Data Protection, Privacy and Corporate Compliance 


According to Louis Brandeis and Samuel Warren, privacy is defined as right to be alone or to enjoy company of oneself. However, in today’s digital environment the word has evolved to include a number of concepts including data privacy, in addition to the individual privacy alluded to by Brandeis and Warren.[1]The right to privacy is a fundamental right enshrined in Article 21 of constitution of India as well as in many constitutions around the world. Protecting privacy in the digital age is key to a healthy and successful democratic process leadership. Yet, despite growing data identification and understanding protection and the right to privacy worldwide are still lacking in legislation and institutional architecture, procedures and systems for supporting the security of privacy and Data Rights.

Data protection is important in todays digital world, as it is directly related to right of privacy of individual and considering this factor majority of the states have adopted data protection laws but they are still not adequate and have not kept up with modern uses of data and challenges they pose. Data protection laws need to be updated to face emerging challenges.

Concept of Data

According to Section 2(1)(o) of the Information Technology Act, 2000[2] data means “Representation of information, knowledge, facts, concepts or instructions that are being prepared or prepared in a formalized manner and are intended to be processed in a computer system or computer network and may be in any form (including magnetic or optical storage media printouts, punched cards, punched tapes)”[3]. The concept of data is not only limited to electronic information but also on hard copy i.e on paper.

Why Data Protection is important

In modern world, every work is somehow connected and to do any work you have to provide some of your personal information, if you purchase something online, or enter into any contract or service request, or to pay your tax or anything you do, you have to provide some personal information. Some of this information is so relevant, that if it goes to wrong hand, then it could harm that person. This create a chaos in the mind of user and reduce his belief in the institution. The only way in which people and customers can trust both government and company are through good data security policies, with successful regulations helping to reduce state and corporate oversight and data misuse.

Indian Jurisprudence on Privacy Rights

Article 21 of the constitution of India[4] talks about privacy right in India, it says “No person shall be deprived of his life or personal liberty except according to procedure established by law”.

There is nothing said directly in the article about privacy rights, but SC in various cases held that article 21 includes right to privacy. The major decision of Supreme Court came recently in K. S. Puttaswamy (Retd.) v Union of India[5] also known as the Aadhar judgement case. Court held that “The right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution” and from this judgement right to privacy was included under fundamental rights of citizen.

Privacy and Data Protection

There is direct link between privacy and data protection, if someone’s personal data is not safe and it can be accessed by some other person then his right to privacy has been violated. Individual in form of Customers must have the means and instruments available to exercise their right to protect yourself and their data from violence and privacy. It is necessary too that those data processing obligations are clear, so that measures are taken to secure personal data, prevent violations of the right to privacy, and account keeping when they fail to meet their obligations.

Data protection is basically protecting fundamental right of privacy of any individual by regulating Personal Data Processing to give individuals rights over their data, and to set up accountability systems and clear obligations for those who control or undertake data processing. Data protection is recognized all over the world and almost every country has some regulation related to this issue. For example, under article 8 of charter of human right of the European Union[6], it is clearly mentioned that every person has right to protect data his/her personal data.

Current Scenario: The Data Protection Bill 2019

This bill was introduced by The Minister of Electronics and Information Technology, Mr. Ravi Shankar Prasad, in the Lok Sabha. Presently, it has been referred to a Joint Parliamentary Committee and is being analyzed by the same in consultation with various other groups.

The Bill regulates personal data related to individuals, and the processing, collection and storage of such data.  Under the Bill, a data principal is an individual whose personal data is being processed.  The entity or individual who decides the means and purposes of data processing is known as data fiduciary. [7] The Bill provides the Data Principal the rights to seek confirmation, correction, completion, erasure and non-disclosure of personal data after withdrawal of consent, while also providing certain obligations of security on the data fiduciaries.

There’s an exemption in some cases where, the central government can exempt any of its agencies in the interest of security of state, public order, sovereignty and integrity of India, and friendly relations with foreign states.[8] This bill has also been criticized by the drafter of the 2018 draft bill, Justice Srikrishna, he has stated in an interview with economic times that, on grounds of sovereignty or public order, the government can access private data or data from government agencies at any time. It has serious consequences. “He also said it might make India an Orwellian State.

Compliance and Privacy

As the data stealing is increasing, the need for a data protection compliance program in business is becoming increasingly important after several high-profile leaks of companies’ data[9]. Compliance can be defined as a structured governance strategy designed to ensure an organization fulfills its responsibilities under relevant laws, legislation, best practices and standards, contractual obligations and institutional policies. In simple words compliance works to achieve transparency within the system. In companies, compliance seeks development of policies and procedures so that individuals have the information they need to make the right decisions.[10]


In modern world, data is oil, data has become one of the most important resource, and it can be used maliciously so it is duty of everyone to safeguard it. Data protection is directly linked with privacy and as privacy is a fundamental right, data protection is also a fundamental right. We give our data for every work either it is small work or big, but we don’t know where that information goes, is it safe to provide such information and hence it become responsibility of government to make sure the personal data of public is safe. There are a lot of regulations for data protection all around the world, but they are still not sufficient to safeguard it, there is a need for more strict regulation for it.

[1]Warren Samuel and Louis Brandeis, ‘The Right to Privacy’ (1890) Harvard law review 4.

[2]The information technology act 2000, s 2(1).

[3]General data protection regulation 2016, art 4.

[4]The constitution of India, art 21.

[5]K. S. Puttaswamy (Retd.) v Union of India(2017) 10 SCC 1.

[6]Charter of fundamental right of European Union 2000, art 8.

[7]Anurag Vaishnav, ‘The Personal Data Protection Bill, 2019: All You Need To Know’ (PRS Legislative Research, 23 December 2019) <> accessed 24 June 2020.


[9]Joe stanganelli, ‘compliance and data privacy regs it security pros should worry about’ (2019) e-security planet <> accessed on 24 June 2020.

[10]Garry Miller, ‘compliance privacy and security what’s the difference’ (2017) Educause review <> accessed on 24 June 2020.

This article is authored by Manas Shrivastava, First-Year, B.A. LL.B student at National Law University Odisha

Also Read – Scope of Data Protection Laws in India

Law Corner

Leave a Comment