Data protection has become more important in modern time as there is continued increase in the use of the growing technology. Today one of the other information or let say data is circulated through online mode whether it would be a mail, whatsapp, telegram or another payment site.
What is meant by data protection?
Data protection, the term itself defines the meaning to protect the data, and confidential information from any loss and harm by the unknown persons and virus in an offline and digital world respectively.
The offence of Data Protection is covered under Information Technology Act, 2000, but with changing time and technology the methods of offences also changed for which there was no provision to punish the person, So an amendment with the introduction of a bill in 2006 was brought, and a new act called Information Technology Act, 2008 was introduced which came into force on 27 October 2009.
Why Data Protection is important?
We use so many online social media platforms nowadays. But have we noticed that the advertisement on those platforms seems to be very relevant to us. Is it a coincidence? Think again.
Whenever we search any keyword on google or type any message on any of our social media platforms, it shows an advertisement for those things which we were searching online a while ago.
For example, if we search for an automobile product on google, after finishing the session when open YouTube, it will display all the latest and related details of the automobile industry according to our requirements in the form of advertisements. This means that our private data is used by Google to suggest advertisements of our likings.
Have you ever thought about how this takes place? It happens because when we go to a particular website, our IP address is tracked by Google, and even after deleting our browser history, Google looks into our search pattern and with the help of it, displays the related advertisements in other platforms.
A recent example of how easily our data can be accessed can be taken from Uttar Pradesh. It was a case of farmer protesting the decrease in the price of potatoes. This led them to outcast their anger by directly attacking the government offices.
In order to find out who was involved in damaging public property, the government with the help of the IT department searched for the violators by tracking their mobile phones.
This leads to the tracking of mobiles phones of around Ten-thousand farmers who were involved in the protest, but later it was found that only about 40-45 farmers were involved in the act of throwing the potatoes in front of the government office.
So the rest of the farmers tracked were innocent and their data from tracking the mobiles by the phone recordings were done wrongfully and the government should be held responsible for it.
Another example would be where the patients in Andhra Pradesh purchased medicine from government medicos, and the private information of the patients including their name, mobile number, age, sex, and much private information was published online. Publishing private information of a person online without his/her prior permission is an offence.
Relevant Section of Information Technology Act, 2008 affecting data Protection.
Section 43A — Compensation for failure to protect data
Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, not exceeding five crore rupees, to the person so affected.
Illustration – This section defines the penalty of a person who owns the responsibility to protect the data of others, and if he/she fails to do so he will be liable to pay compensation but damages exceeding 5 crores will not make the person liable, only below 5 crores will the person liable.
Section 72 — Breach of confidentiality and privacy
Save as otherwise provided in this Act or any other law for the time being in force, any person who, in pursuant of any of the powers conferred under this Act, rules or regulations made thereunder, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.
Illustration– This section clearly defines the punishment of a person who without the permission of the person access his/her any of the records he/she would be held liable to pay compensation of up to 1 lakh or he/she will be held liable for imprisonment up to 2 years or both.
Here the Andhra Pradesh case would be applicable. Where the government can be held liable for publishing the personal details of the person without their consent in an online mode.
Section-72 A Punishment for Disclosure of information in breach of lawful contract-
Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person shall be punished with imprisonment for a term which may extend to three years, or with a fine which may extend to five lakh rupees, or with both.
Case laws which resulted in the development of new data protection laws.
The famous case of Justice K.S.Puttaswamy(Retd) vs Union Of India, 2018, also known as the Aadhar card case, where the government declared that privacy is not a fundamental right, whereas the supreme court of India declared it as a fundamental right of every citizen of India.
After the judgment of the case, the government of India appointed an expert committee which was headed by B.N Krishna, Judge of the supreme court, for the purpose of drafting a bill on new data protection laws.
But the laws in the bill turns out to be unfit before presenting in the parliament and many rumours of the bill were there among the general public. Due to the problems in the bill, a group of 13 organization was appointed in which lawyers, common people, expert and government officials were involved to draft laws on data protection.
The bill was drafted by the committee and it was published on saveourprivacy.in (an online website where everyone can read and can agree or disagree on any point by giving out comment on the part). This was the first time where a bill was publicly displayed.
The is presented and divided into 7 principle,-
1. Individual rights are at the centre of privacy and data protection– which means there should have more data protection for an individual and the government and organization should have more transparency.
2. A data protection law must be based on privacy principles– means the laws related to data protection should not be rigid and must be dynamic ( changing) with upcoming modern technology, along with that there should have exception but it should be clearly defined so that it should not be misused by anyone.
3. A strong privacy commission must be created to enforce the privacy principles- a private commission would be appointed who will look into the matters of data protection and also review the law with changing time.
4. The government should respect user privacy.
5. A complete privacy code comes with surveillance performance. (phone tapping and invalid raid)
6. The right to information needs to be strengthened and protected.
7. International protections and harmonization to protect the open internet must be incorporated– means if any law is made worldwide on data protection then it would be reviewed and also implemented in India if it turned out to be fit for the country.
For example, a law in Europe named GDPR (General Data Protection Regulation )is used where if any of the person open any site in Europe then it will ask for permission whether the system would track your data or not. Indian privacy code, will look into the laws and implement it accordingly.
More important and famous case are CAMBRIDGE ANALYTICA, NAMO APP, and the PAYTM case.
Protection of a person’s privacy plays an important role, both in his professional and personal life. Data or information of a person is also similar to it where if it is saved, it will turn out to be fit for your life, but, if it is not protected it will destroy your future.
An example of this can be a case in Mumbai, where the data of a girl who was working online got hacked and her pictures were used for the wrong purposes. The girl after knowing this commits suicide. This shows how much privacy tampering affects a man’s mental health, in a way he feels exposed to everyone.
The Indian society does not believe in the importance of data protection for a person and how it can be misused is, because of lack of awareness. In foreign countries, this awareness is more among the people. Due to the lack of knowledge among people, proper care towards data protection is not given.
Due to which there is an increase in the numbers of cases related to the theft of data, for which proper laws are also not formed. Data Protection is a fundamental right and everyone should access it and sue the person who so ever infringes his/her right.