THE LAW OFFICE Indian laws on privacy of digital information of users When we log on to internet Innovative technologies present the assurance of easier life and apprehension of abuse by criminal minds. The statement of United Nations High commissioner for Human Rights, Navi Pillay “Internet privacy as important as human rights” and further the resolution called on the 193 UN member states as "to review their procedures, practices and legislation regarding the surveillance of communications, their interception and collection of personal data, with a view to upholding the right to privacy of all their obligations under international human rights law", exhibits the importance of digital privacy and law. Internet is the social behavior of global society; India is not omission to it, data protection and privacy depend on The Information Technology Act 2000, this article cannot be completed without the reference of Art 21 and Art 19, though no express indication to a right to privacy, into The Constitution of India, while the interpretation of Supreme Court of India considered it under article 21, life with dignity, and freedom of expression under article 19.
The Information Technology Act, 2000 (IT Act, 2000) IT Act 2000 was the first constructive attempt on data protection legislation in India; it was the result of the United Nations General Assembly Resolution A/RES/51/162 on 30th January, 1997 regarding the Model Law on Electronic Commerce. The prime objective of IT Act 2000 is to provide legal frame work for electronic documents, digital signature, offence and legal remedy. It has two folds, it enunciated compensation (civil liability), and punishment (criminal procedure), both in public and private domain. The Information Technology Amendment Act 2008, initialize data protection regime in India. it was the off spring of data protection laws in European Union, which obligates it’s member States to prohibit to send personal data to third party unless same genesis of laws are in place.
OFFICE 4214 A, No.1, ANSARI ROAD DARYA GANJ, NEW DELHI -110002 WWW.THELAWOFFICE.CO.IN |REPLYSHELAR@YAHOO.COM | INFO@THELAWOFFICE.CO.IN | +91-8586972636 CSR | NAYAYA A VOICE FOR JUSTICE | WWW.NAYAYA.CO.IN | TRUST LAW CONNECT |WWW.TRUST.ORG
Page
Section 43A (Penalty and compensation, for damage to computer, computer system, etc) is an important provision in the act which based out on negligence, implementing reasonable security practices and procedures, wrongful loss and wrongful gain and compensation, This section envisage civil liability in terms of penalty and compensation If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,-
1
Data Protection and Privacy
Accesses, or secures , downloads, copies or extracts, introduced or causes to be introduced computer virus, damages or causes to be damaged, disrupts or causes disruption, destroys, deletes or alters any information or computer or computer systems. Sections 65 is the penal provision, as Tampering with computer source documents, which establish imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both, who knowingly or intentionally conceals, destroy, or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force. Section 66 is the hot cake in recent time, it deals with Computer related offences, Section 66 read with section 43 execute a criminal mandate as If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punished with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both. The word used in the section dishonestly or fraudulently in relation to section 43 for curtaining hacking to computer or unauthorized use of protected information. Section 72, Penalty for breach of confidentiality and privacy, - Directly demonstrate privacy protection with a penal provision. Section says “Save as otherwise provided in this Act or any other law for the time being in force, if any person who, in pursuance of any of the powers conferred under this Act, rules or regulations made thereunder, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.” Section 43A and Section 72A, protected the data even outside the India, but the expectation of corporate are too high, ‘The information technology amendment Act, 2008 was aimed to rectify such lacunas in our country, still much more is needed. The Information Technology (Reasonable security practices and procedures and sensitive personal information) Rules 2011 has been notified by Ministry of Information and Technology under Section 43A to define 'sensitive personal information' and to stipulate 'reasonable security practices’.
OFFICE 4214 A, No.1, ANSARI ROAD DARYA GANJ, NEW DELHI -110002 WWW.THELAWOFFICE.CO.IN |REPLYSHELAR@YAHOO.COM | INFO@THELAWOFFICE.CO.IN | +91-8586972636 CSR | NAYAYA A VOICE FOR JUSTICE | WWW.NAYAYA.CO.IN | TRUST LAW CONNECT |WWW.TRUST.ORG
Page
RTI Act is not the erosion to right to privacy. Indeed RTI Act established a safeguard against the violation of privacy under section 8(j), which exempt from disclosure of personal information,
2
Right to Information Act 2005 (RTI Act)
which is not serving any public purpose. further under section 11, establish a procedure where PIO intends to disclose any information on a request made under this act, which relates to or has been applied by a third party and has been treated as confidential by that third party, and such objections in writing or oral by third party shall be kept in view while taking a decision about disclosure of information. Does it mean the present laws related to data protection and privacy is sufficient? The answer is not affirmative, in the light of public policy, and transparency. Although there are various amendments and judicial pronouncements to strengthen data protection, but still the existing law not competent to cope with emerging technologies. Issues like conflict of jurisdiction, IPR protections, domain names, still need to be addressed and of course the training to investigations agencies is also an important part. I can remember an interesting case where in CD is being seized by police personal for evidence, and to preserve the CD the Investigation Officer made a hole in it and then tag it into the file, before producing in the court of law. WARNING a) NOT TO BE Use and Dissemination (in any form, print, verbal, action or otherwise); the present draft article by the iamwire.com or their respective including but not limited to heirs, successors, legal representatives, administrators, executors and assignees or claimed to be associated with them, FOR COMMERCIAL USE OR ANY PROFIT, OR DEISRED TO BE EXPECTED PROFIT OR COMMERCIAL UTILIZATION, WITHOUT THE PRIOR WRITTEN APPROVAL from the author (Mr. Naveen Kumar). b) The exclusive rights of publishing the present article is with iamwire.com website are given by the author of this article only for non commercial basis. c) The exclusive and original rights of use in any manner whatsoever are subsisting with “The Law Office� more specifically the author Mr. Naveen Kumar, only.
Sd/Naveen Kumar Shelar Date: Monday, August 18, 2014
Page
3
Place: new Delhi
OFFICE 4214 A, No.1, ANSARI ROAD DARYA GANJ, NEW DELHI -110002 WWW.THELAWOFFICE.CO.IN |REPLYSHELAR@YAHOO.COM | INFO@THELAWOFFICE.CO.IN | +91-8586972636 CSR | NAYAYA A VOICE FOR JUSTICE | WWW.NAYAYA.CO.IN | TRUST LAW CONNECT |WWW.TRUST.ORG