The digital space has huge amounts of personal information being collected, processed, and stored every second, data privacy has become a cornerstone issue. The protection of this sensitive information is crucial to ensuring that people retain control and are not exploited. Data privacy rights have been recognized and enforced in India through legislative frameworks. The key aspects of data privacy rights as per Indian laws and the practical enforcement mechanisms have been explored in this blog.
Also, Learn How is Data Privacy a Human Right?
Data Privacy Rights Given by Legislation
Personal data in India is largely protected by extensive provisions under India’s legislative landscape. These rights arise from the Constitution and two statutes specifically directed at protecting the privacy of the citizens of the digital space.
Constitution of India: Right to Privacy
In landmark case Justice K.S. Puttaswamy(retd.) v. Union of India (2017), Article 21 of the Constitution elevated the right to privacy as a fundamental right. The Supreme Court says that the right to life and personal liberty includes the right to privacy. The significance of this judgement was that individual rights to control his or her personal data and to prevent unauthorised access and misuse have been recognised. The Constitution does not explicitly refer to “data privacy,” but the Court’s principles have served as a precedent for legislative frameworks covering this matter.
Rights of Data Privacy Provided in Information Technology Act, 2000
One of the first laws in India to deal with data protection in the electronic commerce context of cybersecurity was the Information Technology Act 2000 (IT Act). Following provisions makes sure that the rights of an individual are accessible for remedy, compensation and penalties.
Section 43A: It mandates compensation for negligence in the implementation of reasonable security practices and procedures to protect sensitive personal data.
Section 72A: It penalises the disclosure of personal information without the user’s consent.
These include provisions to ensure that organisations that store personal data are answerable for its protection, thus reiterating the need for privacy.
Also, Learn about What is Data Privacy Management
Rights of Data Privacy in Digital Personal Data Protection Act, 2023
India’s latest intervention towards data privacy is the Digital Personal Data Protection Act (DPDP), 2023. Everything in this Act sets out comprehensive rights of data principals (data subjects whose data is being processed). Key provisions include:
Right to Access Information: Individuals can know what happens with their data.
Right to Correction and Erasure: People can ask that their personal data is corrected or deleted when it is no longer necessary.
Right to Consent Management: The principal’s free, informed and revocable consent is a prerequisite for data processing.
Data Fiduciary Obligations: Security safeguards need to be implemented by entities processing personal data and they are accountable for their actions.
The DPDP Act gives individuals power to control their data by disseminating penalties to organisations failing to comply with its regulations.
Also, Get to Know Who is Data Protection Officer
Enforcement of the Rights in Case of Breach
When data privacy rights are breached, individuals can seek redressal through the following mechanisms:
Digital Personal Data Protection Act, 2023: The Act sets up a Data Protection Board to deal with complaints regarding data breaches and non-performance by data fiduciaries.
IT Act, 2000: For breach of sensitive personal data, victims can file complaints under Section 43A or Section 72A.
Judicial Remedies: There is recourse to courts for the award of damages or injunction against parties engaged in violation of data privacy rights taking advantage of constitutional and statutory provisions.
For example, if a company shares user data without consent then the user can file a complaint with the Data Protection Board and require that the company provides accountability and corrective measures.
Also, Get to Know Which are the Top 30 International Data Privacy Law Firms
Summary
Data privacy rights are a crucial aspect of protecting individual autonomy in the digital era. The Indian Constitution, IT Act, and the DPDP Act collectively create a robust framework to ensure personal data is handled responsibly. These laws empower individuals to exercise control over their data while holding entities accountable for breaches. The ongoing evolution of India’s legal landscape reflects the nation’s commitment to safeguarding its citizens’ privacy in the digital realm.
Related Posts:
Data Privacy Rights: FAQs
Q1. What is the right to data privacy?
Data privacy is the right of an individual to choose what information on him is stored and processed by who.
Q2. What are the necessary provisions in the Digital Personal Data Protection Act, 2023?
Provisions of crucial data rights include a right to obtain information, rectification and erasure, and consent management, as well as responsibility of data fiduciaries to observe data security.
Q3. How does the IT Act, 2000 protect data privacy?
The IT Act addresses data privacy through provisions like Section 43A, which mandates compensation for negligence, and Section 72A, which penalizes unauthorized disclosure of personal information.
Q4. What does the Data Protection Board do under the DPDP Act?
The Data Protection Board resolves complaints about data breaches, promotes compliance with the Act, and punishes the violators.
Q5. What are the ways in which the Constitution of India protects data privacy?
The Justice K.S. Puttaswamy v. recognised right to privacy as a fundamental right under Article 21 which opens the gate to remedy under Article 32.
