Further to our Part II, this Part seeks to outline the key provisions under other extant regulations in India that seeks to address the issue of data protection and individual’s right to privacy.
Protection under other regulations
Apart from the Act, there are several laws that address the issue of the data protection and individual’s right to privacy and which prescribe severe punishments in case of contravention of the provisions by any person.
Provisions relating to individual’s right to privacy
|The Indian Penal Code, 1860
Section 74 (1) of the Juvenile Justice (Care and Protection of Children) Act, 2015 prescribes that reporting in any newspaper, magazine, news-sheet or audio-visual media or other forms of communication regarding any inquiry or investigation or judicial procedure, that may disclose the name, address or school or any other particular, which may lead to the identification of a child in conflict with law or a child in need of care and protection or a child victim or witness of a crime, involved in such matter, under any other law for the time being in force and publishing of picture of such child is a punishable offence.
|The Protection of Children from Sexual Offences Act, 2012
Section 23 of the Protection of Children from Sexual Offences Act, 2012 prescribes that making report or presenting comments on any child from any form of media or studio or photographic facilities without having complete and authentic information, which may have the effect of lowering his reputation or infringing upon his privacy, is a punishable offence. Further, it also prescribes that reports in any media disclosing the identity of a child including his name, address, photograph, family details, school, neighbourhood or any other particulars which may lead to disclosure of identity of the child is also a punishable offence.
|The Credit Information Companies (Regulation) Act, 2006
The Credit Information Companies (Regulation) Act, 2006 provides that the credit information related to individuals should be collected as per the privacy principles laid down in the said act. If there is any leakage of the data, then the entities responsible for collecting and maintaining the data will be held liable in case of any breach.
Provisions relating to individual’s right to data protection
|The Indian Penal Code, 1860
Considering the omnipresent nature of electronic data, it is important that the data protection and privacy laws are in line with the international standards. Various international guidelines or frameworks in respect of the law relating to privacy, such as OECD Privacy Guidelines, EU Data Protection Directives, APEC Privacy Framework mandate the following requirements in general for the purpose of privacy protection:
- Accountability – Organization’s accountability towards personal information that is collected.
- Notice – Notice in clear language to be given for collection of information, policy and notification.
- Choice and Consent – Choice and consent to be taken from the provider of the information for collection and use of the personal information.
- Collection Limitation – Restricting the collection of the personal information only for the purpose for which it is collected.
- Use Limitation – Restricting the use of the personal information for the stated purpose only.
- Disclosures – Terms on which the personal information is disclosed to third parties and/or any other reason for such disclosure.
- Access and Correction – Provider of the information’s access to his information and right to update or correct his information.
- Security/Safeguards – To prevent loss, misuse, unauthorized access of the personal information collected.
- Data Quality – To ensure that the information collected is accurate, complete and up-to-date.
- Enforcement – To assure adherence to policies and resolution of complaints.
- Openness – Policies should be clearly published and available.
It is evident from the above that although the current legal framework in India still needs to evolve to ensure harmony with the international standards especially when it comes to accountability, data quality and enforcement of the data protection as per the international standards, the provisions of the Act and the rules made thereunder address the data protection and privacy concerns to a considerable extent.
The A. P. Shah Committee was also of the view that a comprehensive legislation be enacted for right to privacy, wherein data protection would constitute a part of the legislation. The Committee, in its report, opined that “In India, there exist at least 50 laws, rules, regulations and executive orders that articulate privacy principles, practices, and related offences for different verticals such as finance, health, e-governance, telecommunication etc. The Privacy Act will be used to harmonize, but not homogenize these different policy documents to ensure that there is consistency, and compliance with the defined National Privacy Principles.”
It is amply clear that the Act and the rules made thereunder do not protect the privacy of the information and/or data by a body corporate but are more on the lines of deterring the breach of privacy by extending protection in case of happening of such breach. Regrettably, even today there is no protection against breach of privacy by individuals.
The need for a comprehensive legislation to address the right to privacy and privacy protection cannot be underestimated.
– Megha Manjunatha
[This is the last of a series of 3 posts that seeks to consolidate the extant regulations in India addressing the issue of data protection and individual’s right to privacy .]