Cyberlaw Assignment 10020541007

8/6/2019 Cyberlaw Assignment 10020541007

1/10

Laws Related to Data

Protection in India

Anirban Choudhury

SITM PUNE

8/8/2011

Anirban Choudhury

SITM PUNE

8/8/2011

Anirban Choudhury

10020541007

SYSTEM & FINANCE

IPR MEDIA AND

CYBER LAW


2/10

Table of Contents

Introduction ............................................................................................................................................ 3

Data Protection Law in India .................................................................................................................... 3

Section 43 (A) ...................................................................................................................................... 3

Section 66(A) ....................................................................................................................................... 4

Section 66(B) ....................................................................................................................................... 4

Section 66(C) ....................................................................................................................................... 4

Section 66(D) ....................................................................................................................................... 4

Section 66(E) ........................................................................................................................................ 4

Section 66(F) Cyber terrorism .............................................................................................................. 4

Section 67 ............................................................................................................................................ 5

Section 67(A) ....................................................................................................................................... 5

Section 67(B) ....................................................................................................................................... 5

Section 69 Governments power to intercept ....................................................................................... 5

Section 67(C) Preservation of information by intermediaries ........ ................................ ....................... 6

Section 72(A) Liability of Intermediary not to disclose any personal information ....................... ........... 6

Section 79 Liability of Intermediary ...................................................................................................... 6

Section 84(B) Abetment ....................................................................................................................... 6

Section 84(C) Abetment ....................................................................................................................... 6

RIGHT TO PRIVACY BILL 2011 ................................................................................................................... 6

Article 300A of the Constitution: .......................................................................................................... 8

The Copyright Act: ................................................................................................................................... 8

Indian Penal Code Act: ............................................................................................................................. 8

Laws Specific to BPO Industry: ................................................................................................................. 9

Conclusion: .............................................................................................................................................. 9


3/10

Introduction

Data Protection relates to issues relating to the collection, storage, accuracy and use of

data provided by net users in the use of the World Wide Web. Visitors to any website

want their privacy rights to be respected when they engage in e-Commerce. It is part of

the confidence-creating role that successful e-Commerce businesses have to convey to

the consumer. If industry doesnt make sure its guarding the privacy of the data it

collects, it will be the responsibility of the government and its their obligation to enact

legislation.

Any transaction between two or more parties involves an exchange of essential

information between the parties. Technological developments have enabled

transactions by electronic means. Any such information/data collected by the parties

should be used only for the specific purposes for which they were collected. The need

arose, to create rights for those who have their data stored and create responsibilities

for those who collect, store and process such data. The law relating to the creation of

such rights and responsibilities may be referred to as data protection law.

Data Protection Law in India

The Constitution of India does not provide for a fundamental right to privacy explicitly.However, the Constitution of India embodies the Fundamental Rights in Part III, whichare enumerated in Article 1430. Judicial activism has then brought the Right to Privacywithin the realm of Fundamental Rights. The Supreme Court deduced that right from theRight to Life and Personal Liberty enshrined in Article 21 of the Constitution through anextensive interpretation of the phrase. The right to privacy has derived itself from twosources: one being common law of torts and the other being constitutional.

Section 43 (A)

Section 43A provides for compensation for failure to protect sensitive personal data by

body corporate, which is expected to implement and maintain reasonable security

practices and procedures as prescribed by Central Government.

Punishment: If any person, dishonestly or fraudulently, does any act referred to in

section 43, he shall be punishable with imprisonment for a term which may extend to

three years or with fine which may extend to five lakh rupees or with both.


4/10

Section 66(A)

Sending of offensive or false messages, Also known as Cyber Stalking

Section 66(B)

Dishonestly receiving stolen computer resource or communication device. Also covers

use of stolen Computers, mobile phones, SIM Cards, etc

Punishment: Imprisonment upto 3 years or fine uptoRs. 1 lakh or both. Offense is

Bailable.

Section66(C)

Identity theft: Fraudulently or dishonestly using someone elses electronic signature,

password or any other unique identification feature.

Punishment Imprisonment upto 3 years and fine uptoRs. 1 lakh. Offense is Bailable.

Section 66(D)

Cheating by Personification i.e. cheating by pretending to be some other person

Punishment: Imprisonment upto 3 years and fine uptoRs. 1 lakh for sending of

menacing, offensive or false messages via SMS/EMAIL/MMS.

Punishment: Imprisonment upto 3 years and fine.Offense is Bail able.

Section 66(E)

Violation of Privacy, Popularly known as Voyeurism i.e. acts like hiding cameras in

changing rooms, hotel rooms, etc

Punishment: Imprisonment upto 3 years or fine uptoRs. 2 lakh or both.Offense is

Bailable.

Section 66(F) Cyber terrorism

Whoever uses cyberspace with intent to threaten the unity, integrity, security or

sovereignty of India or to strike terror in the people


5/10

Punishment: Imprisonment which may extent to life imprisonment. Offense is

Bailable.

Section 67

Publishing or transmitting obscene material in electronic form.

First instance: Imprisonment upto 3 years and fine uptoRs. 5 lakh. Offense is Bailable.

Subsequent: Imprisonment upto 5 years and fine uptoRs. 10 lakh. Offense is Non

Bailable.

Section 67(A)

Cyber Pornography: Publishing or transmitting sexually explicit acts in the electronic

form

Similarity with Sec. 292 IPC

Punishment: First instance: Imprisonment upto 5 years. Offense is Non Bailable

Subsequent: Imprisonment upto 7 years Fine uptoRs. 10 lakh.Offense is Non Bailable

Section 67(B)

Creating, collecting, browsing, downloading, etc of Child Pornography

Punishment

First instance: Imprisonment upto 5 years

Subsequent: Imprisonment upto 7 years

Fine uptoRs. 10 lakh. Offense is Non Bailable

Section 69Governments power to intercept

Government to intercept, monitor or decrypt any information generated through any

computer resource if it thinks to do so in the interest of the sovereignty or integrity of

India.


6/10

Section 67(C) Preservation of information by intermediaries

Intermediary shall preserve and retain such information as may be specified for such

duration and in such manner and format as the Central Government may prescribe.

Section 72(A) Liability ofIntermediary not to disclose any personal

information

Intermediary to act as per the terms of its lawful contract and not beyond it.

Punishment: Imprisonment upto 3 years or fine upto 5 lakh or both.Offence is Bailable

Section 79 Liability ofIntermediary

An intermediary not to be liable for any third party information, data, or communication

link made available or hosted by him.

Liability ofIntermediary: Intermediary need to prove that he did not:

a) Initiate the transmission

b) Select the receiver of the transmission

c) Select or modify the information contained in the transmission

The intermediary observes due diligence while discharging his duties under the Act.

Section 84(B) Abetment

Abetting to commit an offence is punishable

Punishment: Same punishment provided for the offence under the Act

Section 84(C) Abetment

Attempt to commit an offence is punishable.

Punishment: Imprisonment which may extend to one-half of the longest term of

imprisonment provided for that offence.

RIGHT TO PRIVACY BILL 2011


7/10

The government of India has proposed establishment of data protection authority of

India. This is another instance when Indian government has declared to do something

like this. In the past as well on many occasions Indian government declared that

privacy and data protection bills have been formulated. But till now we do not have data

security, data protection and privacy laws in India.

The bill forbids any person having a place of business in India but has data using

equipment located in India from collecting or processing, using or disclosing any data

relating to individual to any person without consent of such individual. I assume that

there will be exceptions to this section. The wording of this section seems to preclude its

application to the government (unless you can interpret the government to mean a

person having a place of business in India. The bill evidently authorizes the

establishment of an oversight body called Data Protection Authority of India that will

investigate complaints about alleged violations of data protection. The following appear

to be the functions of this body

y To monitor development in data processing and computer technology

y To examine law and to evaluate its effect on data protection

y To give recommendations and to receive representations from members of the

public on any matter generally affecting data protection.

y To investigate any data security breach and issue orders to safeguard the

security interests of affected individuals whose personal data has or is likely to

have been compromised by such breach

However, there is no sign of the proposed draft right to privacy bill 2011 of India whose

praises have already been found in abundance in Indian media. Further, the

nomenclature itself is misleading. The proposed bill, if any, is a bill on data protection

and not privacy protection. Data protection is just a single aspect of privacy protection. It

means we may have to wait for another decade or more for a dedicate privacy law of

India


8/10

Article 300A of the Constitution:

Article 300A of the Constitution ensures the right not to be deprived of property except

by authority of the law. However, this right can be claimed only against the State and

not against private individuals or employees. Further, the data in question has to be

regarded as property.

The Copyright Act:

The Copyright Act, 1957 (Copyright Act) protects Intellectual Property rights in literary,

dramatic, musical, artistic and cinematographic works. The term literary work includes

computer databases as well. Therefore, copying a computer database, or copying and

distributing a database amounts to infringement of copyright for which civil and criminal

remedies can be initiated. However, it is difficult to differentiate between data protection

and database protection under the Copyright Act. Data protection is aimed at protecting

the informational privacy of individuals, while database protection has an entirely

different function, namely, to protect of the creativity and investment put into the

compilation, verification and presentation of databases.

Indian Penal Code Act:

The Indian Penal Code, 1860 (IPC) can be used as an effective means to prevent data

theft. Offences such as misappropriation of property, theft, or criminal breach of trust

attract imprisonment and fine under the IPC. Although the offences of theft and

misappropriation under the IPC only apply to movable property, it has been defined toinclude corporeal property of every description, except land and things permanently

attached to the earth.

Therefore, computer databases can be protected under the IPC, as they are movable

by their very nature, and under the Copyright Act because they are a form of IP.


9/10

Further, business entities seek data protection under contract law and common law, by

incorporating confidentiality and data protection clauses in contracts.

LawsS

pecific to BPOI

ndustry:

In the absence of any specific law, BPOs have implemented self-regulatory processes

such as the BS 7799 and ISO 17799 standards to standardize information security

management and restrict the quantity of data that can be made available to their

employees. Indian BPO outfits are also trying to adhere to US and European

regulations. Most Tier I BPO companies have certifications that comply with the

Sarbanes Oxley Act, the Safe Harbor Act, the Gramm Leach Bliley Act for financial

services, the Fair Debt Collection Practices Act for banking and the Healthcare

Insurance Portability and Accountability Act for healthcare.

Conclusion:

The need for a law on data protection is paramount if India is to sustain investor

confidence, especially among foreign entities that send large amounts of data to India

for back-office operations. Data protection is essential for outsourcing arrangements

that entrust an Indian company with a foreign companys confidential data or trade

secrets, and/or customers confidential and personal data. The proposed legislation for

data protection will ensure adequate safeguards, and also appoint a regulator to monitor

the collected data and its usage.

The stringency of data protection law, whether the prevailing law will suffice such needs,

whether the proposed amendments are a welcome measure, whether India needs a

separate legislation for data protection etc are questions which require an in-depth

analysis of the prevailing circumstances and a comparative study with laws of other

countries. There is no consensus among the experts regarding these issues. These

issues are not in the purview of this write-up. But there can be no doubt about the


10/10

importance of data protection law in the contemporary IT scenario and are not

disputable.

Cyberlaw Assignment 10020541007

Documents

Transcript of Cyberlaw Assignment 10020541007