LCI Learning

Share on Facebook

Share on Twitter

Share on LinkedIn

Share on Email

Share More

Privacy is not something that I’m merely entitled to, it’s an absolute prerequisite. - Marlon Brando


The "Right to Privacy" in India has been enshrined under Article 21 "Protection of Life and Personal Liberty” of the Indian Constitution[1]. Fundamental rights are guaranteed to our citizens by our Constitution, individual fundamental rights should not be violated and the country must protect the fundamental rights of its citizen. The concept of Privacy is recognized at the International level by the United Nations Convention of the Universal Declaration of Human Rights.[2] In the modern digital era, crimes have also been digitalized by the professional through the mode of internet using computers and other electronic mediums. The crimes that are committed are theft of data, hacking, stealing of personal information, and many others. 

In recent years due to digitalization, the fear of infringement of data and the right to e-privacy has increased tremendously. The data can include personal information, their habits, educational information, medical and financial records, and many more on a digital platform. The information being digitalized and computerized makes it an easy task to share one’s information with any unauthorized third party which can further misuse the information. The personal data being in computer files has many benefits attached to it but on the other hand, it could be disadvantageous as the information can be shared with an unauthorized party in no time and at a very low cost. The advancement in technologies has raised concerns about data protection and the right to privacy due to the increase in technological innovations that have made data sharing easily accessible and communicable[3].


Right to privacy and data protection has a conflict between each other on one side data is protected digitally also some of the companies are asking for it but on the other, it raises a concern about a person’s right to privacy. The data of a person should be protected by the companies or the organization in such a manner that ensures the privacy of an individual is not compromised in any way. The companies acquire the data of individuals and maintain the database consisting of information of many individuals, maintaining data is not a difficult task but protecting it from hackers or data leaking i.e. protecting the integrity of data is a difficult task.

India has enacted the Information Technology Act, 2000 which covers matters related to data protection, and in 2008 many amendments were also made. The act concerns all the matters linked to "electronic commerce” but still matters related to data privacy have not been made clear. In the era of digitalization, the major crime that has been committed around the globe is data theft that has been done by criminals via breaking into a computer system or network of companies or individuals. In the case of Mphasis BPO Fraud[4], the employees of the Mphasis outsourcing facility in India had an access to the customer’s information, and also they convinced the customers of Citi Group who were Mphasis client to share their PIN codes with which they were not authorized to do so. The call center employers opened their new bank accounts and withdraw the cash from the customer’s account and diverted cash in their account also used false identities. The employees who were part of this charged under section 43(a) of IT ACT, 2000 for gaining unauthorized access and also for causing wrongful loss to the customers.

The IT Act does not impose any guidelines on private companies on how to protect and keep safe the personal data of the customers. There have been cases where confidential information has been hacked. In Abhinav Gupta v State of Haryana[5] here Abhinav Gupta was alleged to steal confidential information of his past employer JCBI. Also, he was accused of sharing confidential information with their competitor, the court held him guilty under section 66 of the IT Act, 2000 for gathering information dishonestly and unauthorized access to the owner’s computer also he was charged under section 420 and 406 Indian Penal code. In the similar case of Kumar v Whiteley[6], the accused was alleged to gain unauthorized access to the ‘Joint Academic Network (JANET)’ subsequently he added some file and also deleted some of the files and denied access to the ones who were authorized to use by changing its password. The court charged him under section 66 of IT Act, 2000 and section 420 of IPC.

Facebook data privacy scandal is one of the major examples of mishandling of personal data of the user of social networking sites. The data marketing company "Cambridge Analytica” gathered the non-authorized personal data of 87 million users of Facebook from their Facebook profiles[7]. This act of collecting data was done due to a lack of data protection methods for safeguarding the personal information of the users. Companies are so busy doing data harvesting they tend to forget to protect and keep the data safe, Facebook API has been abused by the developers and also the users agreeing to all the terms and conditions listed to login to Facebook. The process of protecting data will continue endlessly with the advancements in technologies. This is not the first scandal but it serves as an example for the users as well as companies that how important is to protect the personal data of users for maintaining their reputation in the market. The punishment given in the above cases is not sufficient as infringing one’s privacy is a much bigger crime and there is a need for a stringent law to govern those crimes.


The Personal Data Protection Bill, 2019 was introduced by Mr. Ravi Shankar Prasad (Minister of Electronics and Information Technology) in Lok Sabha on 11 December 2019.  The main objective behind this bill was to protect and safeguard the personal data of an individual and will further establish a Data Protection Authority to govern the personal data.[8] The bill characterizes certain personal data as sensitive which includes financial record, biometric data, person’s religious beliefs, and the data which is authorized by the government. The bill governs the personal data of an individual by the government and private companies, it also includes the foreign companies and can govern them if they involve the personal data of individuals of India.

An individual can get the information about his or her data whether his data has been processed and can also seek information regarding their data being transferred to other fiduciaries, and can restrict the sharing of their personal data. The sharing of one’s personal information and data can only be done if the principal has given consent. The bill also includes an exemption for the processing of data, for instance, the central government is exempted and its agencies and can procure data that is in the interest of national security and public order. In order to bring the Personal Data Protection Bill, 2019 into the act, there is a need for some rules to be followed by the organizations and companies which should ensure the safety of their customers and user's personal data. The crime of infringing data and one’s privacy committed by using the internet, technology, and cyberspace can be curbed by enacting legislation that would punish an individual or a company for stealing or hackings one’s data. The Personal Data Protection Bill, 2019 seems to be perfect legislation for protecting one’s privacy and data that is stored in a digital platform. This proves to be important legislation for the modern era of digitalization.


In today’s era where everything is getting digitalized which on the one hand making our life easier and on the other making room for hackers to get easy access to our personal data and details. The question needs to be asked to oneself that how safe and secure is to avail the benefits of the digital world. The right to privacy has been considered a person's personal liberty of making a choice of his own to whom he wants to give information or want them to access, a concept of privacy can be considered in a various different scenarios. Here we are considerate about the right to privacy which is infringed by the online acts committed by criminals that include hacking, gaining unauthorized access, stealing personal data, changing source code, denying access to the user, and many other crimes that are done by the use of internet using the computer system and network.

There is a need for the enactment of statutory legislation which governs the protection of personal data. The Personal Data Protection Bill, 2019 has been introduced in the Parliament which provides for the newer provision to protect the personal sensitive data. There is a need to convert this bill into an act, but the work doesn’t end here. The laws can be enacted but there is a need for citizens to be aware of their personal data and how the companies are using their data for gaining monetary benefits. Due to the advancements and innovations in technologies, it has become a necessity to strengthen the data protection measures and bring some stringent laws to punish these crimes. Due to the lack of stringent laws to punish these criminals, it boosts them to commit more crime and by committing the crime regularly they have gained a lot of knowledge and experience.

Many countries have enacted data protection laws also European GDPR has a standard for protecting the personal data of individuals which also puts fines on the companies which do not take measures to protect the personal data of their customers. There are some countries that are still behind in enacting the laws protecting the personal data of their citizens, India being one of them. Now, is the time for India to enact legislation and implement which can govern and safeguard the personal data of individuals and punish the miscreants.

By: Navin Kumar Jaggi & Bhavya Bhasin

  • [1] Indian Const. Art. 21.
  • [2] Universal Declaration Human Rights, 1948.
  • [3]Justice Yatindra Singh, Cyber Laws, Universal Law Publishing Co. New Delhi (2012).
  • [4]Abhay Vaidya, India’s First BPO Scam Unraveled, The Times Of India, April 23, (2005)
  • [5](2009) 2 RCR (Cri) 108 : (2009) 1 AIR Jhar R (NOC 191) 71 : 2008 Cri LJ 4536
  • [6](2005) AIR 505
  • [7] Dan Patterson, Facebook Data Privacy Scandal : A Cheat Sheet, Tech Republic (2020)
  • [8]ArunPrabhu, The Personal Data Protection Bill, 2019: An Analysis, Indian Corporate Law, Cyril Amarch and Mangaldas Blog, (2019)

"Loved reading this piece by Navin Kumar Jaggi?
Join LAWyersClubIndia's network for daily News Updates, Judgment Summaries, Articles, Forum Threads, Online Law Courses, and MUCH MORE!!"

Tags :

Category Intellectual Property Rights, Other Articles by - Navin Kumar Jaggi