- It has become more crucial than ever to make sure that the right to privacy is properly protected, especially in light of the recent exponential advancements in technology.
- Social networking has become so ingrained in our daily lives.
- It is crucial to protect everyone's right to privacy. Since it was declared a fundamental right by the Supreme Court, this privilege has taken on much more significance.
- Although privacy should be safeguarded in all respects, as with all fundamental rights, it is frequently subject to legitimate limitations that the government may apply in certain circumstances.
India's creative approach to privacy is not new. Since 1954, when privacy was first questioned, we have fought for it and climbed many ladders to get it acknowledged as a full-fledged fundamental right that is still developing its branches. "No one shall be deprived of his life or personal liberty except in conformity with the legal procedure," states Article 21 of the Indian Constitution. After reading Article 21, it was decided that "life" refers to all aspects of a man's life that help to make it happy, full, and worthwhile. Every human endeavor has both good and bad sides. Technology has impacted every aspect of our life, whether we liked it or not, and we can't be certain that what we think hasn't already been shared with a third party.The public and private sectors should be subject to the same data protection laws. These days, the government is not the only entity holding personal data. Private players like banks and telecom firms are increasingly holding it. Individuals who are natural people should be included by this law, regardless of their citizenship or place of residence.Section 66-A of the IT Act, 2000 and Sections 500, 506, and 507 of the Indian Penal Code, 1860 are both relevant. The accused may get a fine and a sentence that lasts up to three years. According to Section 77-B of the IT Act of 2000, the offence is punishable by fine and/or imprisonment, however if Section 500 of the IPC is used, the offence is not punishable by fine or imprisonment and may only be compounded with the court's approval.
According to the Indian Constitution's Articles 14, 19, and 21, the right to privacy is an implicit constitutional right that can be invoked. It is a fundamental freedom that is linked to life and liberty liberties. It is a basic and unalienable right that pertains to an individual and includes all information about that individual, as well as all of his or her decisions. It shields citizens from government monitoring of their employment, activities, sexual preferences, unions, and eating routines, among other things. Therefore, any government actions that infringe on a person's right to privacy will be challenged in court. The Supreme Court made sure to emphasize that the right to privacy is not absolute and that it can be restricted in some situations. The state may restrict the right to privacy to protect legitimate state interests, but only if it passes the following three criteria:
- the existence of a law that permits a privacy invasion;
- A legitimate state objective or need that ensures this law's scope or content is within the reasonableness range and forbids unconstitutional state action; and
- The resources available to the State are sufficient to satisfy the goals and requirements of the law.
As a result, this three-part criterion must now be passed for every federal policy that may have an impact on privacy. Numerous ongoing initiatives will almost certainly be disrupted, with the Aadhaar identifying system ranking as the most significant.
THE PERSONAL DATA PROTECTION BILL 2019-
On December 11, 2019, Mr. Ravi Shankar Prasad, Minister of Electronics and Information Technology, introduced the Personal Data Protection Bill, 2019 in the Lok Sabha. The Bill establishes a Data Protection Authority to ensure the protection of personal information about persons.
Applicability: The Bill governs the processing of personal data by: (i) government, (ii) companies incorporated in India, and (iii) foreign companies dealing with personal data of individuals in India. Personal data is data which pertains to characteristics, traits or attributes of identity, which can be used to identify an individual. The Bill categorises certain personal data as sensitive personal data. This includes financial data, biometric data, caste, religious or political beliefs, or any other category of data specified by the government, in consultation with the Authority and the concerned sectoral regulator.
Obligations of a data fiduciary: A data fiduciary is a body or person that determines how and why personal data is processed. Certain restrictions on purpose, collection, and storage will apply to this processing. For instance, only defined, obvious, and legitimate purposes may be used to process personal data. All data fiduciaries must also adopt certain transparency and accountability measures, such as I putting in place security protections (such data encryption and preventing data misuse) and (ii) setting up grievance redressal systems to handle individual complaints. When processing sensitive personal data of children, they must also put in place procedures for parental approval and age verification.
Individual rights: The Bill outlines a number of individual rights (or data principal). These rights include the ability to I request confirmation from the fiduciary as to whether their personal data has been processed, (ii) request correction of inaccurate, incomplete, or out-of-date personal data, (iii) request transfer of personal data to any other data fiduciary under certain conditions, and (iv) restrict a fiduciary's continued disclosure of their personal data if it is no longer required or consent is withdrawn.
Reasons for processing personal data: The Bill only permits fiduciaries to treat data if the subject has given their consent. Personal data may, however, be processed without a person's knowledge or permission in some situations.
Social media intermediaries: According to the bill, these are middlemen that permit online user contact and information sharing. All of these intermediaries have obligations, including offering an optional user verification procedure for users in India, whose acts may have an influence on electoral democracy or public order and whose users exceed a designated threshold.
Data Protection Authority: The Bill establishes a Data Protection Authority, which has the following powers: I take action to safeguard the rights of persons; (ii) stop the misuse of personal data; and (iii) guarantee that the Bill is being followed. With at least 10 years of experience in the fields of data security and information technology, it will have a chairperson and six members.
Transfer of data outside of India: If the subject gives their express agreement and subject to certain requirements, sensitive personal data may be processed outside of India. Such delicate personal information should still be kept in India, though. The government has designated some personal information as vital personal information, which can only be processed in India.
Offenses: According to the Bill, there are two types of offences: I processing or transferring personal data in violation of the Bill, which carries a fine of 15 crore rupees or 4% of the fiduciary's annual turnover, whichever is higher; and (ii) failing to conduct a data audit, which carries a fine of 5 crore rupees or 2% of the fiduciary's annual turnover, whichever is higher. Without consent, re-identification and processing of de-identified personal data are punishable by up to three years in prison, a fine, or both.
Exemptions: The central government has the authority to exempt any of its agencies from the Act's requirements: I in the interest of national security, public order, India's sovereignty and integrity, and friendly relations with other countries; and (ii) to prevent incitement to commit any cognizable offence (such as an unlawful arrest) related to the aforementioned issues. Processing of personal data is also exempt from the Bill's requirements for a few specific uses, including I the detection, investigation, or prosecution of crimes, (ii) domestic or personal needs, or (iii) journalistic needs. However, such processing needs to have a clear, defined, and legal purpose as well as a few security precautions.
The law proposes the creation of a new, independent regulatory body named the Data Protection Authority and provides measures for the protection of sensitive personal data (DPA). The 2019 bill also includes important clauses that the 2018 draught bill did not, such as the ability of the central government to exempt any government agency from its rules and the right to erasure, often known as the Right to Be Forgotten, of a person.Under the Information Technology Act of 2000, the use and transfer of personal data are now governed by the Information Technology Rules, 2011.In accordance with the law, businesses that process personal data may be held accountable and required to make restitution to those who have been adversely affected.The government feels that the rate of the digital economy's development has rendered present legislation insufficient, which is why the Bill has been introduced.