Skip to main content

Note on data protection In India, with emphasis on privacy protection by corporates


Definitions[1]:


 Privacy[2]:
"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”

  Right of Privacy:
“the right of a person to go his own way and live his own life that is free from interferences and annoyances.”

 Violation of Privacy:
“the interference of a person's right to privacy by various means such as showing photos in public”

 Personal Information:
“Any part of information that is recorded about an individual person. Includes the name, email, address, ethnicity, race, identifying number, employment history, etc.”

 Data Protection:
“Techniques that keep data integrity. Examples of this are file locking, record locking, database shadowing, and disk mirroring.”

There is no exhaustive or all-encompassing definition of “Data Protection” in India. Thus from the above definitions the concept of data protection can be concluded as-
“the act of securing any and every piece of personal information relating to an individual, which if compromised results in the gross violation of his right to privacy.”

 In India there is no specific legislature regulating data protection and its management. However in recent years, due to the increasing data privacy violations taking place, the legislature has enacted various amendments in existing laws, to bring data protection as a concept within its jurisdiction to adjudicate upon.

Important Cases involving privacy violation:

Kharak Singh v State of UP[3]:
Petitioner appeared before the court under Article 32, pleading for a writ of Mandamus against the State, he contended that there was gross violation of his freedom of movement, privacy and liberty, guaranteed to him under Articles 19[4] and 21[5]. He was on one occasion detained by the policy in the case of dacoity, however due to lack of evidence against him, the case was never went to trial. Since then the policy routine harassed him, surveyed upon and called at odd hours to the police station.
The question before the court was of the scope of surveillance activities undertaken by the police and its adverse effect on the fundamental right of citizens. The court held, violation of Articles 19 and 21, and issued the writ of mandamus in favour of the petitioner. The court recognized the “Right to Privacy” as a part of Article 19.   

Maneka Gandhi v. Union of India[6]:
In this case the petitioner’s passport was impounded as per the provisions[7] of the Passport Act, 1967 by the Central Government. The question before the court was of the scope of “personal liberty”. Justice P. Bhagwati observed,
“The expression ‘personal liberty’ in Article 21 is of widest amplitude and it covers a variety of rights which go to constitute the personal liberty of man and some of them have raised to the status of distinct fundamental rights and given additional protection under Article 19.”
“The law must therefore now be settled that Article 21 does not exclude Article 19 and that even if there is a law prescribing a procedure for depriving a person of personal liberty, and there is consequently no infringement of the fundamental right conferred by Article 21 such a law in so far as it abridges or takes away any fundamental right under Article 19 would have to meet the challenges of that Article.”

The widest possible interpretation of Article 21 was derived in the case. “Personal Liberty” was construed to include and protect Article 14[8] and Article 19.

People’s Union of Civil Liberties v the Union of India[9]:
Also known as the “telephone tapping” case.  The question before the court was whether the wiretapping an infringement of the people’s right to privacy. The Court held, that the Right to Privacy was not identified by the constitution, however in the current case, the holding of a private and intimate conversation, via the telephone, in the comfort of one’s own home, will attract the Right to privacy.  As telephonic conversations have become the modern man’s way of life, it must be protected. Thus wiretapping is considered an invasion of the Right to privacy and violates the provisions of Article 21 of the Constitution.

Applicability of Data Protection laws to companies/employer:
A corporate entity has been imposed with the liability of Data Protection, as per The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011. The rules specifically lay down the procedure to be followed by a corporate entity for the protection of every personal information gathered from its employees as per the policy of the organization.

 The Rules are applicable to every corporate entity, collecting any personal information of a natural person. The personal information so collected must have been obtained through prior consent of employee.

Laws on Data Protection in India, wrt Corporate Bodies:
1.      The Constitution of India:
a.       Article 23: Protection of life and personal liberty.

2.      The Information Technology Act, 2000:
a.       Section 21: License to issue electronic signature certificates
b.      Section 40A: Duties of subscriber of Electronic Signature Certificate
c.       Section 42: Control of Private key
d.      Section 65: Tampering with Computer Source Documents
e.       Section 67C: Preservation and Retention of information by intermediaries

1.      The Information Technology (Amendment), Act, 2008
a.       Section 29:Access to computers and data
b.      Section 43: Penalty and Compensation for damage to computer, computer system, etc
c.       Section 66A: Punishment for sending offensive messages through communication service, etc.
d.      Section 66E: Punishment for violation of privacy

2.      The Information Technology (Reasonable security practices and procedures and
sensitive personal data or information) Rules, 2011
a.       Rule 4. Body corporate to provide policy for privacy and disclosure of information.
b.      Rule 5: Collection of information.
c.       Rule 6: Disclosure of information
d.      Rule 7: Transfer of information
e.       Rule 8: Reasonable Security Practices and Procedures




[2] Article 12 UDHR
[3] AIR 1963 SC 1295
[4] Protection of certain rights regarding freedom of speech, etc.
[5] “No person shall be deprived of his life or personal liberty except according to procedure established by law.”
[6] (1978) 2 S.C.R. 621
[7] 10(3)(c)
[8] Equality before law
[9] (1997) 1 SCC 318

Comments

Post a Comment

Popular posts from this blog

EXPULSION OF A MEMBER

The termination or cessation of a membership can be undertaken pursuant to section 41 of the Companies Act, 1956, whereby the member may be expelled from membership. 1.       Public Limited Company The concept of expulsion of a member of a company by the Board of Directors, pursuant to alteration of articles by special resolution [1] had been attended to by the erstwhile Department of Company Affairs (“ Department ”) vide Circular No. 32/75 [2] (“ Circular ”). The Department opined that [3] “ …….that amendment of articles of association of a company providing for expulsion of a member of the management is opposed to the fundamental principles of the company's jurisprudence and is ultra vires the company. The principles laid down by the Supreme Court in this case [4] , even though pertaining to the refusal of a company to the admission of a person as a member of the company, are applicable even with greater force to a case of expulsion of an existing member. …
4 comments
Read more

Express Industry Council of India Vs Jet Airways (India) Ltd. & Others.

Nature of Case: Inquiry under section 19(1)(a) Competition Act, 2002 Case No. 30 of 2013 Brief Summary: The Competition Commission of India (“ CCI ”) imposed penalties totalling Rs 258 crores (INR 2.58 billion) on Jet Airways, IndiGo and SpiceJet for cartelisation in fixing fuel surcharge (“ FSC ”) for transporting cargo. The inquiry was initiated against 5 airlines namely Jet Airways, IndiGo Airlines, Spice Jet, Air India, and Go Air based on a complaint filed by Express Industry Council of India under Section 19(1)(a) of the Competition Act, 2002 ( “Act” ) in May 2009 against the FSC for transporting cargo by Airline companies. The principal issue was whether the Airlines had operated in a “concerted action” by overcharging for cargo freight. Though the enquiry conducted by the Director General (“ DG ”) found that the Airlines were not resorting to any collusion, the CCI rejected the DG’s findings and penalised three carriers, namely Jet Airways, InterGlob
6 comments
Read more

Family Office- Indian Scenario

What is a ‘Family Office’? A Family Office or a Single Family Office (SFO) is a professional platform dedicated to investing financials of high and ultra high net worth individuals, with the objective to manage and protect the wealth of a family through private wealth management advisory outfits. A Family Office allows the family to pursue its own customized wealth management approach and guarantees the highest degree of confidentiality, thereby giving such individuals greater control over their finances. A Family Office provides solution for building, preserving and transferring family wealth and legacy. The concept of Family Office is limited to high and ultra high net worth individuals, as they have higher risk-taking capabilities. Another common concept is Multi-Family Offices (MFO) which provides a variety of financial and non financial services including tax and estate planning, risk management, objective financial counsel, trusteeship, lifestyle management. As
2 comments
Read more