Legal aspect of data privacy is a crucial topic in today's digital world. With increasing reliance on technology by today's generation whether it's for education, job or entertainment purpose certainly a vast amount of personal information are shared, collected and stored in virtual world on daily basis and its unlawful use against individuals has become common which perils the privacy of person. Hence it is essentially important to understand the legal framework surrounding our data privacy.

Data Privacy amounts to protection of personal and crucial information of a person from sharing to third party against unlawful use. With easy availability of personal data in online media, it eases the cyber criminal to use such data for wrongful purpose like cyber fraud, cyber bullying, cyber squatting, sextortion, digital arrest and many more such crimes. According to 70th 'Edition of Annual Crime In India' 2022 report by National Crime Record Bureau ( NCRB) -a total of 65,893 cybercrime cases have been registered which is 24.4% more than last year of 2021.These include majority of cyber fraud accounting for 64.8% of total then followed by extortion and sexual extortion. These data puts a major question on government accountability towards safeguarding the privacy of its citizen.

India's Legislature On Data Protection

Information Technology (Reasonable Security Practices and Procedures and Sensitive Data) under the Information Technology Act, 2000

• This rule mandates that all organizations collecting personal data must obtain prior consent from individuals.
• Organizations are required to clearly state the purposes for which personal data is collected.
• It also mandates organizations and entities to implement reasonable security practices and procedures to protect collected personal data from unauthorized access, disclosure, or loss.

Digital Personal Data Protection Act, 2023

• Prior to 2022, there was no single unified legislation on data protection in India.
• In August 2023, Parliament enacted the Digital Personal Data Protection Act based on the recommendations of the B.N. Srikrishna Committee.
• This Act grants certain rights to individuals, including:
  • Right to obtain information
  • Right to seek correction and erasure
  • Right to grievance redressal
• The Act introduces new concepts such as:
  • Data Principal
  • Data Fiduciary
  • Various rights, duties, and obligations towards each other
• It empowers the central government to exempt any government agencies from the application of this Act.
• The Act seeks to establish an adjudicatory body named the Data Protection Board of India to adjudicate matters related to data privacy breaches and non-compliance with this Act.
• The Act also imposes penalties for violations.

Drawbacks of the DPDP Act

• While the Act provides various provisions for individual data protection, it has some noticeable drawbacks:
  • The provision exempting government agencies may lead to data collection and retention beyond what is necessary, potentially violating the fundamental right to privacy under Article 21 of the Indian Constitution.
  • The short tenure of members of the Data Protection Board of India, along with questions regarding their reappointment, may undermine the independent functioning of the Board.

Case Law on Data Protection
In 2017, in the leading cases of K.S. Puttaswamy Vs. Union Of India, the supreme court has recognized right to privacy as fundamental right under article 21 of Indian Constitution which also include right to data privacy.

In Mrs. X Vs. Union Of India (2023), Delhi high court held that intermediaries like search engine and social media platforms must remove non consensual intimate images from their respective platforms as it severely harms the privacy of individual.

Government Initiatives On Protection of Data Privacy

From time to time government has taken various initiatives to curb cybercrime and to save it's citizen's crucial data from getting unlawfully used.

Some of them are discussed following:
Indian cyber crime coordination centre ;- It is a chief nodal agency created by Ministry of Home Affairs in 2020. It's main task include analyzing and preventing cybercrime through making coordination between various law enforcement agencies, suggesting parliament on laws related to cyber issues. It's function is so vast as it include everything which is necessary in preventing cybercrime in the interest of nation an it's citizen. In 2020it has recommended central government to ban 59 Chinese origin mobile app which were threat to data privacy. Subsequently government permanently put ban on those apps.

There are many such other initiatives like Joint cybercrime coordination team, National cyber forensic laboratory, Cybercrime reporting portal, Citizen financial cyber fraud reporting system etc.

At last I would like to conclude that although government and legislature have taken various steps and laws in protecting data privacy but still there's need many more amendments and reforms to cope up with dynamic cyber cases. Here it is the primary responsibility of person to keep themselves aware with cybercrimes and restrain themselves from sharing unnecessary personal information on social media.