The Rights of the Deceased: Moral Rights Incidental to Copyright Law
- Vanshika Agrawal
- 2024-04-25
Data of an individual or an organization has a significant impact on the digital economy. Data is considered the new oil; as data of an individual helps businesses and companies. To have in-depth and behavioral understanding of the consumer’s search trends, which helps them strategically place advertisements based on. User Data is especially useful in the banking, insurance, e-commerce and health care sector. However, considering the rapid growth in the digital economy and amount of data. That is being processed, there is a constant fear of such data being misused. Misuse of an individual’s data may cause intrusion in one’s privacy.
Contents hide
1 Privacy and data protection work
3 Personal Data Protection Bill.
4 Obligations under the PDPB Bill 2019
4.1 The key definitions under the Bill are:
4.2 The following are the obligations:
5 Key Compliances under the PDPB Bill.
5.1 Appointing a Data Protection Officer-
5.2 Data Protection Impact Assessment-
5.3 Data Localization in case of Cross-Border Transfer of Data-
5.3.1 Additionally, cross-border transfer is permit subject to the following condition:
Privacy and data protection work parallelly with each other. Every individual has the right to privacy and therefore has the right to practice a substantial degree of control over their respective data. In recent years, the right to privacy has gained judicial activism bringing it under the purview of fundamental rights under Article 21 of the Constitution of India. The Supreme Court in Kharak Singh vs the State of U.P interpreted the right to life shall mean life to dignified life. It further stated that the right to right is not enshrined under Article 21, however the same is a repository of residuary personal rights and recognized the common law right to privacy.
Data holds a significant importance in today’s world. However a data breach can cause significant harm to the privacy of an individual & can severely tarnish the reputation of a Company. Therefore, a robust legal framework is pertinent to safeguard the data from being misuse.
At present, India does not have an extensive legal framework specifically regulating data protection. However certain relevant laws do regulate the processing and storing of personal data of individuals such as the Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
Section 43A of the Information Technology Act, 2000 stipulates that:
“a body corporate who is possessing, dealing or handling any sensitive personal data or information, and is negligent in implementing and maintaining reasonable security practices resulting in wrongful loss or wrongful gain to any person, then such body corporate may be held liable to pay damages to the person so affected”.
Similarly under Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, which only deals with Sensitive personal data or information of a person, defines
The Information Technology Act, 2000, also provides for Punishment/Penalties for data breach under Section 72 A, which states that:
“any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both”
The Information technology Act, 2000 although regulates collection and processing of personal data, the main objective of the Act is to provide legal recognition and safeguard for the transactions carried out through digital means. The Act does not exclusively deal with the safeguarding of an individual’ privacy by regulating and scrutinizing the collection, processing and storing of the data of an induvial.
On 24 August 2017, the Supreme Court in Justice K.S. Puttuswamy vs Union of India delivered a landmark judgement, wherein the court recognized the right to privacy as a fundamental right enshrined under Article 21 of the Constitution of India. The Supreme Court further emphasized for a need of data protection framework.
Subsequently, a committee headed by Justice B.N. Krishna framed and introduced the Personal Data Protection Bill 2018 and pursuant to several rounds of discussion with the stakeholders the Ministry of Electronic and Information Technology introduced the final bill called Personal Data Protection Bill 2018 (“PDPB Bill” ) in the Lok Sabha.
Compliances For Business Vis-à-vis Personal Data Protection Bill 2019.
The PDPB Bill applies to the storing and processing of personal data of a data principal by the data fiduciary.
The PDPB Bill imposes certain obligations on the data fiduciary, for the processing of the personal data of a data principal.
Therefore, a data fiduciary is obligate to process the data only after fulfilling the above obligations. However, it is pertinent to note here that these are just the primary obligations confer upon the data fiduciary under the PDPB Bill.
Compliances For Business Vis-à-vis Personal Data Protection Bill 2019.
every data fiduciary shall appoint a Data Protection Officer. The primary duty of data fiduciary shall be to assess and monitor the data processed by the data fiduciary, advice the data fiduciary with respect to the data protection impact assessment and act as point of contact in the event of any grievance. Additionally, a data fiduciary shall also have a proper grievance redressal mechanism in place.
Compliances For Business Vis-à-vis Personal Data Protection Bill 2019.
every data fiduciary that undertakes to process data using new technology or processes large volumes of sensitive data such as genetic data or biometric data, or any other processing which carries a risk of significant harm to data principals, such processing shall not be commenced unless the data fiduciary has undertaken a data protection impact assessment in accordance with the provisions of this section.
Cross-Border transfer of sensitive data is permit under the PDPB Bill, however data can be store only in India.
Compliances For Business Vis-à-vis Personal Data Protection Bill 2019.
Compliances For Business Vis-à-vis Personal Data Protection Bill 2019.
The PDPB Bill imposes stringent penalties in case there is any contravention. Of any provisions under the PDPB Bill which may also include imprisonment.
Compliances For Business Vis-à-vis Personal Data Protection Bill 2019.
The PDPB Bill 2019 is a step towards better protection and safety of personal data of an individual. Considering the importance of data in today’s world and its significance in digital economy. It is pertinent to take steps to ensure protection of data by regulating the same. So as to obligate every organization/company processing such data to maintain certain safety standards and provide transparency. Therefore, pursuant to the implementation of the bill, every company. Shall have to frame their privacy policy as per the PDPB Bill and further ensure compliances under the Bill.
Drop your comment