Scope of Data Protection Laws in India

Data Protection is the method to protect and secure the digital information from its loss or corruption. Digital information stored are of immense importance sometimes for business, legal or any other purpose. With the technical advancement there is also an advancement in the field of crimes. To fight with such crimes there has to be stringent laws for the same.

Is there any separate legislation for data protection in India? Answer to this question would be no. Inspite of being such a serious issue and increasing ease of criminal access to sensitive data there is still no separate legislation for data protection in India. The protection of data comes within the purview of IT Act, 2000. There are certain provisions in the Act that talks about protection of data.

  • Section 43 This section imposes penalty on any person gaining unauthorized access to other’s computer.
  • Section 65– Protection is provided under this section against tampering of computer source code.
  • Section 66– Hackers are punished with heavy penalty under this section.
  • Section 70– Any access or attempt to secure access to protected systems are severely punished under this section.
  • Section 72– There shall be no breach of confidentiality or privacy of data by any person having the power.

The Personal Data Protection Bill, 2006:

On 8th December, 2006 this bill was introduced in Rajya Sabha for protection of personal information received from one organization prohibits use of it by another organization for any purpose. This also entitles the individual to claim damages for the person who discloses any such sensitive data or information collected. This bill also proposed to appoint data controllers to keep a check that there is no violation of the provisions of the proposed Act.

The Personal Data Protection Bill, 2018:

This proposes for appointment of Data Protection Authority to look into data breaches and take actions against it. The authority should consist of six full time members and one expert. This includes the following rights and principles in regard to processing of personal data.

Principles for processing of personal data:

  • Transparency
  • Lawful Basis for processing
  • Purpose Limitation
  • Proportionality
  • Retention
  • Data minimisation

Rights of an individual in processing of personal data:

  • Right of access to data/copies of data
  • Right to confirmation and access
  • Right to rectification of errors
  • Right to correction, etc
  • Right to object to processing
  • Right to deletion
  • Right to restrict processing
  • Right to data portability
  • Right to object to marketing
  • Right to withdraw consent

If we have a look towards the law for data protection in developing countries and the law for data protection in India there is still a huge gap to cover. Even though major parts are protected under the IT Act but complete prevention of destruction of data is not possible by this Act. There has to be initiatives taken for the same to provide complete protection to the personal or sensitive data. Being such a major debatable issue, the legislature should take effective steps to draft comprehensive law for data protection in India.

This article is authored by Neha Kumari, student of B.Sc LL.B at New Law College, Pune

Also Read – Types Of Cyber Crimes

Law Corner

Leave a Comment