We are living in the age where we don't have to put more effort for money transfer from banks or we don't have to stand in line for long hours for bank works and even these days we can get any things at out doorsteps without going outside of our homes it's all because of technology's boon.

After the technology and internet advancement we are in a new world where everything including communication, information sharing, things accessibility, information gathering, transparency is easy and far better then earlier and advanced. But as it has been said that ' Negativity follows positivity'. So, this is also with technology, as technology and internet are getting higher day by day with this its misuse is also following it, which is highly problematic and inevitable as our private data is being misused.[1]

Privacy is one of the most important elements of human life, everyone has right to live as per convenience in comfortable situation but with this digitalization more data is getting communicated to other companies which results in severe privacy infringement that is a serious threat to Article 21 of our Constitution.

What is Data Privacy

Privacy of data over internet is like an oxymoron, because data surrounds us and whatever we do over internet the website or portal collects our data be it any social media or any other websites, whenever we will get things at ease over internet then we have to automatically compromise with our data, whether it's ordering food, booking ticket, sharing views, using any other services over internet out data gets collected with the websites.

It is obvious that data or information is immense important and many companies or websites are ready to pay huge amount for the exchange of Data, with the advancement of technology value of data and information is getting enhanced tremendously, as data is considered as fresh currency in this present age.[2]

There is no any legal definition of Data Privacy basically Data privacy is the notion that means that no person's personal information has to be given or shared with other person or company as to let that individual led free life without any intervention, interruption or without any unwarranted public interference, from last few years as the information that is generated form the various applications has been rapidly increased so by this large information companies target the particular user to show their products advertisement and to make money.

There is no particular special provision to put bar over misuse of data but as common law trend the Invision of privacy provides the right to person to claim damages that is based on torts.

Data Privacy vis a vis Indian Constitution

“No person shall be deprived of his life or personal liberty except according to procedure established by law”. [3]Says article 21 of Constitution of India, right to privacy including data privacy also covered in Article 21 of Indian Constitution,

With this 'Informational Privacy' is also considered as one of the facets of Right to privacy which means information about a person and the right to access that information also needs to be given the protection of privacy[4]. and every person should have the right to control commercial use of his or her identity and that the "right of individuals to exclusively commercially exploit their identity and personal information,

Concept of Personal liberty in Indian Constitution relates to independence or freedom of person to do whatever he or she wants to do legally or in a reasonable manner, so here one person has right to enjoy his/her privacy at the fullest and no person has right to invade in his/her privacy.

At present Right to privacy is available against state, journalist, as well as Neighbours, but earliest there were no any concept of Right to Privacy and it is also said in very famous judgement of MP Sharma vs Satish Chandra (1954) [5]and later in Kharak Singh Vs State of Up case Justice Subba rao given a minority opinion and said Anybody Can Enjoy Freedom Of Movement Anywhere For Personal Purposes as per article 19 of Indian Constitution. If The Movement Is Been Tracked Then How Free Is It? So, for this privacy right is very important and it should be guaranteed to the citizens. [6]

Later on, 24 August 2017 Supreme Court of India ruled that that the right to privacy is a fundamental right guaranteed by Part III of the Indian Constitution. [7]so as with Data privacy as it is also a part of Privacy.

It was said in the Judgement of K. S. Puttaswamy (Retd.) v Union of India that that the right to privacy is inherent to the human element and the core of human dignity and is inseparable from it. Accordingly, privacy was kept to have both beneficial and negative content. The adverse content functions as an embargo on the State by intruding into a citizen’s life and private freedom, and its beneficial content imposes a duty on the State to take all needed steps to safeguard the individual’s privacy. [8]

Therefore, the constitutional protection of privacy may give rise to two inter-related protection:

1. Against the world at large, to be respected by all including the State:
   The right to choose what personal information is to be released into the public space.
2. Against the State: as necessary concomitant of democratic values, limited government and limitation on power of State.

As a consequence of this judgement, the right to privacy has become more than just common law and more solid and sacrosanct than any statutory right. Thus, an invasion of privacy must now be justified in the context of Article 21 of the Constitution on the grounds of a law stipulating a fair, just and sensible procedure.[9]

Current laws prevalent in India for Data Protection

India does not have a particular full-fledged law for data protection or for personal information shared, though protections are available part wise in different statutes and law, they are contained in a mix form.

The most pre-eminent for protection of information is mentioned in the Information Technology Act, 2000 (as amended by the Information Technology Amendment Act, 2008) read with the Information Technology [Reasonable Security Practices and Procedures and Sensitive Personal Data or Information] Rules, 2011 (SPDI Rules).

This is primary law dealing with cybercrime and e-commerce. SPDI rules, as the name implies, apply only to data and information exchanged in electronic form, not to those received via non-electronic form of communication.

When this 2000 IT Act came into force on October 17, 2000, all laws and procedures related to the law in question have the necessary protection to protect sensitive personal information provided electronically. There was no provision. As a result, the 2006 Information Technology Bill was finally introduced by the Indian Parliament, and the 2008 Information Technology (Amendment) Act came into effect, which came into effect on October 27, 2009.

Added Section 43A to the Information Technology Act, which stipulates that a corporate body possesses or deals with any sensitive personal data or information, and is negligent in maintaining reasonable security to protect such data or information, which thereby causes wrongful loss or wrongful gain to any person, then such body corporate shall be liable to pay damages to the person(s) so affected.

With this Section 72 of IT Act 2000 also says the punishment for disclosure of information in breach of lawful contract and any person may be punished with imprisonment for a term not exceeding three years, or with a fine not exceeding up to five lakh rupees, or with both, in case disclosure of the information is made in breach of lawful contract.

Penalty for the same is mentioned in Section 72 of the IT Act. The Section provides that: any person who, in pursuance of any of the powers conferred under the IT Act Rules or Regulations made thereunder, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned, discloses such electronic record, book, register, correspondence, information, document or other material to any other person, shall be punishable with imprisonment for a term which may extend to two years, or with fine which may extend to Rs 1,00,000 or with both.

With this Section 75 of the same act also stipulates that the provision of the same act will also apply to an offense or any infringement that have happened or committed outside India if an offence involves a computer or network located in India.[10]

Personal Data Protection Bill, 2019

After the very landmark judgement Justice KS Puttaswamy case which clearly given the consideration to right to privacy as fundamental right, the Ministry of Electronics and Information Technology has formed a 10 members committee headed by former Supreme Court Judge Justice B.N. Srikrishna for giving recommendation and to draft bill on protection of personal data,

After 1 year of research the committee presented its report titled as "A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians" along with a draft bill on data protection and the same bill is still pending in the parliament.

This proposed bill will identify the personal data and will protect it from sharing over the other plate form or with company and will also provide the proper safeguard to the citizen so that their personal data can be protected and privacy shall be maintained & this bill also has provision for punishment for whom who will be indulged in data theft.

Now India's data protection legislation requires businesses and websites to perform due diligence in the collection and processing of sensitive personal data or information.

In addition, personal information is also protected by Article 21 of the Constitution of India, which guarantees all citizens the right to privacy as a fundamental right. The Supreme Court has ruled that information about an individual and the individual's right to access that information are also within the scope of their right to privacy.[11]

How one should protect our data at individual level:

• If the person sharing information with mail the he/she should use locking mail so that it cannot be breached.
• One should discard bank information, or paper having personal information at proper and safe place.
• One should make sure to secure the home Wi-Fi network and other devices so that invaders can’t eavesdrop your online activities.
• Try not to provide social security numbers to any person until and unless they really needed it.
• One should use strong and unique password over all accounts.
• One should enable privacy setting over social media accounts.

Conclusion
It has been said that "Data is the new oil" if we go deep in this statement then we will find that earlier when mineral oil was most important and lucrative commodity almost every country was running after it, so it can be clearly seen that these days data has replaced Oil and grabbed the position of most valuable commodity in 21st Century. Top 5 or most valuable company of the World belongs to Data Sector i.e., Amazon, Facebook, Google, Microsoft, Apple etc.

With the advancement of in the social media field, data protection legislation is urgently needed in India, as in a recent case Puttaswamy's Supreme Court ruling considers the right to Privacy to be a fundamental right. This voice for privacy rights has been increased since the internet sector flourished in India, these days everything is connected to the internet. As all are connected to the internet and many sites, especially Facebook, Twitter, Instagram,

LinkedIn, Google+, etc., Has all the personal information of their users and also, they can share all personal information with other sites. Sites such as Paytm, PayPal, Mobi wick, has stored all information related to credit card or debit card or online banking.

This can be a threat as anything on such a site can be hacked. All of this shows that in this digital era it is a desperate and urgent need of proper legislation for data privacy. It is need of an hour in the Indian legislative scenario to enact proper legislation for right to privacy and also to properly enforce this right, as current regime considered privacy as fundamental right so legislators must adopt such precedent in their legislative acts. Data Privacy in this digital era is a boon for citizens and it is the citizens who will convert this boon into bane if authorities do not properly put check into it.

References:

• blog.ipleaders.in/data-privacy-in-digital-age-indian-perspective
•  https://www.legal500.com/developments/thought-leadership/personal-data-protection-law-in-india/
• www.thehansindia.com/amp/hans/young-hans/data-protection-bill-boon-or-bane-for-digital-economy--545166
•  Justice K.S.Puttaswamy(Retd) vs Union Of India on 2september, 2018
• M. P. Sharma And Others vs Satish Chandra, District ... on 15 March, 1954
• Kharak Singh vs The State Of U. P. & Others on 18 December, 1962
• M.P JAIN, Constitution of India
• The Information Technology Act, 2000

End-Notes:

1. https://www./blog.ipleaders.in/data-privacy-in-digital-age-indian-perspective/
2. https://blog.ipleaders.in/data-privacy-in-digital-age-indian-perspective/
3. Article 21 Constitution of India
4. Justice K.S.Puttaswamy(Retd) vs Union Of India on 26 September, 2018
5. M. P. Sharma and Others vs Satish Chandra, District ... on 15 March, 1954
6. Kharak Singh vs The State of U. P. & Others on 18 December, 1962
7. Justice K.S.Puttaswamy(Retd) vs Union Of India on 26 September, 2018
8. Justice K.S.Puttaswamy(Retd) vs Union Of India on 26 September, 2018
9. https://www.blog.ipleaders.in/data-privacy-in-digital-age-indian-perspective/%3famp=1
10. https://www.legal500.com/developments/thought-leadership/personal-data-protection-law-in-india/
11. https://www.legal500.com/developments/thought-leadership/personal-data-protection-law-in-india/

Written By:

• Ankita Yadav
• Utsav Mishra