Professional Documents
Culture Documents
net/publication/323958405
CITATIONS READS
0 5,637
2 authors:
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Dr. Jayanta Ghosh on 23 March 2018.
Research Scholar, Rajiv Gandhi School of Intellectual Property Law, Indian
Institute of Technology Kharagpur, West Bengal, India.
Assistant Professor, Rajiv Gandhi School of Intellectual Property Law, Indian
Institute of Technology Kharagpur, West Bengal, India.
Bharati Law Review, Oct – Dec, 2016 55
Introduction
Rights, an inherent and inalienable characteristic of human
society, have been reduce into a visible and implementable
document in international and national sphere.1 Some rights find
explicit mention in such documents while others are introduce
through interpretative tool due to integral linking with such
rights. Among all these, right to privacy is one of the most
important and acceptable personal right. It provides power to
individual snooping from others. Right to privacy finds reference
in the Universal Declaration of Human Rights and International
Covenants of Civil and Political Rights, Convention on the Rights
of the Child.2 Right to Privacy is the most integral part of human
life.3 In India, this right has been identified as integral feature of
right to life and liberty and right to freedom of speech expression.4
Every person is eligible to a ‘personal domain’ free from
unjustified interference or surveillance by the State or other
actors. Notwithstanding the pervasive recognition of the obligation
to protect privacy, the specific content of this right was not fully
developed by international human rights protection mechanisms.
The lack of clear expression of the content of this right has
contributed to difficulties in its application and enforcement.5 As
the right to privacy is a qualified right, its interpretation raises
challenges with respect to what organizes the private sphere and
in establishing notions of what constitutes public interest. As
Services, “Technology, and Data Protection,” The International Lawyer, Vol. 44,
No. 1, International Legal Developments Year in Review: 2009 (2010): 355-366.
11 Section 2 (o) of the Information Technology Act, 2008 provides "Data" means ‘a
24 R Rajagopal v. State of Tamil Nadu AIR 1995 SC 264; Sharda v. Dharampal, AIR
2003 SC 3450; District Registrar and Collector v. Canara Bank, (2005)1 SCC
496; State of Karnataka v. Krishnappa AIR 2000 SC 1470; State v. N. M. T. Joy
Immaculate, AIR 2004 SC 2282; X v. Hospital Z AIR 1999 SC 495; Kottabomman
transport Corporation Limited v. State Bank Of Travancore and others, AIR 1992
Ker. 351; Registrar and Collector, Hyderabad and Anr. v. Canara Bank Etc AIR
2004 SC 935;
25 In a case, The CPIO, Supreme Court of India v. Subhash Chandra Agarwal and
Anr. the Information Technology Act 2008, laid down the Definition of 2(f)
"information" means ‘any material in any form, including records, documents,
memos, e-mails, opinions, advices, press releases, circulars, orders, logbooks,
contracts, reports, papers, samples, models, data material held in any electronic
form and information relating to any private body which can be accessed by a
public authority under any other law for the time being in force’.
26 It has held that in a case of Ram Jethmalani & Ors v. Union of India, (2011) 8
SCC 1. “Right to privacy is an integral part of right to life, a cherished
constitutional value and it is important that human beings be allowed domains
of freedom that are free of public scrutiny unless they act in an unlawful
manner. Revelation of bank account details of individuals, without
establishment of prima facie grounds to accuse them of wrong doing, would be a
violation of their rights to privacy. State cannot compel citizens to reveal, or
itself reveal details of their bank accounts to the public at large, either to receive
benefits from the State or to facilitate investigations, and prosecutions of such
individuals, unless the State itself has, through properly conducted
investigations, within the four corners of constitutional permissibility.”
27 Justice A P Shah Committee Report, “Report of the Group of Experts on
Privacy”, (2012), Accessed October 21, 2016,
http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf.
Bharati Law Review, Oct – Dec, 2016 60
are also improvise. Therefore data protection explore how far the
information, details and data of individuals and organizations are
protected under the laws of India, especially under the
Constitution of India.31
The emphasis is laid on the protection available under the
Constitution of India since it is the “basic and ultimate source”
from which all other laws derive their validity and force. These
three must address for discussion of constitutional aspect
concern, (1) Privacy rights of interested persons in real space and
cyber space. (2) Mandates of freedom of information under Article
19 (1) (a). (3) Mandates of right to know of people at large under
Article 21. It categorically speaks about the right to privacy, right
to information, right to know and electronics governance, trade
secret, intellectual property etc. in the light of different view point.
For the purpose of justifying relationship with rights this research
work has done. In addition, another gap of this work is that there
is no equilibrium between information and Data processes.32 The
right based approach can only be justify through the discussion
with other laws these are hereunder:
Data Protection & Right to privacy
The ‘data protection’ and ‘right to privacy’ has much more similar
to each other. The ‘data protection’ can only be possible if the
encroachment of privacy is being stopped. Privacy law in general,
and informational privacy in particular, have always been closely
linked to technological development.33 In their seminal 1890
article ‘The Right to Privacy’, Warren and Brandeis lament the
‘instantaneous photographs and newspaper enterprise that have
invaded the sacred precincts of private and domestic life; and
numerous mechanical devices threaten to make good the
prediction that “what is whispered in the closet shall be
proclaimed from the house-tops”.34 This is the genesis of the
privacy matter. Now a days this is being developed in ‘data
protection’. The idea of ‘Data Protection’ has its different aspects.
The different aspects of data protection as a right like, the right
31 Dr. Amit Ludri, Law on protection of personal & official information in India, The
Bright Law house, New Delhi, 1st Edition, (2010).
32 Praveen Dalal, “Data Protection laws in India: A Constitutional
Perspective,”Accessed October 21, 2016,
http://ipmall.info/hosted_resources/gin/PDalal_DATA-PROTECTION-LAW-IN-
INDIA.pdf.
33 Graham Greenleaf and Sinta Dewi Rosadi, “Indonesia’s data protection
Regulation 2012: A brief code with data breach notification,” Privacy Laws &
Business International Report, Issue 122, (2013): 24-27.
34 Supra Note 3.
Bharati Law Review, Oct – Dec, 2016 62
Therefore the ‘right to privacy’ has its own way to develop the
matter of ‘data protection’. In the same way both the idea has
been come under the matter of right under the Constitution of
India.
Data Protection & Right to Information Act, 2005
In India, Right to Information come with that contention that, “the
practical regime of right to information for citizens to secure
information under the control of public authorities in order to
promote transparency and accountability…… for matters
connected therewith or incidental thereto”41. This is the preamble
of the Act 2005 and the Section 2(j) speaks about the definition of
‘right to information’.42 Now the issue arise that ‘data’ which was
kept with the public authority are safe or not. The digital data as
per clause (iv) of Section 2(j) is being maintaining properly or not
is really in doubt.
The ‘data protection’ in this Act is concern are being taken care as
a matter of right to the individual. In a case, Bannett Coleman v.
Union of India43 the court held that ‘it is indisputable that by
freedom of press meant the right of all citizens to speak, publish
and express their views,’ and ‘freedom of speech and expression
includes within its compass the right of all citizens to read and be
informed’. In Indian Express Newspaper (Bombay) v. Union of
India44, the Court held that, “the basic purpose of freedom of
speech and expression is that all members should be able to form
their beliefs and communicate them freely to others. In sum, the
fundamental principle involved here is the people’s right to know”.
Therefore the linkage between these two contexts can only be
made by the judgment of the apex court. In the same way PUCL v.
Union of India45 held that the right to information was further be
elevated to the status of a human right, necessary for making
governance transparent and accountable. The Supreme Court has
consistently held that the right to information is inherent in
53 Under the Personal Data (protection) Bill 2013, Section 2 (x) “sensitive personal
data”53 means personal data as to the data subject’s – (i) Biometric data; (ii)
Deoxyribonucleic acid data; (iii) Sexual preferences and practices; (iv) Medical
history and health; (v) Political affiliation; (vi) Commission, or alleged
commission, of any offence; (vii) [Ethnicity, religion, race or caste]; and (viii)
[financial and credit information].
54 Supra Note 46.
55 Supra Note 46.
56 Information Technology Rules 2011, Accessed February 20, 2015,
http://www.ijlt.in/pdffiles/IT-(Reasonable%20Security%20Practices)-Rules-
2011.pdf.
57 Raghunath Ananthapur, “India‘s New Data Protection Legislation”, Volume 8,
Issue 2, (2011).
58 ‘Movable p1roperty’ has been defined as property which is not attached to
anything and is not a land.
Bharati Law Review, Oct – Dec, 2016 66
come under the liability part of other then the question arise on
opposite that whose right are to be protected. The Section 405 and
Section 409 speaks about whoever misappropriates some other
person’s property is punishable under criminal breach of trust. In
another Section 378 no one can dishonestly take any movable
property out of the possession of any person without that person’s
consent, if he does so then he is said to commit theft and is
punished but there is not any particular act regarding electronic
data protection to till date. In this concern there are two way to
addresses the legal right which one may can undergo. Actually the
crime is done against the state only. Hence the right of the state to
maintain law and order it’s a serious concern. In Penal Code
penalties are mention and in civil actions laws for damages
including the amount of damages, must be determined by the
verdict of a jury59. The idea to mention this are very much relevant
for addressing the right issue. The relationship of the ‘data
protection’ and ‘Indian Penal Code’ on addressing the right are
appropriate. In this texture the state also come under the purview
to protect the data of an individuals.
Data Protection & National Security
The ‘data protection’ and ‘national security’ are very much
relevant in the contemporary world scenario. The importance of
the National security and law enforcement agencies in every
country plays very vital role regarding ‘data protection’.60 For
instance, the story has come out in the year 201361, that a fellow
Edward Snowden has releases the privacy related data of United
State. By this story a hue and cry situation arises that whether an
individual doesn’t have privacy at all. The data access by any
individual if it is exposed in the public domain then what kind of
privacy will prevail. If this situation arise, the developed country
will be the most powerful according to their technological
advancement and what would be the situation of developing
country.62 The national security are not at all played any role in
this situation. For the purpose of making the parity with this
59 Denis O'Brien, “The Right of Privacy,” Columbia Law Review, Vol. 2, No. 7
(1902): 437-448.
60 Law Enforcement, National Security, and Privacy, Accessed March 25, 2015,
http://cis-india.org/internet-governance/blog/law-enforcement-national-
security-privacy.pdf.
61 The Hindu, Published in June 24, 2013,Accessed October 21, 2016,
http://www.thehindu.com/news/international/world/edward-snowden-and-
the-nsa-files-story-so-far/article4846529.ece?css=print.
62 Daniel J. Solove & Paul M. Schwartz, “Privacy, Information and Technology,”
Wolter Kluwer Law & Business Publisher in New York, (2011), 79-256.
Bharati Law Review, Oct – Dec, 2016 67
situation the idea to put forward the right base approach are very
much important in nature.
In similar situation national security and law enforcement are
often excluded from laws, or are broadly accepted purposes for
which such access is permissible. This proved to be the case in
every country, even in those nations with the most well developed
data protection regimes. For example, Dan Svantesson writes that
Australian laws ‘taken together ... provide Australian law
enforcement and national security agencies with broad access to
private-sector data.’63 The result is that data collection and use for
national security and law enforcement purposes is often excluded
from oversight applicable to other data processing activities or
subject to far less transparent standards and oversight regimes.64
The protection against the authority to individuals are necessary
to examine the right based approach. In that authority like police
can track a cell phone except in a limited set of time-sensitive
situations and emergencies. The latest technology has given every
moment snooping to the enforcement agencies, and the geo-
location of every individual. The issue is that discusses the
cellular location technology that police use to monitor citizens
who use cell phones. Specifically, this commentary will examine
cell site, Global Positioning System, and Wi-Fi technology. The
other issue will show that legislation is needed in this area
because cell phone tracking is a widespread practice that may
eventually replace federally regulated wiretapping to some
degree.65 Now the matter is that for the purpose of national
security reason to some extent this encroachment is genuine, but
on the other hand the personal privacy related issue also peep
into the door.
In Case of District Registrar and Collector, Hyderabad v. Canara
Bank66 the Supreme Court contended that the search and seizure
by the enforcement agency of any registers, books, records,
papers, documents or other proceedings for the purpose of
collecting evidence and discovering the fraud and omission of
stamp duty payable or not of an individuals are come under the
infringement situation, secrecy and confidentiality must be
maintain.
Now according to establishing the right, individual liberties such
as privacy and Data protection is an essential phenomenon for
tackling the policies of cybercrime and cyber security which day
by day is increasing67. The concern of Data protection and the
human rights are in the same periphery. It involves the privacy
and data protection in the every countries. The philosophical
debate of the ‘security vs. privacy’ dichotomy ‘interest vs. right’ or
‘value vs. value’ hinges on the idea that balancing is always
needed according to some weighing rule which limits one in favour
of the other. This has also gives the idea of Data, Data Controller,
Data Processer, Data Storage and the proposed regulation.68
Data Protection & Intellectual Property Law
The parity between the ‘data protection’ and the ‘intellectual
property law’ are need to be analyze as a right based approach in
concern of the computer related database work.69 It is been
recognized under section 63B of Indian Copyright Act provides
that any person who knowingly makes use on a computer of an
infringing copy of computer program shall be liable for
infringement. The intellectual property right of an individual are
based on the ‘labour, skill and judgment’ factors. If any literary,
dramatic, musical, artistic and cinematographic works are
recognized by law, then the protection of the right of owner of that
work is essential. However, it is difficult to differentiate between
data protection and database protection under the Copyright
Act70.
Data protection is aimed at protecting the informational privacy of
individuals, while database protection has an entirely different
function, namely, to protect of the creativity and investment put
into the compilation, verification and presentation of databases.
The legal concepts of access, privacy, ownership and evidence are
generic to all relationships. However these concepts can also be
used to analyze the rights and obligations of recordkeeping
participants professional and business. Property law can apply to
information the data which kept the authority is follows the public
policy or not. In this light the banking sector, the banker has the
obligation not to disclose the information in their possession,
which resulting in a breach of the duty of secrecy and
confidentiality owed to the client. The scope of the right to privacy
of banking customer was curtailed as it conflicted with the right to
information and public information74.
In another sphere, The Securities and Exchange Board of India
Act (1992)75 establishes the Securities and Exchange Board of
India (SEBI) to govern and regulate the use of individual’s credit
information.76 In the Act77, reactive access by the government is
mediated through Security Exchange Board of India, which is
empowered with broad access to private-sector data related to the
securities market. As a safeguard to unauthorized reactive access,
SEBI is permitted to undertake inspection only if it has
reasonable grounds to believe that: a company has been indulging
in insider trading or fraudulent, unfair trading practices are being
used, transactions in securities are being dealt with in a manner
detrimental to the investor, or an intermediary or any person
associated with the securities market is contravening any
provision in the Act.78 The Act re-enforces reactive access to and
disclosure of information by penalizing any person who fails to
furnish the required information.79
In another segment of corporate affairs, the Credit Information
Companies Regulation Act, 200580(“CICRA”), the credit
information pertaining to individuals in India have to be collected
as per privacy norms enunciated in the CICRA regulation. Entities
collecting the data and maintaining the same have been made
liable for any possible expose or alteration of this data. Based on
Fair Credit Reporting Act and Graham Leach Bliley Act81, the
CICRA has created a strict framework for information pertaining
to credit and finances of the individuals and companies in India.
74 Mr. K.J. Doraisamy v. The Assistant General Manager, State Bank of India and
others, (2007) 136 Comp Cases 568 (Mad).
75 SECURITIES AND EXCHANGE BOARD OF INDIA ACT 1992, Accessed October
21, 2016, http://www.sebi.gov.in/acts/act15ac.pdf.
76 Ibid.
77 Ibid.
78 Ibid.
79 Ibid
80 CREDIT INFORMATION COMPANIES REGULATION ACT, 2005
http://www.equifax.com/international/india/pdfs/Credit_Information_Compan
ies_Act.pdf (Accessed October 21, 2016).
81 Accessed October 21, 2016,
http://www.dataquick.com/wp-content/uploads/2013/02/GLB-outline.pdf.
Bharati Law Review, Oct – Dec, 2016 71