Author: Jatin Rana, III year of B.A.,LL.B.(Hons.) from Law College Dehradun
Recently there is a rapid growth in the number ofcybercrimes cases in India and violation of Data Privacy is one of the reasons of it. In this article, author has described the veracity behind data privacy and the fact of its inadequacy in the society. The continuous growth in digitalization is not matching the ambit of data privacy and is compromising privacy of people. This article covers Indian laws covering data privacy, its hidden loopholesand the way to fill these loopholes. Also, the KS Puttaswamy judgement has we contributed in empowering people’s right to privacy. Since the data privacy is not matching the digitalization, so the decision of Central government to remodel Information Technology Act, 2000 would be correct and will make data privacy and digitalization to move equally and parallelly. It will also make companies liable for protecting data of the people from any mismanagement and corruption.
Violation of data privacy is one of the reason of cybercrimes. Data privacy deals with securing and protecting any personal data of an individual. Data privacy shadows over corruption of data of an individual which is either kept by the owner or is already delivered or shared with the second party. It imposes duty over the second party to use the data of the person in such a way that no third person can corrupt or use the data for its own benefit.Second party can only deliver the personal data to the third party with the prior consent of the person of whom the data is to be shared.
Here, data includes any personal details or documents like photos, videos, pecuniary status, health status, biometric details, etc. The ambit of data is not limited. It keeps on mounting parallelly with digitalization across the globe.
With the continuous forward stepping of digitalization across, it can be stated that the presence of any person is determined by his personal data which is already shared by him on any internet platform.His activity on internet shows his presence but this presence can sometime create problems for the person due to inadequacy of data privacy.
Relation between digitalization, data and data privacy
Digitalization, data and data privacy are interlinked with each other. With the increasing digitalization, the area dealing with types of data and data privacy also increases. But data privacy is not always increasing equally with digitalization, while types of data always increases equally and parallelly with digitalization.
With the increasing digitalization and types of data across the globe, people are facing new challenges and discovering solutions of it. If we consider cybercrimes, no one thought earlier that one day any random person sitting at any unknown pointof the globe could rob money out of the bank accounts of numerous people from different countries.So, these all are the problems rising with the advancement of technology without examining the cons of it over the society.
The main reason of inadequacy of data privacy are the loopholes in the privacy policies of the companies. They are not having proper management of data of their clients and users. This turns beneficial the third identity to make profit out of the mismanaged data of the people.
Companies also sell data of people in exchange of something of their interest and the third-party buying data uses it in their business tragedies.
Daily observations of violation of Data Privacy
Instagram and Facebook users may have observed that they usually come through the advertisement of the products which they searched on google. This the best example of sharing data between different internet platforms and here, google is selling data to social media platforms and it turns beneficiary to e-commerce platforms in their marketing tragedy. We may have also observed that different platforms like telegram, truecaller, etc send notifications to the people when any known lands on any of the platform.
Indian Laws regarding Data Privacy
In India, there is only ‘Information Technology Act, 2000’ (hereinafter known as IT act) which deals with legal ambit of mounting digitalization. On 17th October 2000, this act was enforced by the central government of India.
This act deals with the various types of cybercrimes like defamation, stalking, failure to protect data, promoting obscenity, etc. Here, we will only consider protection of data which is one of the parts of the cybercrimes.
Section 43 of the IT act deals with the offence of getting access to the data by the way of downloading, extracting, or copying it to any other device without the permission of the person of whom the data is copied. The offender is liable to pay compensation to the person for affecting his privacy.
Section 43A of the IT act deals with the data of an individual which is already shared or delivered by him to any second identity which can be any person, company, or any internet platform. It is duty of the second identity to protect data of the individual from any corruption or mismanagement.
This section directs second party to pay compensation to person of whom the ‘personal sensitive data’ is mismanaged or corrupted due to any negligence on the part of the second party.
Loopholes in the above-mentioned provisions
Under section 43A, it is mentioned that the second party will be liable if due to his negligence any personal sensitive data of the first party is mismanaged. In the explanation of the section, the sensitive personal data is described as any personal data which the central government and other professional bodies may think fit to put it in the category of sensitive personal data.
As discussed earlier, the ambit of data is not fixed. It keeps on increasing parallelly with digitalization and it is hard to examine the data which the offenders may use for committing cybercrimes. Central government may categorise any personal data as a sensitive personal data only when any person has already corrupted it. Also,the second party may show negligence towards any data only because it doesn’t lie under the scope of sensitive personal data and any cybercriminals may easily use or corrupt data for their own benefit.
In order to fill these above-mentioned loopholes, central government may impose duty over all second parties (i.e., companies or any internet platforms) to protect all electronic data of an individual from its corruption and mismanagement. Central government may alsoadd‘personal data’ with ‘sensitive personal data’ which will bound second parties to protect each data which they may receive from every individual.
Whenever any issue has evolved in the society, judiciary has well settled it in the possible way. Similarly, the issue of data privacy evolved in the society and judiciary has peacefully settled it in the below mentioned judgement.
K.S Puttaswamy v. Union on India[i]
On August 2019, the Hon’ble Supreme Court of India pronounced a remarkable historic judgement enlarged the scope of Article 21 of ‘Constitution of India, 1949’ (hereinafter known as COI). In this judgement, the Hon’ble court marked ‘right to privacy’ as a fundamental right within the meaning Article 21 of part III of COI.
This judgement overruled judgment of MP Sharma v. Satish Chandra[ii] and Kharak Singh v. State of Uttar Pradesh.[iii]In these both judgements, the Hon’ble court excluded right to privacy from the meaning of Article 21 of part III of COI. This judgement of Hon’ble Supreme Court has well contributed in empowering the concept of data privacy and made right to privacy to be recognized as fundamental right under COI.
Cybercrimes have become a serious problem in India, and it is a consequence of neglecting proper pre-planning of digitalization. Here, proper pre-planning deals with examining the past problems, dealing with present problems and assuming the possible future problems which may arise in future due to mounting digitalization. It is important to examine both pros and cons of any issue before launching it in the society. In India, any point is only discussed when it becomes an issue in the society. Presently people are ignoring the sharing of data by google with different social media platforms, but it will surely be discussed one day when it will become an issue in the society. While remodelling the IT Act, Central government may make laws which will fill the make digitalization and data privacy equal in scope and data privacy will overlap every aspect of digitalization.