Data Privacy

Data privacy, occasionally also appertained to as information privacy, is an area of data protection that concerns the proper running of sensitive data including, especially, particular data but also other nonpublic data, similar to certain financial data and intellectual property data, to meet nonsupervisory conditions as well as guarding the confidentiality and invariability of the data.

Roughly speaking, data protection spans three broad orders, videlicet, traditional data protection (similar as backup and restore clones), data security, and data privacy as shown in the Figure below. icing the privacy of sensitive and particular data can be considered an outgrowth of stylish practices in data protection and security with the overall thing of achieving the continual vacuity and invariability of critical business data.

Security becomes an important element in guarding the data against external and internal pitfalls but also when determining what digitally stored data can participate and with whom. In a practical sense, data privacy deals with aspects of the control process around participating data with third parties, how and where that data is stored, and the specific regulations that apply to those processes.

nearly all countries in the world have introduced some form of legislation concerning data privacy in response to the requirements of a particular assiduity or section of the population.

Data Privacy isn't a single concept or approach. rather, it's a discipline involving rules, practices, guidelines, and tools to help associations establish and maintain needed situations of sequestration compliance.

Data sequestration is generally composed of the following six rudiments:

• Legal frame. Prevailing legislation legislated and applied to data issues, similar to data privacy laws.
• Programs. Established business rules and programs to cover workers and stoner data sequestration.
• Practices. Stylish- practices put in place to guide IT structure, data sequestration, and protection.
• Third-party associations. Any third-party associations, similar to pall service providers, that interact with data.
• Data governance. norms and practices used to store, secure, retain, and access data.
• Global conditions. Any differences or variations of data sequestration and compliance conditions among legal authorities around the world similar to the U.S. European Union( EU).

Data sequestration is a subset of the broader data protection conception. It includes traditional data protection-- similar to data backups and disaster recovery considerations-- and data security. The thing of data protection is to ensure the continued sequestration and security of sensitive business data while maintaining the vacuity, thickness, and invariability of that data.

Data Privacy Laws and Acts

The Constitution of India doesn't patently grant the abecedarian right to sequestration. still, the courts have read the request to sequestration into the other being abecedarian rights, ie, freedom of speech and expression under Art 19( 1)( a) and right to life and particular liberty under Art 21 of the Constitution of India. still, these Abecedarian Rights under the Constitution of India are subject to reasonable restrictions given under Art 19( 2) of the Constitution that may be assessed by the State.

Lately, in the corner case of Justice K S Puttaswamy( Retd.) & Anr. vs. Union of India and Ors., the constitution bench of the Hon'ble Supreme Court has held the Right to sequestration as an abecedarian right, subject to certain reasonable restrictions.


India presently doesn't have any express legislation governing data protection or sequestration. still, the applicable laws in India dealing with data protection are the Information Technology Act, of 2000, and the (Indian) Contract Act, of 1872. A codified law on the subject of data protection is likely to be introduced in India in the near future.


The (Indian) Information Technology Act, of 2000 deals with the issues relating to the payment of compensation( Civil) and discipline( Criminal) in case of unlawful exposure and abuse of particular data and violation of contractual terms in respect of particular data.

Under section 43A of the( Indian) Information Technology Act, 2000, a corporate body who enjoys, dealing or handles any sensitive particular data or information, and is careless in enforcing and maintaining reasonable security practices performing in unlawful loss or unlawful gain to any person, also similar body corporate may be held liable to pay damages to the person so affected. It's important to note that there's no upper limit specified for the compensation that can be claimed by the affected party in similar circumstances.

The Government has notified the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. The Rules only deal with the protection of" Sensitive particular data or information of a person", which includes similar particular information which consists of information relating to:

• Passwords
• Fiscal information similar to a bank account or credit card or disbenefit card or other payment instrument details;
• Physical, physiological, and internal health conditions;
• Sexual exposure;
• Medical records and history;
• Biometric information.

Computer related offenses

Section 66 provides that if any person, dishonestly or fraudulently does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to Rs 5,00,000 (approx. US$ 8,000)) or with both.

Data Subjects' Rights

Data subjects (people whose data is collected and processed) have certain rights regarding their personal information. These rights should be communicated to data subjects in a clear, easy-to-access privacy policy on the organization's website.

1. The right to be informed. Data subjects must be informed about the collection and use of their personal data when the data is obtained.
2. The right to access their data. A data subject can request a copy of their personal data via a data subject request. Data controllers must explain the means of collection, what's being processed, and with whom it is shared.
3. The right of rectification. If a data subject's data is inaccurate or incomplete, they have the right to ask you to rectify it.
4. The right of erasure. Data subjects have the right to request the erasure of personal data related to them on certain grounds within 30 days.
5. The right to restrict processing. Data subjects have the right to request the restriction or suppression of their personal data (though you can still store it).
6. The right to data portability. Data subjects can have their data transferred from one electronic system to another at any time safely and securely without disrupting its usability.
7. The right to object. Data subjects can object to how their information is used for marketing, sales, or non-service-related purposes. The right to object does not apply where legal or official authority is carried out, a task is carried out for public interest, or when the organization needs to process data to provide you with a service for which you signed up.

Why does India need to modernize its data protection laws?

Because of the numerous gaps that must be closed, there is an urgent need to update the current data protection regulations. As follows:

1. The Information Technology Act's clause only addresses "body corporate" data gathering and processing. As a result, other than that, no other data is protected. Even if the data is sensitive, it is not protected by this as it is freely accessible in the public domain.
    
2. Even while the Aadhar will stay private when connected to your personal information and that information would be shared with the Income Tax Department, the Income Tax Act does not contain any provisions for data protection.
    
3. The Personal Data Protection Bill gives the authority unrestricted power and allows the officer or the Data Protection Authority to enforce steps against a person such as an arrest, detention, or any other required action without the consent of the court.
    
4. The PDPB law makes no reference to a required or specified period of time for reporting a data breach. Additionally, a complaint may only be made after harm has been done, so this does not at all prevent data breaches. Additionally, even though the bill has not yet been passed, it may grant the government full access to civilian data.
    
5. Acc. to the measure, if the State so desires, data may be processed even without consent.

In addition, there is no minimum age requirement in India for joining the social media sites that are most susceptible to data breaches.

Case Laws:

Govind v. State of Madhya Pradesh

In this case, the issue was similar to that in the Kharak Singh case. It was held by the Hon'ble Supreme Court that the police regulations were not in conformity with the personal freedom of a person and the right to privacy is part of a fundamental right but it should be considered and looked upon according to each case or developed by case to case.

Maneka Gandhi v. Union of India

In this case, the interpretation of Article 21 by the Hon'ble Supreme Court was done in a broader sense. This case interpreted the Right to Life in a different and wide way that made the Right to Privacy fall within the ambit of the right to life.

Conclusion:
There are still certain gaps that need to be addressed even though India is attempting to establish and create legislation for data protection and privacy. Due to the critical importance of this new area of law in the modern day, our Indian legislature must take into account the benefits of data protection and privacy legislation from around the globe and advance its implementation and development. There are numerous data protection regulations in other countries that, if adopted and effectively enforced in India, might help to reduce problems with data protection.