This article is written by Anushka Sharma from Delhi Metropolitan Education, GGSIPU, and curated by Sahana Arya.
Data protection law are set of laws based on protecting consumers or users from usage of harmful data. Around the world, the cases of cybercrimes have touched skies and sometimes it is very difficult to find the culprit behind the crime.
These laws secure data from getting it accommodated by attackers from outside and the insiders which are malicious in nature.
In the 21st century, data is one of the most important commodities. Data are classified into two types: Public and Private- Public data are the ones which can be accessed by public at large, for example- court records, death record, birth record, basic details of the person, etc. whereas private details are the information which is very private to the person and cannot be accessed without prior permission, for example- financial details, family details, browsing details, etc.
Currently, India does not have a proper legislation based solely on data protection but there is a regulation mechanism for data protection and privacy which is the Information Technology Act,2001 (IT ACT) and its parallel Information Technology( Reasonable Security Practices and Procedure and Sensitive Personal Data or Information) Rules,2011(IT Rules). Additionally, personal data is also protected under Article 21 of the Constitution of India, it guaranties to every citizen a right to privacy as a fundamental right. The Apex Court of India in various cases held that information about a person and the right to access that information by that person is also covered within the ambit of right to privacy.
The data protection law in India is currently facing limitations due to lack of proper legislation. India lacks an express legislation dealing with data protection.
Data protection law is very necessary as the purpose of protecting personal data is not just to safeguard a person’s data but also to the fundamental right and freedom of that person to protect his privacy from any invasion.
Secondly, without a proper legislation on data protection, there can be rise in cyber crimes and other data/technology related crimes.
Thirdly, data is becoming a very valuable asset and the invasion of the same can lead to major loss for an individual, company and sometimes even a country.
Fourthly, these laws provide a framework for rules and guidance which can be followed by an organization and the government.
It has been argued that despite advances made recently in legislations and practices related to data privacy, there are consumers who reported invasion of their data regularly by external attackers who are breaching the right of privacy of the consumer.
There can be various ways through which consumer can protect their data-
- As a consumer, you need to make sure that your data is not getting stored by any company and try to avoid sharing it more than required.
- As a citizen, one should avoid into the practice of stealing of data.
In India, Draft Personal Data Protection Bill, 2018 controls the collection of personal data of any individual by any private entities or government organization.
The organizing is allowed only after receiving a consent from the consumer or in case of medical emergencies, the state can use it for providing benefits.
There are some exemptions where the government can be allowed to access to the data of the individual. For example- In cases of interests of natural securities, for media/ journalism purposes, and for legal proceedings.