The Internet has become the lifeline of today’s world. It has now become a common place for everything including work, entertainment, education, business, monetary transactions, and connecting to people. We spend most of our time on the internet than in the real world so it is only fair we are all known as ‘netizens’ (citizens of the internet) and with more than 56% of the entire world population using the internet, there has even been growth in online crimes such as cyberbullying, data harvesting, cyber fraud. Etc. The most important issue while accessing the internet is threat to privacy. Therefore, it is very essential to have proper legislation to govern the activities on the internet and make it a secure place for netizens. These legislations governing the activities over the internet are collectively known as cyber laws. There are many types of cyber law, such as laws regarding online content streaming, net banking norms, crypto currency norms, but this article shall mainly focus on the Privacy and rights over our personal data.
When a user goes into a website, or runs an application, the amount of personal information the companies behind them can gather is shocking. From mere accessing a website, they can learn about your browser history, location, and various other details. These details after being harvested over the years become very accurate and have huge potential to be used against you. So, in order to protect us from such misuses of our data, Cyber Laws have been implemented.
The biggest concern to an average user is the corporates behind any website or applications harvesting their “sensitive personal data”. In the Information Technology Act, 200 the phrase sensitive personal data has been defined as:
“such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit”
The definition in the act is vague and ambiguous, and gives the Central Government the power to determine which data falls within the category. However, the General Data Protection Rules has defined sensitive personal data as data relating to:
Apart from this information, companies can also gather your Aadhar number, bank account information and many more. This article shall try to shed some light on legislations formulated protect our data and our rights over our data, and talk about remedies in case of data law violation.
The European Union (EU) was the first in the world to formulate a proper comprehensive rule to regulate companies on how our data is to be used and for what purposes our data can be collected, while providing netizens with absolute control over their data. The General Data Protection Rules (GDPR) was brought into force in 2018 and subsequently laid down some key principles regarding collection and processing of user data, which are as follows:
GDPR being the pioneer in data protection laws has created a great example of netizens’ data security and soon other countries followed suit. India came up with its own data protection rules viz.(PDPB) which was introduced in 2019, but has not become a law yet. PDPB has been formulated on the similar lines of GDPR to make Indian netizens more secure while accessing the internet.
Some key features of PDPB are as follows:
Since PDPB has still not been made a law, Indian netizens are dependent on Information Technology Act, 2000 (ITA) for the protection of our rights and multiple amendments have been made in it for protection of our rights.
The IT Act mandates the corporations to protect the data of netizens and imposes strict penalties in failure to do so.
Section 43A of the IT Act reads imposes compensation on failure to protect data, and the Section reads as follows:
“43A. Compensation for failure to protect data: Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.
Explanation. –For the purposes of this section:
The IT Act through this section mandates corporations collecting our data to keep them safe and out any third party’s hand. Companies must be careful while storing our data and any breach due whether intentional or due to negligence shall be penalised, making our data safer, similar to the GDPR in some ways.
Further, in Section 72 the act imposes strict penalties for breach of confidentiality and privacy. The section reads as follows:
“72. Penalty for Breach of confidentiality and privacy.– Save as otherwise provided in this Act or any other law for the time being in force, if any person who, in pursuance of any of the powers conferred under this Act, rules or regulations made thereunder, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.”
Therefore, as per the statute, any person or corporation collecting our data has strict liability to maintain confidentiality and should not share our data to anyone else without our express consent. Severe penalties can be imposed on failure to do so.
Other than companies, people close to us can also gain access to our personal information and data, and the same can be accessed by hackers. Therefore, it is pertinent to protect netizens from violation of privacy by persons as well. This has been taken care by the IT Act in Section 66E. The section reads as follows:
“66E. Punishment for violation of privacy – Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both.
Explanation – For the purposes of this section
It is very common for people to share personal pictures and information about other people for various reasons such as revenge, access to private bank accounts, and even at times just for fun. These bizarre acts have been criminalised and strict penalties have been imposed under this section.
The Adjudicating Authority in cases of Cyber Law has been prescribed in Section 46 of the ITA. Any aggrieved party who becomes a victim of cybercrimes shall approach the Adjudicating Authority for speedy redressal. It lays down how an adjudicating officer shall be appointed and who can be an adjudicating officer, it reads as follows:
“46. Power to adjudicate-
A victim of any crime of Cyber Law under the purview of the IT Act, 200 must first approach the Adjudicating Officer for dispute redressal, and if not satisfied with the relief granted by such officer, can prefer appeal before the Cyber Appellate Tribunal as per Section 57 of the act.
The Jurisdiction of Civil Courts have been barred in cases arising under the purview of IT Act under Section 61, and the Cyber Appellate Tribunals have been vested with similar powers to that of a Civil Court, and is deemed to be a civil court as per Section 46(2)(b) of the act.
If the aggrieved persons are further not satisfied with the relief granted by the Tribunal, they must approach the High Court having competent territorial jurisdiction to scrutinize the order of the Tribunal.
As apparent from this section, Cyber Appellate Tribunal has bee
The statute states that an adjudicating officer shall be appointed for proper remedy in Cyber Law cases and shall be a person who is not below the rank of a Director to the Government of India or an officer of a State Government.
Indian netizens have been made safer by various amendments in existing legislations, rights over our data have been more comprehensively defined and more and more control has been given to the users. However, when looking at the global scenario, Indian statutes are lagging far behind.
PDPB if implemented might give us similar rights and control over our data as that of European Union citizens. But even with lack of proper legislation we have enough rights to feel safe over regarding our data and have proper adjudicating authorities for speedy remedy.
The legislations are changing fast with time and PDPB is to be implemented in a phased manner and substitute provisions of the IT Act with regard to data protection. If implemented properly, the Cyber Laws in India can be at par with the GDPR and Indian netizens can be as secure as the citizens of developed countries.
As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking the “Agree” button and accessing this website (www.daslegal.co.in) the user fully accepts that you are seeking information of your own accord and volition and that no form of solicitation has taken place by the Firm or its members.
The information provided under this website is solely available at your request for information purposes only. It should not be interpreted as soliciting or advertisement. The firm is not liable for any consequence of any action taken by the user relying on material / information provided under this website. In cases where the user has any legal issues, he/she in all cases must seek independent legal advice.