/10.1177/1755738017735139. Last accessed- 21-04-2020.

Author Details:

V. Krishna Laasya is a student at School of Excellence in Law, Tamil Nadu Dr. Ambedkar Law University.

The views of the author are personal only. (if any)

Source: Jus Weekly, May 20202, Issue 1

Leave a Reply