SOCIO – LEGAL IMPLICATIONS OF DATA PRIVACY LAWS IN INDIA 

1. INTRODUCTION

• WHY THIS TOPIC MATTER

In today’s technological era, every aspect of our lives are stored online. Our finances, bank details, passwords Aadhaar linked biodata and other personal details are all in our devices. While this transformation has accelerated growth and convenience, it has also raised serious concerns about data breaches and cybercrimes. Modernisation has made individuals more vulnerable to hacking, identity theft, and misuse of personal information. 

• KNOW YOUR RIGHTS

Protecting data privacy is not just a technological issue but also a fundamental right. It impacts social trust and national security. To tackle it, the Government of India has introduced the Digital Personal Data Protection Act, 2023 ( in short ‘DPDP Act’).

• AN INTRODUCTION TO DATA PRIVACY LAWS

Recently, the government of India has enacted the Digital Personal Data Protection Act, 2023 which lays down the data privacy laws. It aims at safeguarding the personal information of the citizens and ensures the accountability in the digital ecosystem. Thus, overall it helps in building the citizen confidence.

2. LEGAL BACKGROUND

• WHAT THE LAWS  SAYS

The Information Technology (IT) Act, 2000 was India’s first act that was made to address cybercrime and electronic commerce. It laid down rules for digital signatures, authentication of electronic records, and cyber-offences. While the Act provided a starting point for regulating data protection, to ensure more safer security of modern data privacy problem, Digital Personal Data Protection Act, 2023 was introduced as the country 1st comprehensive data privacy law.

• LEGAL PROVISION YOU SHOULD KNOW

Section 43A of the DPDP Act makes the companies liable for compensating the individuals, if due to their negligence in handling sensitive personal data causes any loss to the individual. Additionally, Section 72 penalizes unauthorized disclosure of information obtained through lawful authority. Consent requirement, right to access, correction, data portability, penalties for misuse are the key points one should know in case there is a breach of your personal data.

• RELEVANT ARTICLES
• Article 21: Right to Privacy is covered under the ambit of Right to life and personal liberty 
•  Article 19: Freedom of Speech & Expression is sometimes affected by the surveillance

3. KEY POINTS

• YOUR LEGAL RIGHTS EXPLAINED

Indian data privacy laws, more particularly the DPDP Acts, aims to secure the personal information of the individuals. It also provides some specific rights to the individuals. One of such right is to know how is your personal data is being used. You can also update or rectify the outdated data 

• KEY PROVISIONS AT GLANCE

1. Companies, organizations, and government bodies (called “data fiduciaries”) are responsible for collecting and storing personal data securely.
2. If they fail to protect data or misuse it, they can face heavy financial penalties under the DPDP Act, 2023.
3. Certain exemptions exist for national security, law enforcement, and public order, where the government may process data without prior consent.

• 5 THINGS YOU MUST KNOW

1. Your personal data cannot be collected without your consent.
2. Health records, financial details, and biometric information are safeguarded with stricter rules.
3. The fine can be imposed on the companies or government bodies if they mishandle your data.
4. You can request that your personal data be erased when it is no longer needed.
5. The state has wide powers to bypass certain rules, especially for reasons like national security and law enforcement.

4. REAL LIFE IMPLICATIONS

• HOW THIS AFFECT YOU

Our data is collected by various online apps, websites etc. No doubt, it is convenient for us but with it comes various risks. Our sensitive data like gender, caste, religion, health records etc can be misused by these platforms. This brings us to the need of the strong data privacy laws. These laws will help us to not only protect our information but also the dignity and security in the digital world. 

• WHEN CAN YOU USE THIS RIGHT

The data privacy rights can be enforced in the case your personal information is used by any authority without your consent. Various situations can be where the company or the organization:

1. Shares Aadhaar details or other sensitive information, or
2. Uses your phone number for the purpose of spamming it,
3. Collects or processes your data without proper authorization.

In such cases, you are entitled to file a complaint under the Digital Personal Data Protection Act, 2023. You can also seek remedies under the IT Act, 2000 to protect your rights and claim redressal.

• EXAMPLES  FROM REAL LIFE

1. Aadhar Data Breach (2018):- In 2018, the biometrics and the bank details of over One Billion people were leaked.
2. Air India Data Breach (2021):- the data of over 4.5 million people were leaked including their name, passport details, credit card information etc. and were sold on dark web.
3. Bigbasket Data Breach (2020):- the personal information and the data of over 20 Million people were sold on the dark web.

5. LEGAL REMEDIES

• WHAT TO DO IF YOUR RIGHT IS VIOLATED

1. You can lodge the complaint 
2. Approach the Data Protection Board established under the DPDP Act, 2023
3. You may seek the redressal of your grievances
4. Keep the evidences of the data breach with you

• HOW TO FILE A COMPLAINT

1. You can approach the concerned company or organization through the grievance officer. It is legally mandatory for them to respond within a specified time. 
2. If the company fails to resolve your issue then you may also approach Data Protection Board. It is the authority which investigates into the issue and impose the penalties on the wrong doer.
3.  In the case of financial loss or serious violations, you may also approach the consumer forums.

• WHERE TO GO FOR HELP

1. The Data Protection Board of India, as it is the main authority to deal with the complaints related to the data privacy.
2. Indian Computer Emergency Response Team, for cyber security related issues like hacking, phishing or data breaches.
3. Consumer Forums, if it is the case of financial loss or serious violations.
4. Supreme Court or the High Court for enforcing the fundamental right of privacy.

6. LAND MARK CASE LAWS
7. K.S. Puttuswamy v. Union of India (2018) – This case of K.S.Puttuswamy is one of the landmark case in the history of India. It is also known as ‘Right to Privacy Verdict’. In this case it was held that the right to privacy is a fundamental right protected under the Indian constitution. This right to privacy is covered under the Article 14, 19 and 21.

2. People’s Union for Civil Liberties V. Union of India (1996) – In this case the question was on the constitutional validity of sec 5(2) of Indian telegraph act. It was argued that this section allows the telephone tapping which is violative of Article 21 i.e right to privacy. The SC did not strike down the section but instead provide guidelines as to telephone tapping that could be conducted only in a specific situation. 

7. CHALLENGES

• COMMON MISUNDERSTANDINGS

Due to lack of awareness among the people of the rural society they often link their aadhar with their bank which results in cyber crimes or misuse of their personal data.

• AREA OF CONCERN

1. Lack of. Safeguard laws and weak enforcement by the government.
2. Increase rate of cybercrimes
3. Lack of awareness regarding digital media.

8. CONCLUSION

• KNOW THE LAW USE THE LAW

Data privacy is not just a concept rather it is a fundamental right. With the enforcement of the DPDP Act, 2023, the citizens now have various rights like consent, correction, and grievance redressal. However, these rights will be beneficial only when the people are aware about them. 

• FINAL THOUGHTS

The objective of the data privacy laws is to balance the individual’s autonomy with the technological growth. In today’s world where data plays such a significant role, strong privacy foster trust, accountability and the democratic values. But the major challenges in this field is the lack of awareness, weak enforcement, and the state surveillance.

• STAY INFORMED , STAY EMPOWERED

The data protection is not just about the laws but also about the empowerment. Every citizen show know his rights so as to question the misuse of the law. This helps to hold the officials accountable for their actions. Staying informed about the data privacy laws will help you to ensure that your privacy is preserved not only on the paper but also in the real life. This will help to make India a secure and inclusive country. 

9. REFERENCES

• Digital Personal Data Protection, 2023
• The Information Technology (IT) Act, 2000
• The Constitution of India
• K.S. Puttuswamy v. Union of India, AIR 2018 SC (SUPP) 1841
• People’s Union for Civil Liberties V. Union of India AIR 1997 SC 68 

Written by Anamika Kumari, student of Panjab University Regional Center, Hoshiarpur, Punjab, and an intern under Legal Vidhiya. 

Disclaimer: The materials provided herein are intended solely for informational purposes. Accessing or using the site or materials does not establish an attorney-client relationship. The information presented on this site is not to be construed as legal or professional advice, and it should not be relied upon for such purposes or used as a substitute for advice from a licensed attorney in your state. Additionally, the viewpoint presented by the author is personal.

Karan Chhetri

‘Social Media Head’ and ‘Case Analyst’ of Legal Vidhiya.