[Opinion] Digital Personal Data Protection Act 2023 | A Panacea or Pandora’s Box

Yogesh Yadav – [2023] 153 taxmann.com 550 (Article)

Introduction

Data privacy is a critical topic in today’s digital age. As technology advances, the amount of personal data being collected, stored, and shared has grown exponentially. This has led to concerns about how this data is being used and who has access to it. From social media platforms to online shopping, our online activities leave a trail of data that can reveal intimate details about our lives.

2014 was a significant year for data breaches, with several high-profile incidents that underscored the vulnerabilities in digital security. One of the most notable breaches of that year was the cyberattack on Sony Pictures Entertainment & JPMorgan Chase.

These incidents prompted discussions about stronger regulations and safeguards to prevent future breaches.

The European Union’s General Data Protection Regulation (GDPR) is the predominant framework with exhaustive provisions to safeguard data privacy. The GDPR has influenced many countries in framing their respective data privacy legislations.

1. Overview of the notable milestones in data protection evolution in India

India’s journey in data protection has evolved significantly over the years, with key developments shaping its approach to safeguarding personal data. Here’s an overview of the notable milestones in data protection evolution in India:

(a) Information Technology Act, 2000: The initial framework for data protection in India was established through the Information Technology Act (IT Act) of 2000. While it addressed aspects of electronic transactions and digital signatures, it lacked comprehensive provisions for data privacy.

(b) The Parliament vide the Information Technology Act of 2000 including its amendments of 2008 (hereinafter referred to as the “IT Act”) attempted to formulate a statute for protection of data inter alia viz. providing legal recognition to e-transactions.

The IT Act through Section 43-A provides that a body corporate who is possessing, dealing or handling any sensitive personal data or information, and is negligent in implementing and maintaining “reasonable security practices” resulting in wrongful loss or wrongful gain to any person, then such body corporate may be held liable to pay damages to the person so affected.

Further, Section 72-A of the IT Act provides that disclosure of information, knowingly and intentionally, without the consent of the person concerned and in breach of the lawful contract has been also made punishable with imprisonment for a term extending to three years or a fine extending to Rs 5,00,000 or both.

Under the SDPI Rules, body corporates are mandated to publish a Privacy Policy (Rule 4), (detailing the type of information collected, purpose and usage of such information, etc.), Appoint a Grievance Officer (Rule 5(9)), Adopt Reasonable Security Practices and Procedures (Rule 8), etc.

(c) Aadhaar: The launch of the Aadhaar project, India’s biometric identification system, raised concerns about data security and privacy.

2. Important Supreme Court Judgements related “Right to Privacy”

(a) M.P. Sharma v. Satish Chandra, 1954, Hon’ble SC held that there is no explicit right to privacy under the Indian Constitution.

(b) Kharak Singh v. State of Uttar Pradesh, 1963 In this case also court did not explicitly recognize a separate and independent right to privacy, it did touch upon the concept. Justice K. Subba Rao, in his dissenting opinion, observed that the right to privacy was a fundamental right that could be implied from various provisions of the Constitution, including Article 21.

(c) The KS Puttaswamy (Retd.) v. Union of India 2017: In its unanimous judgement, the Supreme Court held that the right to privacy is indeed a fundamental right. The court’s ruling recognized that privacy is an integral aspect of personal liberty and dignity and is essential for the enjoyment of other rights. The judgment also clarified that the right to privacy is not an absolute right and can be subject to reasonable restrictions in the interest of national security, public order, and the protection of the rights of others. However, any such restrictions must be proportionate and meet the test of legality, necessity, and proportionality.

Click Here To Read The Full Article