Laws Regarding Data Privacy

There are two parts to this: data privacy and data protection. Data privacy refers to the timing, manner, and extent to which a consumer’s personal information can be shared and transmitted to others. Personal information may include name, address, ethnicity, phone number, marital status, and so on. With the growth of internet usage over the years, there is an urgent need for data privacy legislation.

In contrast, data protection refers to the legal preservation of data against loss, destruction, or corruption. As data is being acquired at an unprecedented rate, there is a real concern about securing data collected from unauthorized sources.

Data privacy laws in India

IT Act, 2000

The Information Technology Act became effective in 2000 and was revised in 2008. According to Section 43A of the Act, if a body corporate that owns, deals with, or handles sensitive personal data or information of an individual is negligent in ensuring reasonable security in the process, resulting in wrongful loss or damage, the body corporate is liable to pay damages. In addition, the Information Technology (Reasonable Security Practices And Procedures And Sensitive Personal Data or Information) Rules, 2011, address the security of sensitive personal information such as financial information, sexual orientation, medical records, and so on. Section 72A of the IT Act provides for a fine of up to Rs. 5,00,000 or imprisonment for up to three years if the information is disclosed knowingly and intentionally without the consent of the person concerned, in violation of the conditions of a legitimate contract.

Digital Personal Data Protection Act, 2023

The DPDP Act is a recent piece of legislation in India that governs the handling of personal data. It was finally enacted nearly six years after the Supreme Court recognized the basic right to privacy in Article 21. The DPDP Act is positioned against the backdrop of global privacy legislation, such as the European Union’s GDPR, and so addresses privacy and protection requirements surrounding personal data. The DPDP Act is thought to derive several principles directly from GDPR and has a broad scope of applicability that extends beyond the region. While the Act imposes a stringent responsibility for the unlawful handling of personal information, there are substantial exceptions for public agencies. The DPDP Act developed a comprehensive framework for personal data processing, replacing the IT Act’s limited provisions. Here are some significant components of the DPDP Act:

• Bodies established under the DPDP Act: The Act employs a variety of words that, at first glance, may appear complicated. It is critical to understand the distinctions between terms like data processors, data fiduciaries, data principles, and data controllers. The individual whose personal information is collected is known as the data principal. The data fiduciary is the entity that determines the purpose and means of processing personal data. Their position is the same as that of a data controller.
• Exceptions granted under the DPDP Act: The DPDP Act allows for exceptions in the interests of India’s sovereignty and integrity, state security, cordial relations with foreign states, public order maintenance, and preventing incitement to commit offenses.
• The DPDP Act application: applies extraterritorially and has no restrictions on international data transfers.
• Grounds for lawful processing of personal data: Consent is the primary basis for lawful processing of personal data. In addition, Data Fiduciaries can establish a reasonable claim for authorized data processing.
• Data subject rights and obligations: There are rights for data principles such as the right to access, the right to erase, and the right to object, as well as requirements that must be met or face fines and punishment.

The data privacy and protection regulations in India reflect the global panorama of data’s rising dominance in a digitally enhanced age. The introduction of the DPDP Act is a step forward in protecting personal data, giving Data Principals more control over their data, and establishing responsibility for data protection agencies. The Act highlights essential principles such as data minimization, accuracy, accountability, purpose limitation, and so on. It also introduces the rights of Data Principals.

Lead India offers a range of legal services, including free legal advice and online information. You can talk to a lawyer and ask a legal question on various matters, including divorce, through our platform.