Upload
anirban-choudhury
View
216
Download
0
Embed Size (px)
Citation preview
8/6/2019 Cyberlaw Assignment 10020541007
1/10
Laws Related to Data
Protection in India
Anirban Choudhury
SITM PUNE
8/8/2011
Anirban Choudhury
SITM PUNE
8/8/2011
Anirban Choudhury
10020541007
SYSTEM & FINANCE
IPR MEDIA AND
CYBER LAW
8/6/2019 Cyberlaw Assignment 10020541007
2/10
Table of Contents
Introduction ............................................................................................................................................ 3
Data Protection Law in India .................................................................................................................... 3
Section 43 (A) ...................................................................................................................................... 3
Section 66(A) ....................................................................................................................................... 4
Section 66(B) ....................................................................................................................................... 4
Section 66(C) ....................................................................................................................................... 4
Section 66(D) ....................................................................................................................................... 4
Section 66(E) ........................................................................................................................................ 4
Section 66(F) Cyber terrorism .............................................................................................................. 4
Section 67 ............................................................................................................................................ 5
Section 67(A) ....................................................................................................................................... 5
Section 67(B) ....................................................................................................................................... 5
Section 69 Governments power to intercept ....................................................................................... 5
Section 67(C) Preservation of information by intermediaries ........ ................................ ....................... 6
Section 72(A) Liability of Intermediary not to disclose any personal information ....................... ........... 6
Section 79 Liability of Intermediary ...................................................................................................... 6
Section 84(B) Abetment ....................................................................................................................... 6
Section 84(C) Abetment ....................................................................................................................... 6
RIGHT TO PRIVACY BILL 2011 ................................................................................................................... 6
Article 300A of the Constitution: .......................................................................................................... 8
The Copyright Act: ................................................................................................................................... 8
Indian Penal Code Act: ............................................................................................................................. 8
Laws Specific to BPO Industry: ................................................................................................................. 9
Conclusion: .............................................................................................................................................. 9
8/6/2019 Cyberlaw Assignment 10020541007
3/10
Introduction
Data Protection relates to issues relating to the collection, storage, accuracy and use of
data provided by net users in the use of the World Wide Web. Visitors to any website
want their privacy rights to be respected when they engage in e-Commerce. It is part of
the confidence-creating role that successful e-Commerce businesses have to convey to
the consumer. If industry doesnt make sure its guarding the privacy of the data it
collects, it will be the responsibility of the government and its their obligation to enact
legislation.
Any transaction between two or more parties involves an exchange of essential
information between the parties. Technological developments have enabled
transactions by electronic means. Any such information/data collected by the parties
should be used only for the specific purposes for which they were collected. The need
arose, to create rights for those who have their data stored and create responsibilities
for those who collect, store and process such data. The law relating to the creation of
such rights and responsibilities may be referred to as data protection law.
Data Protection Law in India
The Constitution of India does not provide for a fundamental right to privacy explicitly.However, the Constitution of India embodies the Fundamental Rights in Part III, whichare enumerated in Article 1430. Judicial activism has then brought the Right to Privacywithin the realm of Fundamental Rights. The Supreme Court deduced that right from theRight to Life and Personal Liberty enshrined in Article 21 of the Constitution through anextensive interpretation of the phrase. The right to privacy has derived itself from twosources: one being common law of torts and the other being constitutional.
Section 43 (A)
Section 43A provides for compensation for failure to protect sensitive personal data by
body corporate, which is expected to implement and maintain reasonable security
practices and procedures as prescribed by Central Government.
Punishment: If any person, dishonestly or fraudulently, does any act referred to in
section 43, he shall be punishable with imprisonment for a term which may extend to
three years or with fine which may extend to five lakh rupees or with both.
8/6/2019 Cyberlaw Assignment 10020541007
4/10
Section 66(A)
Sending of offensive or false messages, Also known as Cyber Stalking
Section 66(B)
Dishonestly receiving stolen computer resource or communication device. Also covers
use of stolen Computers, mobile phones, SIM Cards, etc
Punishment: Imprisonment upto 3 years or fine uptoRs. 1 lakh or both. Offense is
Bailable.
Section66(C)
Identity theft: Fraudulently or dishonestly using someone elses electronic signature,
password or any other unique identification feature.
Punishment Imprisonment upto 3 years and fine uptoRs. 1 lakh. Offense is Bailable.
Section 66(D)
Cheating by Personification i.e. cheating by pretending to be some other person
Punishment: Imprisonment upto 3 years and fine uptoRs. 1 lakh for sending of
menacing, offensive or false messages via SMS/EMAIL/MMS.
Punishment: Imprisonment upto 3 years and fine.Offense is Bail able.
Section 66(E)
Violation of Privacy, Popularly known as Voyeurism i.e. acts like hiding cameras in
changing rooms, hotel rooms, etc
Punishment: Imprisonment upto 3 years or fine uptoRs. 2 lakh or both.Offense is
Bailable.
Section 66(F) Cyber terrorism
Whoever uses cyberspace with intent to threaten the unity, integrity, security or
sovereignty of India or to strike terror in the people
8/6/2019 Cyberlaw Assignment 10020541007
5/10
Punishment: Imprisonment which may extent to life imprisonment. Offense is
Bailable.
Section 67
Publishing or transmitting obscene material in electronic form.
First instance: Imprisonment upto 3 years and fine uptoRs. 5 lakh. Offense is Bailable.
Subsequent: Imprisonment upto 5 years and fine uptoRs. 10 lakh. Offense is Non
Bailable.
Section 67(A)
Cyber Pornography: Publishing or transmitting sexually explicit acts in the electronic
form
Similarity with Sec. 292 IPC
Punishment: First instance: Imprisonment upto 5 years. Offense is Non Bailable
Subsequent: Imprisonment upto 7 years Fine uptoRs. 10 lakh.Offense is Non Bailable
Section 67(B)
Creating, collecting, browsing, downloading, etc of Child Pornography
Punishment
First instance: Imprisonment upto 5 years
Subsequent: Imprisonment upto 7 years
Fine uptoRs. 10 lakh. Offense is Non Bailable
Section 69Governments power to intercept
Government to intercept, monitor or decrypt any information generated through any
computer resource if it thinks to do so in the interest of the sovereignty or integrity of
India.
8/6/2019 Cyberlaw Assignment 10020541007
6/10
Section 67(C) Preservation of information by intermediaries
Intermediary shall preserve and retain such information as may be specified for such
duration and in such manner and format as the Central Government may prescribe.
Section 72(A) Liability ofIntermediary not to disclose any personal
information
Intermediary to act as per the terms of its lawful contract and not beyond it.
Punishment: Imprisonment upto 3 years or fine upto 5 lakh or both.Offence is Bailable
Section 79 Liability ofIntermediary
An intermediary not to be liable for any third party information, data, or communication
link made available or hosted by him.
Liability ofIntermediary: Intermediary need to prove that he did not:
a) Initiate the transmission
b) Select the receiver of the transmission
c) Select or modify the information contained in the transmission
The intermediary observes due diligence while discharging his duties under the Act.
Section 84(B) Abetment
Abetting to commit an offence is punishable
Punishment: Same punishment provided for the offence under the Act
Section 84(C) Abetment
Attempt to commit an offence is punishable.
Punishment: Imprisonment which may extend to one-half of the longest term of
imprisonment provided for that offence.
RIGHT TO PRIVACY BILL 2011
8/6/2019 Cyberlaw Assignment 10020541007
7/10
The government of India has proposed establishment of data protection authority of
India. This is another instance when Indian government has declared to do something
like this. In the past as well on many occasions Indian government declared that
privacy and data protection bills have been formulated. But till now we do not have data
security, data protection and privacy laws in India.
The bill forbids any person having a place of business in India but has data using
equipment located in India from collecting or processing, using or disclosing any data
relating to individual to any person without consent of such individual. I assume that
there will be exceptions to this section. The wording of this section seems to preclude its
application to the government (unless you can interpret the government to mean a
person having a place of business in India. The bill evidently authorizes the
establishment of an oversight body called Data Protection Authority of India that will
investigate complaints about alleged violations of data protection. The following appear
to be the functions of this body
y To monitor development in data processing and computer technology
y To examine law and to evaluate its effect on data protection
y To give recommendations and to receive representations from members of the
public on any matter generally affecting data protection.
y To investigate any data security breach and issue orders to safeguard the
security interests of affected individuals whose personal data has or is likely to
have been compromised by such breach
However, there is no sign of the proposed draft right to privacy bill 2011 of India whose
praises have already been found in abundance in Indian media. Further, the
nomenclature itself is misleading. The proposed bill, if any, is a bill on data protection
and not privacy protection. Data protection is just a single aspect of privacy protection. It
means we may have to wait for another decade or more for a dedicate privacy law of
India
8/6/2019 Cyberlaw Assignment 10020541007
8/10
Article 300A of the Constitution:
Article 300A of the Constitution ensures the right not to be deprived of property except
by authority of the law. However, this right can be claimed only against the State and
not against private individuals or employees. Further, the data in question has to be
regarded as property.
The Copyright Act:
The Copyright Act, 1957 (Copyright Act) protects Intellectual Property rights in literary,
dramatic, musical, artistic and cinematographic works. The term literary work includes
computer databases as well. Therefore, copying a computer database, or copying and
distributing a database amounts to infringement of copyright for which civil and criminal
remedies can be initiated. However, it is difficult to differentiate between data protection
and database protection under the Copyright Act. Data protection is aimed at protecting
the informational privacy of individuals, while database protection has an entirely
different function, namely, to protect of the creativity and investment put into the
compilation, verification and presentation of databases.
Indian Penal Code Act:
The Indian Penal Code, 1860 (IPC) can be used as an effective means to prevent data
theft. Offences such as misappropriation of property, theft, or criminal breach of trust
attract imprisonment and fine under the IPC. Although the offences of theft and
misappropriation under the IPC only apply to movable property, it has been defined toinclude corporeal property of every description, except land and things permanently
attached to the earth.
Therefore, computer databases can be protected under the IPC, as they are movable
by their very nature, and under the Copyright Act because they are a form of IP.
8/6/2019 Cyberlaw Assignment 10020541007
9/10
Further, business entities seek data protection under contract law and common law, by
incorporating confidentiality and data protection clauses in contracts.
LawsS
pecific to BPOI
ndustry:
In the absence of any specific law, BPOs have implemented self-regulatory processes
such as the BS 7799 and ISO 17799 standards to standardize information security
management and restrict the quantity of data that can be made available to their
employees. Indian BPO outfits are also trying to adhere to US and European
regulations. Most Tier I BPO companies have certifications that comply with the
Sarbanes Oxley Act, the Safe Harbor Act, the Gramm Leach Bliley Act for financial
services, the Fair Debt Collection Practices Act for banking and the Healthcare
Insurance Portability and Accountability Act for healthcare.
Conclusion:
The need for a law on data protection is paramount if India is to sustain investor
confidence, especially among foreign entities that send large amounts of data to India
for back-office operations. Data protection is essential for outsourcing arrangements
that entrust an Indian company with a foreign companys confidential data or trade
secrets, and/or customers confidential and personal data. The proposed legislation for
data protection will ensure adequate safeguards, and also appoint a regulator to monitor
the collected data and its usage.
The stringency of data protection law, whether the prevailing law will suffice such needs,
whether the proposed amendments are a welcome measure, whether India needs a
separate legislation for data protection etc are questions which require an in-depth
analysis of the prevailing circumstances and a comparative study with laws of other
countries. There is no consensus among the experts regarding these issues. These
issues are not in the purview of this write-up. But there can be no doubt about the
8/6/2019 Cyberlaw Assignment 10020541007
10/10
importance of data protection law in the contemporary IT scenario and are not
disputable.