Abstract
Now is the time of the digital developments which are taking place on a large scale in India and data has become a valuable asset. In India, a rapidly growing digital landscape is met with the critical challenge of data protection. This essay helps to understand the complex and ever-evolving sphere of data protection in India. This essay also addresses the importance of data privacy, especially in the wake of the Aadhaar Controversy, which understood the need for privacy measures. Despite a couple of challenges, India is making progress through awareness campaigns, international cooperation, and other enhancement measures. As and when the nation is moving towards a more comprehensive framework for data protection, this essay delves and evolves around the critical role that data protection plays in preserving and protecting the rights of the individuals in the country and also securing a digital future for India.
INTRODUCTION
India is taking the steps of digitalization as days pass by, everything is going on the internet and so is our privacy. The various developments happening throughout the country with data being transferred even through our territorial boundaries. Personal information of individuals can easily be transferred and also can end up falling into the wrong hands where all the important data of an individual can easily be misused to protect us from all of the inconvenience and harm, there is a Right to Privacy which protects the privacy of the individuals and has been recognized by law. Article 21 states on protecting the private rights and liberty of individuals of the country. The right to privacy is generally accepted as a fundamental right worldwide.
A 9-bench judge of the Indian Supreme Court in Justice K.S. Puttaswamy v Union of India observed and held how the Right to privacy is one of the fundamental rights, although the Constitution has never really mentioned the right to privacy the Supreme Court has privacy enshrined in article 21 which talks about Right to life and personal liberty[1]. There has been growing fear about all the data which is very personal to us being stored online which makes all of us skeptical about the safety of our private information which can get disclosed at any time and even misused. Even with the extensive technology now, it becomes very easy to access data by anyone at any time anywhere Personal information is an invaluable asset of ours and because of all the important and delicate information being stored there are all the chances of it being used in not the way we want it to be used hence it becomes very important to protect it from any unauthorized access and even from the flaws of unrestrained use[2].
INFORMATION TECHNOLOGY ACT 2000
This act provides a legal recognition to the transactions done in daily life by people, as we all are well aware of the dealings done of goods and services every day with the medium of technology or electronic data, this act which was regulated provides a legal recognition and gives validity to these transactions. There was a time when signatures that were e-signed did not hold any recognition but after this act was regulated the digital signatures were given legal recognition for any authentication purpose.
The act also enumerates certain cyber offenses and provides forums for adjudication permitting the filing of documents of government interactions through electronic media its main help here is saving time, money, and any sort of trouble to businessmen who exchange data or documents through loads of contracts and physical means[3].
INFORMATION TECHNOLOGY RULES, 2011
This act provides for the processing of the digital personal information of individuals in a manner that recognizes both the rights of individuals as well as the need to process such personal data for lawful purposes. The body that collects the information must have a privacy policy to ensure there is protection of the data that has been collected for any purpose, these privacy policy measures must be published in easy and accessible statements for it to be read by the individuals whose data is being collected. Consent is anyhow taken before the collection of the information and no sensitive data must be collected until and unless it is for a lawful purpose, the individuals at the same time must be completely aware of why the data is being processed. The corporate body however must use the data only when it is required and shall permit information to any other body upon their request without prior permission of the individual whose data it is, along with this the data could be shared without consent to any other body[4].
Justice K.S Puttaswamy (Retd.) v. UOI, 2017
This case laid the foundation for the ‘Right to Privacy’[5] the Court here held that the right to privacy was integral to freedom which is guaranteed across fundamental rights. This case began with Justice K.S. Puttaswamy challenging the constitutional validity of the Aadhar Scheme, how after 2011 the citizens of India were introduced to the Aadhar card which established an agency, Unique Identification Authority of India to issue the card. The issue arose when the government of India had not put in adequate measures to safeguard the privacy of individuals, where any private entity was able to request authentication by using Aadhar, moreover, there were no checks on the power the government had regarding the use of all the data which was collected. Furthermore, certain entitlements were given only to Individuals who produced their Aadhar card which violated the rights of individuals failing to produce the same. The Apex Court realized the dangers that would come due to the Aadhaar scheme’s collecting and storing the private information of individuals and declared that the right to privacy is a basic freedom that is supposed to be protected by the Indian Constitution. The court recognized the importance of strict data protection and restricted the use of Aadhaar for certain purposes while at the same time also regulating it. The majority opinion established rules to safeguard people’s privacy and struck down Section 57 of the Aadhaar Act which essentially allowed private entities to collect citizens’ Aadhaar details
THE DIGITAL PERSONAL DATA PROTECTION BILL, 2023
Protection of personal data is important in the country and certain restrictions on the flow of data of individuals are essential, there was the Information Technology Act 2000 was introduced along with the Information Technology Rules 2011 and the much-awaited data protection bill was passed in August 2023 known as Digital Personal Data Protection Bill. In this Bill passed consent is considered to be important while accessing data, where it is required to access data of individuals and only for legitimate use, at the same time consent must be voluntarily given and the request must be in simple and plain language without any ambiguity. Consent which is provided to data fiduciaries can be withdrawn at any time of the transaction and a certain reasonable time will be given to the data fiduciaries to cease the use of data. There is also a restriction by the Central Government on the data which will be transferred beyond the territorial boundaries.
Data must be protected by the data fiduciaries irrespective of the failure of the data principles they must comply with the duties and carry them out as laid down under the DPDP Act. In case of any breach of the information, it must be intimated. Moreover, the data which is collected must be wiped out if it is not in use and any data which is of minors or those having no sound mind to make decisions must be collected from the guardians and consent must be taken from them, where any data which is processed should not cause any detrimental effect on the well being of the child. The Central Government must notify the Data Fiduciaries to undertake only relevant factors in accessing the data related to individuals like risks, impact, security, and public order. The Data Protection Officer must be appointed to regulate the same and ensure that in case of any violations or breaches, there should be grievances offered accordingly.
There are certain rights of the data principal who in short is the individual whose data is being accessed, where they have the right to access their data which is being used by the data fiduciaries and even make any changes, along with this they can also request for the erasure of the data to the consent manager or the data fiduciary and their request must be taken into consideration, at the same time even the grievances can be claimed for anything suffered. They also have the right to nominate other individuals to take care of their personal information in case of death of incapacity of the data principal. The individuals along with their rights also have certain duties where they have to ensure that they are complying with all the rules laid down in the act, they should also not be impersonating another person, at the time of filing complaints they should ensure that authentic information is being provided and false and frivolous grievance is not filed in the redressal agencies, at the same time the data principal should not hold back anything and must be completely honest while providing any of their information[6].
CONCLUSION
In conclusion, data protection in India is a vital and evolving aspect of the nation’s digital landscape. It is increasingly gaining significance in today’s digital world. The introduction of a much-awaited data protection bill was introduced to strengthen data protection regulations and mark significant steps in safeguarding the privacy and security of personal information. As India is rapidly seeing the growth and transformation in technology with effective implementation and enforcement of data protection laws. It is essential for all corporate bodies, private entities, government institutions, and other organizations to actively take part in shaping the framework for data protection and also respect the privacy rights and rules laid down.
[1] Lothar Determann & Chetan Gupta, India’s Personal Data Protection Act, 2018: Comparison with the General Data Protection Regulation and the California Consumer Privacy Act of 2018, 37 BERKELEY J. INT’l L. 481, 485 (2019).
[2] Atul Singh, “DATA PROTECTION: INDIA IN THE INFORMATION AGE.” Journal of the Indian Law Institute, vol. 59, no. 1, 78 (2017)
[3] Devashish Bharuka, “INDIAN INFORMATION TECHNOLOGY ACT, CRIMINAL PROSECUTION MADE EASY FOR CYBER PSYCHOS.” Journal of the Indian Law Institute, vol. 44, no. 3, 2002, pp. 354, 355 (2002)
[4] Ministry of Communications and Information Technology, 2011
[5] K.S. Puttaswamy v. Union of India, (2017)10 SCC 1
[6] The Digital Personal Data Protection Act, 2023.