The age old question which arises in minds of people of this country is that in India is there a law, is there actually right to privacy? Because the concept like adhar we have adhar card which is something like a social security number on the basis of which we try to cover and link all our accounts together so that our identity can be established but most often this question lingers our mind that what if one of the various information gets leaked , am I consenting to give such a right without protection around it to ensure my privacy?
So we look into the laws which are currently available in India in regards to this, expressly speaking there is no legislation as such to protect data in India neither the constitution expressly grant the fundamental right to privacy however the courts have read the Right To Privacy existing under fundamental right under certain reasonable restrictions. Article 19(1)(A) , article 21 and 19(2) of the constitution ,reasonable restrictions are those which can be imposed by the state while exercising the articles of the constitution in granting justice .In the case of Justice puttaswami vs Union of India the bench of Hon’ble SC held the right to privacy as fundamental right with reasonable restrictions and these restrictions are considered necessary for the balance of law to be maintained , in the absence of an expressed legislation the courts have exercised their powers to determine what is reasonable and what is not reasonable and they always have had been on the right side of the law.
Currently the laws in India governing the Data protection act are the Information Technology Act and the Indian Contract Act , are codified law . The Data protection bill is yet to be introduced .
The IT act deals with the issues relating to the payment of compensation and punishment in case of wrongful disclosure and misuse of personal data and violation of contractual terms in respect of personal data. Section 43(A) of the IT act states that a Section 43A of the IT Act explicitly provides that whenever a corporate body possesses or deals with any sensitive personal data or information, and is negligent in maintaining a reasonable security to protect such data or information, which thereby causes wrongful loss or wrongful gain to any person, then such body corporate shall be liable to pay damages to the person(s) so affected. There is no upper limit specified that can be claimed by an aggrieved in claiming compensation.
Section 72A provides for the punishment for disclosure of information in breach of lawful contract and any person may be punished with imprisonment for a term not exceeding three years, or with a fine not exceeding up to five lakh rupees, or with both in case disclosure of information is made in breach of lawful contract. , has also been made punishable in IT act of 2000 according to which the imprisonment is upto 3 years and fine extending to rupees 5 lakhs.
But these are all compensation measures not deterring factors , the guidelines of protection of something like this happening is still not there in India. and that’s the lacuna that’s why the aggeregaters and other app holders hold the authority to exploit the platform because the people will never get to know their data has leaked.
In the absence of an existing legislation there have been provisions made and the government is trying to evolve with the current scenario on the GDPR rule which is the General Data Protection Regulations which is authorized by the EU which is the Europian Union .
Section 65 of the IT act covers the computer programmers , coders, source coders , software coders all are covered under this act.
So many time it is seen in social medial platforms that there is a leakage of data , a profile has been copied but we refuse to process and move forward and file a complaint but people have to be proactive and aware that these laws are in our favor and we must exercise them in the absence of a data protection bill . Certain amendments have also been made in the IT act 2000 , increasing its ambit.
Thus overall the current data protection law is punitive is more of the aftermath of what happens but how do we contain the framework of the framework with the laws in terms of data protection is still to be figured.