Published On: 5 Sep, 2024
Authored By: Vidhi Thadeshwar
Mumbai University
Abstract
Since the beginning of the 21st century, there has been a sharp increase in the development of technology, which has subsequently become an integral part of human life. These days the term data protection has become synonymous with other rights of the citizens that are guaranteed by the state. These days, technology is integrated into human daily life to such an extent that it contains personal information about its users. That’s why data privacy and cyber security have become so relevant in safeguarding the interest of an individual.
Introduction of data protection in cyber law
With the development of Artificial Intelligence (AI), many software applications like Google, Facebook, Instagram, etc. not only store the personal data of the users but can also use their data for any other purpose. There are about 80countries in the world who had implemented various privacy policies like GDPR (General Data Protection Regulation) on the European Council, Brazil Internet Act, 2014 in Brazil, Personal Information Protection and Documents Act (PIPEDA) in Canada, etc. to Protect their citizen’s personal data.
Data protection is an essential aspect of the digital age, and it’s crucial to protect sensitive and confidential information from unauthorized access, use, or disclosure. In India, a number of laws and regulations safeguard data privacy. The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 offer standards for the collection, use, and disclosure of personal information. The IT Act, 2000, contains provisions for the protection of personal information.
Articles 19 and 20 of the Indian Constitution guarantee the right to privacy as a component of the fundamental right to life, which is where the cyber security legislation in India gets its relevance and reference. However, reasonable limitations apply to Cyber Security and Data Protection Laws in India, just like they do to other fundamental rights.
Although there is no specific legislative support for India’s cyber security or data protection legislation, the country’s data privacy regulations are covered under the Indian Contract Act of 1872 and the Information Technology Act of 2000.
Moreover, the Personal Data Protection rules are also part of the cyber security and data protection laws in India which govern corporate entities for privacy concerns.
The huge number of countries reflects the concerns of many states over the security of their citizen’s personal data. The implementation of various legislations around the world, therefore, includes data protection as one of the branches of cyber law.
Data Protection under Indian Law
There isn’t yet a specific law protecting individual right to privacy in India. Only there is Information Technology Act, 2000 which deals with cyber crimes and provides remedies against the violation of the act. The act contains a few provisions related to the individual’s privacy but they are not exhaustive in nature.
A body corporate that possesses, deals with, or handles any sensitive personal data or information belonging to an individual and fails to implement and maintain reasonable security practices to protect the data and causes any person to suffer wrongful loss or gain may be held liable under section 43A of the Information Technology Act, 2000, and may be required to compensate the affected party for damages. It is significant to note that the legislation does not set a maximum amount for the compensation that an aggrieved party may seek in certain situations.
Informative Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data of Information) Rules, 2011 deals with the protection of “Sensitive personal data or information of a person”, which includes the personal information relating to:
- Passwords;
- Financial information such as bank account or credit or debit card or other payment instrument details;
- Sexual orientation;
- Medical records and history; and
- Biometric information
The Act’s Section 69, which is an exception to the general rule of information privacy and confidentiality, states that where the Government determines that it is required for the benefit of:
- The sovereignty on the integrity of India,
- Defence of India,
- Security of the State,
- friendly relations with foreign states,
- public order,
- for avoiding encouragement to commit any of the aforementioned crimes that are punishable, or
- for the investigation of any offence.
Section 72 of the Information Technology Act, 2000 doesn’t specify the provision relating to the breach of privacy by the data processor but talks about a circumstance under which any person who, in pursuance of any of the powers conferred under the IT Act Rules and Regulations made there under, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned, discloses such material to any other person, such person shall be punishable with imprisonment for a term which may extend to two years, or with fine which shall be may extend to Rs 1,00,000 or with both.
Cyber Security Laws
What is Cyber?
The term ‘Cyber’ is used in relation to the culture of computers, information technology, and virtual reality. The connection between internet ecosystems forms cyberspace. The threat to cyberspace leads to an issue and gives rise to the need for cyber security.
Threats to cyberspace:
- Interconnectedness to Sectors
- Increase in the number of exposure points
- Concentration of assets
The previous ten years have seen a sharp rise in cyberspace dangers, according to the NITI Aayog report. The cyberattacks reveal the following:
- Sensitive information
- Personal information
- Business information
Cyber Threats and Cyber Security
There are various cyber attacks that have evolved over a period of time:
- Virus – It is a malware that self-replicates and spreads by inserting copies of itself into other executable code or documents.
- Hacking Websites – An unauthorized access to any website belonging to a personal or professional space
- Malicious Code – It is a kind of security threat where any code present in software trends brings harmful effects, breaches the security of the system, or brings damage to the system.
- Advanced Worm and Trojan – This is again a malware that camouflages as regular software however once assessed, brings damage to the hard drive, and background systems and corrupts allocation systems.
- Identity Threat and Phishing – It is a cyber attack involving fraudulent emails posing as authorized entities in order to induce people to reveal their information ( personal and professional )
- Cyber Espionage – Usually when a government’s or important organization’s privacy is posed at risk due to the illegal use of computers to seek confidential information.
- Cyber Warfare – Deliberately attacking information systems through the use of computer technology to disrupt the state’s activities, especially for military purposes.
Cyber Security – Cyber Swachhta Kendra
Under the Indian Computer Emergency Response Team (CERT-In) and the Ministry of Electronics and Information Technology (MeitY), is the Botnet Cleaning and Malware Analysis Center. Promoting awareness among Indian citizens about the need to secure their data on computers, mobile phones, and other electronic devices is the goal of the Cyber Swachhta Kendra.
Cyber Security – Indian Laws & Government Initiatives
There are various legislations that support cyber security in India.
- Information Technology Act, 2000
- Came into force in October 2000
- Also called the Indian Cyber Act
- Provide legal recognition to all e-transactions
- To protect online privacy and curb online crimes
- Information Technology Amendment Act 2008 (ITAA)
The amendments in the IT Act mentioned:
- Data Privacy
- Information Security
- Definition of Cyber Crime
- Digital Signature
- Recognising the role of CERT-In
- To authorize the inspector to investigate cyber offences against DSP who was given the charge earlier
- National Cyber Security Strategy 2020
- The Indian government is coming up with the National Cyber Security Strategy 2020 entailing the provisions to secure cyber space in India. The cabinet’s nod is pending and soon it will be out for the public.
- Cyber Surakshit Bharat Initiative
- In order to create an IT infrastructure that is cyber-resilient, MeitY and the National e-Governance Division (NeGD) came up with this plan in 2018.
Modern–Day Cyber Security and Challenges & Issues
In India, the Information Technology Act 2000, which was most recently amended in 2008, governs cyber security rules. And that was nearly a decade ago. Unlike other laws which can be updated in their own time, Cyber- security laws are obliged to keep up with the rapid challenges in the industry. In India, these laws haven’t been updated in a long time.
Here are a few highlights of the shortcomings of India’s current cyber legislation:
- Every social networking site must abide by the IT Act and designate a dedicated staff to react as soon as possible to requests from law enforcement agencies (LEAs).
- In order to provide service to LEAs, all ISPs must keep records for at least 180 days.
- Every district court ought to set up a special Cyber Court to hear cases that are urgent and need decisions made before the legal system can react.
- Electronic Proof Digital evidence should need to be certified by authenticators. This will be carried out by a separate Bureau.
- India-based websites and services must follow their own set of guidelines. This comprises international services that run in India.
- Why Personal data belonging to Indian citizens ought to be kept on Indian servers. (In the US, this is referred to as HIPAA compliance.)
- Waller Services and Payment Banks should be subject to the stringent rules of the IT Act, which demand a 30-day resolution period.
Case laws related to data privacy and Cyber Security
In India, data privacy and cyber security laws have been evolving, with several key case laws influencing their development. Here are some notable Indian case laws related to data privacy and cyber security:
- S Puttaswamy (Retd.) vs. Union of India (2017)
- Citation : (2017) 10 SSC 1
- Summary: This landmark Supreme Court case, often referred to as the “Right to Privacy” case declared the right to privacy as a fundamental right under the Constitution of India. The judgment was significant in shaping data privacy laws in India, as it provided a constitutional basis for privacy protections, which later influenced the drafting of the Personal Data Protection Bill.
- Google India Private Limited vs. Visaka Industries Limited (2017)
- Citation: 2017 SCC Online Del 9816
- Summary: The Delhi High Court dealt with issues of data privacy concerning online search results. The court considered the extent to which Google could be held liable for content that appears in search results, highlighting the responsibilities of search engines regarding user privacy and data protection.
- Shreya Singhal vs. Union of India (2015)
- Citation: (2015) 5 SCC 1
- Summary: This Supreme Court case challenged the constitutionality of Section 66A of the Information Technology Act, 2000, which dealt with punishment for sending offensive messages through communication services. The Court struck down the provision, ruling it unconstitutional for being overly broad and infringing on freedom of speech. The judgment had implications for online expression and content regulation.
- State of Maharashtra vs. Dattatray R. Bhale (2020)
- Citation: 2020 SCC Online Bom 579
- Summary: This case involved the unauthorized access and leakage of personal data. The Bombay High Court discussed the legal consequences of data breaches and the need for stringent measures to protect personal information.
These cases reflect the ongoing development and interpretation of data privacy and cyber security laws in India. They highlight the judicial emphasis on protecting personal privacy, regulating data handling practices, and ensuring compliance with emerging data protection norms.
Discussion
India now needs well-structured data protection and cyber regulations due to the new generation’s advancements in information and technology. Cyber law is a broad area of law that addresses all matters pertaining to computers, networks, and electronic transactions in order to provide a legislative framework that would prevent cybercrime and safeguard user data.
The Information Technology Act of 2000, which has been amended in response to emerging threats to electronic crimes and personal data protection, is the national statute that forms the basis of India’s cyber law. This Act includes provisions on cybercrime in its various forms, including unauthorized access, cyberterrorism, and the transmission of pornographic materials and contents. These provisions can be found in sections 43A, 66, 66C, and 67.
With the aid of ongoing worldwide phenomena like GDPR and the OECD recommendations, as well as examples from other jurisdictions, India’s data protection laws have developed. The recently enacted DPDP Act of 2023 ushers in a revolution by protecting people’s right to privacy in the context of contemporary society. The B. N. Srikrishna Committee’s earlier outlines and recommendations for separate consent for data collection and processing, data fiduciary, and stringent control over the personal information of those with sensitive profiles are also incorporated into this Act. Additionally, this act establishes bodies with oversight and enforcement powers, such as the Data Protection Board of India.
Conclusion
The exponential advancement of technology has resulted in a growing level of interference in human life. It’s common knowledge that data security is turning into the “new pollution control” and data itself is becoming the “new oil.” The General Data Protection Regulation (GDPR) has granted European citizens numerous rights to safeguard their personal data against unauthorized processing by data controllers. Data privacy and protection are currently major concerns in India due to the country’s growing digital populace.
When using the internet, every user, whether on purpose or not, leaves a digital trail in the form of personal information. In a situation like this, having specific laws, like the GDPR, to govern data protection and privacy becomes crucial.
It’s crucial for the company to create a privacy policy that not only satisfies its requirements but also safeguards the rights and interests of users and clients. Instead of viewing the creation of terms of use and privacy policies as merely a lengthy document, the business should view them as works of art.
References
- https://blog.ipleaders.in/data-protection-and-privacy-policies-in-cyber-law/
- https://www.lawyersclubindia.com/articles/cyber-law-and-data-protection-in-india-laws-related-to-cybercrimes-data-privacy-and-it-act-compliance-16742.asp
- https://www.appknox.com/blog/cybersecurity-laws-in-india
- https://byjus.com/free-ias-prep/cyber-security/