Practical Aspects of Data Protection in India

9/12/22, 10:25 PM Practical aspects of data protection in India - iPleaders
Practical aspects of data protection in India

By Sneha Mahawar - September 10, 2022
This article is written by Abhishek Verma. This article has been edited by Ojuswi (Associate,
Lawsikho).
This article has been published by Sneha Mahawar.
Table of Contents 
https://blog.ipleaders.in/practical-aspects-of-data-protection-in-india/ 1/19
1. Introduction
2. Data protection
3. Concept of data : Indian perspective
4. Judicial pronouncements on privacy : an intrinsic part of data protection
4.1. M.P. Sharma and Ors. v. Satish Chandra, District Magistrate, Delhi, and Ors.
4.2. Kharak Singh v. State of Uttar Pradesh and Ors.
4.3. Justice K.S. Puttaswamy (Retd.) and Anr. v. Union of India and Ors.
5. Regulations in India for data protection
5.1. Personal Data Protection Bill, 2019 (“PDP Bill”)
5.1.1. Applicability of the PDP Bill
5.1.1.1. Personal data
5.1.1.2. Sensitive personal data
5.1.1.3. Critical personal data
5.1.1.4. Anonymized data
5.1.2. Offences and punishments under the PDP Bill
5.2. The Information Technology Act, 2000
5.2.1. Section 43. Penalty and compensation for damage to the computer, computer system, etc.
5.2.2. Section 43A. Compensation for failure to protect data
5.2.3. Section 66C. Punishment for identity theft
5.2.4. Section 66E. Punishment for violation of privacy
5.2.5. Section 72. Penalty for breach of confidentiality and privacy
5.2.6. Section 72A. Punishment for disclosure of information in breach of lawful contract
5.3. Information Technology (Reasonable Security Practices and Procedures and Sensitive
Personal Information) Rules, 2011
5.3.1. Rule 4. Body corporate to provide policy for privacy and disclosure of information
5.3.2. Rule 5. Collection of information
5.3.3. Rule 6. Disclosure of information
5.4. Indian Telegraph Act, 1885
5.4.1. Section 24. Unlawfully attempting to learn the contents of messages
5.4.2. Section 25. Intentionally damaging or tampering with telegraphs
5.4.3. Section 26. Telegraph officer or other official making away with or altering, or unlawfully
intercepting or disclosing, messages, or divulging purport of signals
5.4.4. Section 30. Retaining a message delivered by mistake
6. Conclusion
7. References
Introduction
“Data is the new oil” phrase was coined in 2006 by Clive Humby, a British mathematician
and data science entrepreneur. In this digital era, data is the most valuable asset. Data is
information whether it is qualitative or quantitative, stored in electronic or physical form.
Data plays a vital role in decision-making in almost every sector and at every level when
gathered completely and accurately, and corroborated with other relevant data in a timely
manner. When properly refined, usable data quickly becomes a decision-making tool
allowing companies to react to market forces and enabling them to be proactive and
intentional in their decision-making.
As it has been seen, the government used to conduct various surveys to collect data to
further formulate policies and take help in important decision-making at various levels. In
the same way in the current era, corporates take help from the data collected through
tracking the activities of the general public regarding the goods and services they are
looking for or what kind of product they might be interested in, upon analyzing certain
factors such as their buying habits, age, sex, culture, weather conditions, etc. to make
important decisions in marketing their products and services to their relevant target
customers.
Organisations need data to have a better understanding of the market, purchasing patterns,
the budget of people, and demand for products based on geography, age, and other factors.
And now the question arises of what kind of information they look for and how is that
information processed and forwarded to those organisations.
Every time we search for anything or browse any website, we become a source of data for
companies. Companies not only track our online activities but also sell that data to other
relevant companies so that those companies could take the help of those leads and try to
convert them into sales.
And certainly, there are many instances where the storage or usage of data becomes
immoral or violates the privacy of people. So there arises the need to regulate the usage of
data by legislating certain laws or regulations to prevent the violation of the privacy of
people.
In this article, we will be focussing on the current status/position of data protection in India
by studying and analysing the relevant provisions that regulate the collection, use and
disclosure of data and the case laws dealing with the illegal use of data.
Data protection
Data protection is the process of safeguarding or protecting data from any kind of
unauthorised or illegal use. In other words, data protection is the protection from any sort
of use of personal data without the permission of the concerned person whose data is being
used, except or otherwise the said data is being used by any competent authority and
without any violation of the rights provided under the law. The data protection regulations
try to balance the usage of data to be used as a resource and the privacy of individuals.
Concept of data : Indian perspective

Data has been defined differently in different acts, and among such definitions, some are
outlined hereunder:
According to Section 2(1)(o) of the Information Technology Act, 2000 (the “IT Act”) “data”
means “a formalised representation of concepts, information, facts, knowledge, or
instructions that are being processed, is being processed or has been processed in a
computer system or computer network, and maybe in any form (including computer
printouts, magnetic or optical storage media, punched cards, punched tapes), or stored
internally in the memory of the computer.”
The electronic consent framework issued by the Digital Locker Authority defines ‘data’ to
mean “Any electronic information stored by a public or private service provider (such as a
government service department, a bank, or a document repository, for example). This could
apply to both static and transactional documents. Data, on the other hand, is not limited to
electronic information; it also includes information saved in physical forms, such as on a
sheet of paper.”
These are not the only definitions that define the scope of data under the Indian legal
system, data has been defined in other regulations also which give the same meaning, in
other words, they may slightly differ in scope.
Although India had not been vigilant specifically regarding data protection in the past years,
through some landmark judicial pronouncements on the ‘right to privacy’, we can witness
some developments in Data Protection in India as privacy is the key element in the concept
of ‘Data Protection’.
Judicial pronouncements on privacy : an intrinsic

part of data protection
M.P. Sharma and Ors. v. Satish Chandra, District

Magistrate, Delhi, and Ors.
In this case, for the very first time, the Hon’ble Supreme Court of India took up the
question:
Whether the ‘Right to Privacy’ is a fundamental right or not?
Whether a warrant issued under Section 94 and 96(1) of the Code of Criminal Procedure
for search and seizure violates the right to privacy of a person.
It was held that:
The power of search and seizure is necessary to protect social security and is not in
contravention of any of the provisions of the constitution of India.
Also, the right to privacy was not mentioned as a fundamental right by the constitution-
makers.
Kharak Singh v. State of Uttar Pradesh and Ors.

In this case, the main questions that arose were:
Whether the right to privacy is inclusive of Article 21?
Whether the domiciliary visit at night for surveillance against the accused violates
Articles 21 and 19(1)(d) of the Indian Constitution?
Was the act of maintaining history sheets of the previously accused person and keeping
track of their movements violative of Article 19(1)(d) and 21 of the Indian Constitution?
It was held that:
Although in the view of the majority of judges, Article 21 of the Constitution of India
does not include any provision for privacy and the right to privacy cannot be considered a
fundamental right.
Regulation 236(b) of the UP Police Regulations that authorises Domiciliary visits by the
state is unconstitutional as it violates Article 21 of the Indian Constitution.
The court determined that keeping a close eye on a suspect and secretly filming their
activities did not obstruct their physical movement and that a psychological barrier to
action was not protected under Article 19(1)(d).
Furthermore, it did not violate the suspect’s ‘personal liberty’ as defined by Article 21.
Justice K.S. Puttaswamy (Retd.) and Anr. v. Union of India

and Ors.
This case was a landmark judgment by the Hon’ble Supreme Court of India as in this case,
it was held that the ‘right to privacy’ is protected or enshrined under Articles 14, 19, and 21
of the Indian Constitution. This case overruled M.P. Sharma and Kharak Singh’s judgment.
The ‘Aadhar Card Scheme’ was challenged in this case because it violated citizens’ right to
privacy by collecting and utilising their biometric information for other purposes. The
petitioner stated that the right to privacy is a basic right that should be protected under the
Indian Constitution Article 21. In response, the respondents argued that the Constitution
merely recognizes personal liberty and that citizens have a limited right to privacy.
The Constitutional bench of nine judges was formed to determine the issue unanimously.
The Supreme Court ruled that the right to privacy is integral to the right to life and personal
liberty guaranteed by Article 21. It is also a part of the rights protected by Part III of the
Indian Constitution. It was also stated that the state has an obligation to preserve the
privacy of its residents. As a result, the ‘Aadhar Card Scheme’ was found to have violated
residents’ right to privacy.
Citizens can now seek court remedies if their data privacy rights are violated, thanks to this
judgment of the Hon’ble Supreme Court. This decision also has ramifications for Indian tech
businesses’ norms and laws.
In this light, it is essential to look at regulations that deal with data protection laws in India.
The following section highlights a few of these legislations.
Regulations in India for data protection

Although, there are no such overarching laws that regulate the collection and usage of
personal data. But there are certain sections in various Acts that somehow, directly or
indirectly, regulate the collection and usage of data.
Among those, we will discuss some hereunder:
Personal Data Protection Bill, 2019 (“PDP Bill”)

This bill was drafted by a panel led by BN Srikrishna, a retired Supreme Court Judge, and
was reviewed by a Joint Parliamentary Committee that has already submitted its final
recommendation.
The bill has been deliberated for over two years now. A total of 188 amendments have
been recommended out of which 91 amendments are significant, while others are subject to
some minor editing of legal nature in different sections.
The bill will broaden the scope by providing a comprehensive data protection framework
that will apply to all forms of personal data processing, as well as processing activities
carried out by both the government and private bodies, including corporations.
Applicability of the PDP Bill

The PDP Bill applies to the processing of personal data by:
(i) The Government;
(ii) Companies Incorporated in India;
(iii) Foreign Companies dealing with the personal data of individuals in India.
This bill not only regulates the data collection and usage of internet-based companies but
also brick-and-mortar companies.
The nature of data is regulated by the categories of “data” :
Personal data
According to the bill, personal data means “data relating to a natural person about an
attribute, characteristic, trait, or any other factor that aids in the identification of that
person.” The bill also establishes a distinction between Critical and Sensitive Personal Data.
Sensitive personal data
It includes biometric data, financial data, political affiliations, health data, sexual
orientation, transgender status, caste or tribe, religious and sex life, etc.
Critical personal data
It means any such data which will be notified by the Central Government as critical personal
data.
Anonymized data
It means data that has undergone the process of anonymization.
Offences and punishments under the PDP Bill
1. Transferring or processing personal data in violation of the Bill shall be punishable with a
fine of Fifteen Crore Rupees or four percent of the annual turnover of the fiduciary,
whichever is higher, and;
2. Failure to undertake a data audit will result in a fine of Rupees. 5 crores or 2% of the
fiduciary’s annual turnover, whichever is higher.
3. Re-identification and processing of de-identified personal data without permission or

consent are punishable with an imprisonment of a term which may extend to three
years, or fine, or both.
The PDP Bill sets up a Data Protection Authority which may;
1. Take appropriate steps to protect the interests of individuals;
2. Prevent misuse of personal data, and;
3. Ensure compliance with the Bill.
According to the bill, the Data Protection Authority will be composed of a chairperson and
six members with experience of at least ten years in the fields of data protection and
information technology. Appeal from the orders of the Authority can be filed to an Appellate
Tribunal and appeals from the Tribunal will go directly to the Supreme Court.
The Information Technology Act, 2000

The Information Technology Act was enacted to regulate electronic commerce and
transactions and to prevent cyber crimes by penalising them. Provisions under the IT Act
that deals with the protection of data are mentioned hereunder:
Section 43. Penalty and compensation for damage to the computer,

computer system, etc.
According to this section, if any person uses a computer or computer network without
taking the consent of the owner to cause harm then he shall be liable to pay damages to
the person so affected by the way of compensation.
Section 43A. Compensation for failure to protect data

This section outlines the obligation upon the body corporates that fail to maintain
reasonable security practices and procedures, where they are dealing with or possessing
any sensitive personal data or information and thereby causes any kind of wrongful loss or
wrongful gain to any person, then such body corporate shall be liable to pay compensation
to the person who has incurred the loss.
Section 66C. Punishment for identity theft

This section states the punishment where whoever, dishonestly or fraudulently makes use of
the password, electronic signature, or any other unique identification feature of any other
person, shall be punished either with imprisonment for a term up to three years or a fine up
to rupees one lakh or both.
Section 66E. Punishment for violation of privacy

This section provides for the punishment stating that whoever, knowingly or intentionally
captures, transmits, or publishes a photograph of a person’s private area without their
consent, in circumstances that violate that person’s privacy, is punishable by imprisonment
for up to three years or a fine of up to two lakh rupees, or both.
Section 72. Penalty for breach of confidentiality and privacy

This section provides that if any person whoever has secured access to any information or
any other confidential record without the consent of the person concerned and discloses the
same to any other person then he shall be punished with imprisonment for a term up to two
years, or with fine up to INR 1,00,000 (Rupees One Lakh), or with both.
Section 72A. Punishment for disclosure of information in breach of

lawful contract
This section provides that if any person discloses any kind of personal or confidential
information that he has accessed while providing services under the terms of a lawful
contract without the permission of the concerned person then he shall be punished with
imprisonment which may extend to three years, or with fine which may extend to rupees
five lakh, or with both.
Information Technology (Reasonable Security Practices

and Procedures and Sensitive Personal Information)
Rules, 2011
Information Technology (Reasonable Security Practices and Procedures and Sensitive
Personal Information) Rules, 2011 governs and regulates the use of Sensitive Personal data
and information and this act applies to every corporate body or any other individual dealing
with such sensitive personal data or information.
Rule 4. Body corporate to provide policy for privacy and disclosure of

information
This rule makes it mandatory for the body corporates who are collecting personal
information from its users to publish the privacy policy containing all the required provisions
on their websites ensuring that it is clear and easily accessible.
Rule 5. Collection of information

This rule states that a body corporate shall collect any sensitive information only if it is
necessary and for a lawful purpose and that too upon approval from the concerned person.
Also, the collected information shall not be used for any other purpose.
Rule 6. Disclosure of information

This rule prohibits the body corporate to disclose any personal or sensitive information
collected from a person to any third person without prior permission of the concerned
person except any government entity which is working under a lawful act.
Indian Telegraph Act, 1885

The Indian Telegraph Act, 1885 governs the use of wired and wireless telegraphy,
telephones, and other digital data communications. Provisions dealing with the privacy of
data are:
Section 24. Unlawfully attempting to learn the contents of messages

This section states that if any person unlawfully learns the contents of any message he may
be punished with imprisonment for a term up to one year in addition to the fine mentioned
under section 23 of the Act.
Section 25. Intentionally damaging or tampering with telegraphs

This section is a provision for punishment to the person whoever damages or tampers any
part used in a telegraph to prevent the smooth delivery of any message or to commit any
other mischief shall be punished with imprisonment for a term which may extend to three
years, or with a fine or with both.
Section 26. Telegraph officer or other official making away with or

altering, or unlawfully intercepting or disclosing, messages, or divulging
purport of signals
According to this section, if any telegraph officer or any person who is not a telegraph
officer but has official responsibilities in any office that is utilised as a telegraph office
willfully conceals, alters, destroys, or omits to transmit any message or part thereof other
than acting in obedience to a lawful order of a government shall be punished by
imprisonment for a term of up to three years, or by a fine, or both.
Section 30. Retaining a message delivered by mistake

This section provides that if a person fraudulently retains, willfully conceals, or detains a
message that should have been delivered to another person he shall be punished with
imprisonment for a term up to two years, a fine, or both.
This list of above-enumerated legislations is not exhaustive, there are other laws also that
somehow, directly or indirectly, regulate the collection and usage of data.
Conclusion
Data is used by almost every entity and it has become an essential tool to take important
business decisions, when they use the data of any third person they have an obligation not
to make any inappropriate or illegal, or immoral use of that data. Although, currently in
India, there is no such specific regulation for Personal Data Protection as General Data
Protection Regulations (GDPR) in the European Union. But a panel has drafted and proposed
a Personal Data Protection Bill in 2019 which was reviewed by a Joint Parliamentary
Committee that has already submitted its final recommendations and the bill is now subject
to some amendments. Apart from a specific Act for the protection of personal data, there
are many other laws that directly or indirectly, regulate the collection, usage and disclosure
of personal data. However, there still is a dire need for proper legislation that matches up to
the growing pace of requirements in the area of data protection.
References
http://elplaw.in/wp-content/uploads/2018/08/Data-Protection-26-Privacy-Issues-in-
India.pdf
https://www.khaitanco.com/sites/default/files/2021-
04/Data%20Protection%20in%20India%20Overview.pdf
https://blog.ipleaders.in/judicial-interpretation-of-data-protection-and-privacy-in-india/
Students of Lawsikho courses regularly produce writing assignments and work on practical

exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and
various opportunities. You can click on this link and join:
https://t.me/lawyerscommunity
Follow us on Instagram and subscribe to our YouTube channel for more amazing legal

content.
Did you find this blog post helpful? Subscribe so that you never miss another post! Just complete this form…
Name
Email Address
10-6=?
SUBSCRIBE!
17th Sept - 19th Sept, 6 - 9 p.m IST (each day)
Free and online 3-Day Bootcamp on NCA exam for

Indian lawyers and law students who want to practice in
Canada - How to prepare?
Ramanuj Mukherjee CEO & Co-founder,
LawSikho
Abhyuday Agarwal COO & Co-Founder,
LawSikho
Register now
Name
Your Name
Email
Your Email
Which country are you from?
Select your country Select your country
Select your country

+91 - IN (India)
+376 - AD (Andorra)
+971 - AE (United Arab Emirates)
+93 - AF (Afghanistan)
+1268 - AG (Antigua And Barbuda)
+1264 - AI (Anguilla)
+355 - AL (Albania)
+374 - AM (Armenia)
+599 - AN (Netherlands Antilles)
+244 - AO (Angola)
+672 - AQ (Antarctica)
+54 - AR (Argentina)
+1684 - AS (American Samoa)
+43 - AT (Austria)
+61 - AU (Australia)
+297 - AW (Aruba)
+994 - AZ (Azerbaijan)
+387 - BA (Bosnia And Herzegovina)
+1246 - BB (Barbados)
+880 - BD (Bangladesh)
+32 - BE (Belgium)
+226 - BF (Burkina Faso)
+359 - BG (Bulgaria)
+973 - BH (Bahrain)
+257 - BI (Burundi)
+229 - BJ (Benin)
+590 - BL (Saint Barthelemy)
+1441 - BM (Bermuda)
+673 - BN (Brunei Darussalam)
+591 - BO (Bolivia)
+55 - BR (Brazil)
+1242 - BS (Bahamas)
+975 - BT (Bhutan)
+267 - BW (Botswana)
+375 - BY (Belarus)
+501 - BZ (Belize)
+1 - CA (Canada)
+61 - CC (Cocos (keeling) Islands)
+243 - CD (Congo, The Democratic Republic Of
The)
+236 - CF (Central African Republic)
+242 - CG (Congo)
+41 - CH (Switzerland)
+225 - CI (Cote D Ivoire)
+682 - CK (Cook Islands)
+56 - CL (Chile)
+237 - CM (Cameroon)
+86 - CN (China)
+57 - CO (Colombia)
+506 - CR (Costa Rica)
+53 - CU (Cuba)
+238 - CV (Cape Verde)

+61 - CX (Christmas Island)
+357 - CY (Cyprus)
+420 - CZ (Czech Republic)
+49 - DE (Germany)
+253 - DJ (Djibouti)
+45 - DK (Denmark)
+1767 - DM (Dominica)
+1809 - DO (Dominican Republic)
+213 - DZ (Algeria)
+593 - EC (Ecuador)
+372 - EE (Estonia)
+20 - EG (Egypt)
+291 - ER (Eritrea)
+34 - ES (Spain)
+251 - ET (Ethiopia)
+358 - FI (Finland)
+679 - FJ (Fiji)
+500 - FK (Falkland Islands (malvinas))
+691 - FM (Micronesia, Federated States Of)
+298 - FO (Faroe Islands)
+33 - FR (France)
+241 - GA (Gabon)
+44 - GB (United Kingdom)
+1473 - GD (Grenada)
+995 - GE (Georgia)
+233 - GH (Ghana)
+350 - GI (Gibraltar)
+299 - GL (Greenland)
+220 - GM (Gambia)
+224 - GN (Guinea)
+240 - GQ (Equatorial Guinea)
+30 - GR (Greece)
+502 - GT (Guatemala)
+1671 - GU (Guam)
+245 - GW (Guinea-bissau)
+592 - GY (Guyana)
+852 - HK (Hong Kong)
+504 - HN (Honduras)
+385 - HR (Croatia)
+509 - HT (Haiti)
+36 - HU (Hungary)
+62 - ID (Indonesia)
+353 - IE (Ireland)
+972 - IL (Israel)
+44 - IM (Isle Of Man)
+964 - IQ (Iraq)
+98 - IR (Iran, Islamic Republic Of)
+354 - IS (Iceland)
+39 - IT (Italy)
+1876 - JM (Jamaica)
+962 - JO (Jordan)
+81 - JP (Japan)
+254 - KE (Kenya)
+996 - KG (Kyrgyzstan)
+855 - KH (Cambodia)
+686 - KI (Kiribati)
+269 - KM (Comoros)
+1869 - KN (Saint Kitts And Nevis)
+850 - KP (Korea Democratic Peoples Republic
Of)
+82 - KR (Korea Republic Of)
+965 - KW (Kuwait)
+1345 - KY (Cayman Islands)
+7 - KZ (Kazakstan)
+856 - LA (Lao Peoples Democratic Republic)
+961 - LB (Lebanon)
+1758 - LC (Saint Lucia)
+423 - LI (Liechtenstein)
+94 - LK (Sri Lanka)
+231 - LR (Liberia)
+266 - LS (Lesotho)
+370 - LT (Lithuania)
+352 - LU (Luxembourg)
+371 - LV (Latvia)
+218 - LY (Libyan Arab Jamahiriya)
+212 - MA (Morocco)
+377 - MC (Monaco)
+373 - MD (Moldova, Republic Of)
+382 - ME (Montenegro)
+1599 - MF (Saint Martin)
+261 - MG (Madagascar)
+692 - MH (Marshall Islands)
+389 - MK (Macedonia, The Former Yugoslav
Republic Of)
+223 - ML (Mali)
+95 - MM (Myanmar)
+976 - MN (Mongolia)
+853 - MO (Macau)
+1670 - MP (Northern Mariana Islands)
+222 - MR (Mauritania)
+1664 - MS (Montserrat)
+356 - MT (Malta)
+230 - MU (Mauritius)
+960 - MV (Maldives)
+265 - MW (Malawi)
+52 - MX (Mexico)
+60 - MY (Malaysia)
+258 - MZ (Mozambique)
+264 - NA (Namibia)
+687 - NC (New Caledonia)
+227 - NE (Niger)
+234 - NG (Nigeria)
+505 - NI (Nicaragua)
+31 - NL (Netherlands)
+47 - NO (Norway)
+977 - NP (Nepal)
+674 - NR (Nauru)
+683 - NU (Niue)
+64 - NZ (New Zealand)
+968 - OM (Oman)
+507 - PA (Panama)
+51 - PE (Peru)
+689 - PF (French Polynesia)
+675 - PG (Papua New Guinea)
+63 - PH (Philippines)
+92 - PK (Pakistan)
+48 - PL (Poland)
+508 - PM (Saint Pierre And Miquelon)
+870 - PN (Pitcairn)
+1 - PR (Puerto Rico)
+351 - PT (Portugal)
+680 - PW (Palau)
+595 - PY (Paraguay)
+974 - QA (Qatar)
+40 - RO (Romania)
+381 - RS (Serbia)
+7 - RU (Russian Federation)
+250 - RW (Rwanda)
+966 - SA (Saudi Arabia)
+677 - SB (Solomon Islands)
+248 - SC (Seychelles)
+249 - SD (Sudan)
+46 - SE (Sweden)
+65 - SG (Singapore)
+290 - SH (Saint Helena)
+386 - SI (Slovenia)
+421 - SK (Slovakia)
+232 - SL (Sierra Leone)
+378 - SM (San Marino)
+221 - SN (Senegal)
+252 - SO (Somalia)
+597 - SR (Suriname)
+239 - ST (Sao Tome And Principe)
+503 - SV (El Salvador)
+963 - SY (Syrian Arab Republic)
+268 - SZ (Swaziland)
+1649 - TC (Turks And Caicos Islands)
+235 - TD (Chad)
+228 - TG (Togo)
+66 - TH (Thailand)
+992 - TJ (Tajikistan)
+690 - TK (Tokelau)
+670 - TL (Timor-leste)
+993 - TM (Turkmenistan)
+216 - TN (Tunisia)
+676 - TO (Tonga)
+90 - TR (Turkey)
+1868 - TT (Trinidad And Tobago)
+688 - TV (Tuvalu)
+886 - TW (Taiwan, Province Of China)
+255 - TZ (Tanzania, United Republic Of)
+380 - UA (Ukraine)
+256 - UG (Uganda)
+1 - US (United States)
+598 - UY (Uruguay)
+998 - UZ (Uzbekistan)
+39 - VA (Holy See (vatican City State))
+1784 - VC (Saint Vincent And The Grenadines)
+58 - VE (Venezuela)
+1284 - VG (Virgin Islands, British)
+1340 - VI (Virgin Islands, U.s.)
+84 - VN (Viet Nam)
+678 - VU (Vanuatu)
+681 - WF (Wallis And Futuna)
+685 - WS (Samoa)
+381 - XK (Kosovo)
+967 - YE (Yemen)
+262 - YT (Mayotte)
+27 - ZA (South Africa)
+260 - ZM (Zambia)
+263 - ZW (Zimbabwe)
No results
Phone
Your Phone
I want to know more about the lawsikho courses
Yes
No
Register now
Bootcamp starting in
4
Days
19
HRS
34
MIN
26
SEC
Ramanuj Mukherjee CEO & Co-founder,
LawSikho
Abhyuday Agarwal COO & Co-Founder,
LawSikho

Practical Aspects of Data Protection in India - IPleaders

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Practical Aspects of Data Protection in India - IPleaders

Uploaded by

Copyright:

Available Formats

9/12/22, 10:25 PM Practical aspects of data protection in India - iPleaders

This article has been published by Sneha Mahawar.

Concept of data : Indian perspective

Judicial pronouncements on privacy : an intrinsic

M.P. Sharma and Ors. v. Satish Chandra, District

Whether the ‘Right to Privacy’ is a fundamental right or not?

It was held that:

Kharak Singh v. State of Uttar Pradesh and Ors.

Whether the right to privacy is inclusive of Article 21?

It was held that:

Justice K.S. Puttaswamy (Retd.) and Anr. v. Union of India

Regulations in India for data protection

Among those, we will discuss some hereunder:

Personal Data Protection Bill, 2019 (“PDP Bill”)

Applicability of the PDP Bill

(i) The Government;

(ii) Companies Incorporated in India;

The nature of data is regulated by the categories of “data” :

Sensitive personal data

Critical personal data

It means data that has undergone the process of anonymization.

Offences and punishments under the PDP Bill

3. Re-identification and processing of de-identified personal data without permission or

The PDP Bill sets up a Data Protection Authority which may;

1. Take appropriate steps to protect the interests of individuals;

2. Prevent misuse of personal data, and;

3. Ensure compliance with the Bill.

The Information Technology Act, 2000

Section 43. Penalty and compensation for damage to the computer,

Section 43A. Compensation for failure to protect data

Section 66C. Punishment for identity theft

Section 66E. Punishment for violation of privacy

Section 72. Penalty for breach of confidentiality and privacy

Section 72A. Punishment for disclosure of information in breach of

Information Technology (Reasonable Security Practices

Rule 4. Body corporate to provide policy for privacy and disclosure of

Rule 5. Collection of information

Rule 6. Disclosure of information

Indian Telegraph Act, 1885

Section 24. Unlawfully attempting to learn the contents of messages

Section 25. Intentionally damaging or tampering with telegraphs

Section 26. Telegraph officer or other official making away with or

Section 30. Retaining a message delivered by mistake

Students of Lawsikho courses regularly produce writing assignments and work on practical

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal

17th Sept - 19th Sept, 6 - 9 p.m IST (each day)

Free and online 3-Day Bootcamp on NCA exam for

Ramanuj Mukherjee CEO & Co-founder,

Abhyuday Agarwal COO & Co-Founder,

Select your country

+238 - CV (Cape Verde)

Ramanuj Mukherjee CEO & Co-founder,

Abhyuday Agarwal COO & Co-Founder,

You might also like