India

Screen Shot 2017-11-17 at 1.27.00 pmBy Vineet Aneja and Vasudha Luniya, Clasis Law

E: vineet.aneja@clasislaw.com,

E: vasudha.luniya@clasislaw.com

 

The concept of data protection and privacy has not been addressed in any exclusive comprehensive legislation in India. However, the Supreme Court of India through a recent landmark judgment has heralded right to privacy as a fundamental right guaranteed to an Indian citizen under Article 21 of the Constitution of India. Such right to privacy impliedly includes the protection of personal and sensitive data of a person such as age, sex, date of birth or sexual orientation (which are all important aspects of dignity).

Right to privacy and data protection
The sphere of privacy stretches at one end to those intimate matters to which a reasonable expectation of privacy may attach. It expresses a right to be left alone. A broader connotation which has emerged in academic literature of a comparatively recent origin is related to the protection of one’s identity. Data protection relates closely with the latter sphere.

On August 24, 2017, in a landmark nine-bench ruling, the Apex Court in Puttaswamy vs Union of India unanimously declared right to privacy as an intrinsic part of the right to life and personal liberty under Article 21 of the Constitution of India.
On the point of data protection, the Apex Court has ordered the government to ensure a “robust regime for data protection” that would deliver “a careful and sensitive balance between individual interests and legitimate concerns of the state” is put into place soon.

Data protection
The Information Technology Act, 2000 (Act) contains specific provisions intended to protect electronic data (including non-electronic records or information that has been, is currently or is intended to be processed electronically). The Act was subsequently amended in 2008 to provide for protection of “sensitive personal data or information” (SPDI) and deal with compensation for negligence in implementing and maintaining reasonable security practices and procedures in relation to SPDI. SPDI includes passwords, financial information, such as bank account or credit card details, physical, physiological and mental health condition, sexual orientation, medical records and history, and biometric information.
Screen Shot 2017-10-12 at 11.04.41 am

On the point of SPDI, the Ministry of Communications and Information Technology adopted the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (Rules). The Rules relate to SPDI and are applicable to a body corporate or to any person located within India. Outsourcing companies/ intermediaries located within or outside India are exempt from the provisions of collection and disclosure as set out under the Rules, however, a body corporate providing services to an information provider directly under a contractual obligation is not exempt from these provisions.

Corporate obligations
A body corporate providing services relating to collection, storage, dealing or handling of SPDI under contractual obligation with any information provider shall be subject to compliance of the Rules. Information providers are those natural persons who provide SPDI to a body corporate.

To sum up, the Rules broadly regulate the: (a) collection, receipt, possession, use, storage, dealing or handling of SPDI; (b) transfer or disclosure of SPDI; (c) security procedures for protecting SPDI; (d) transfer of SPDI outside India; and (e) disclosure of SPDI to the Government.

Conclusion
Data privacy and data protection laws by their very nature need to be dynamic, constantly expanding and improving to deal with new impediments and hindrances. One such hindrance was the recent WannaCry ransomware cyber-attack which affected many globally. At the same time, domestically, one such encouraging step towards data protection is the Supreme Court case ruling on ‘right to privacy’.

It is imperative for foreign companies establishing business in India to ensure that their local Indian entity adheres to Indian data privacy and data protection law requirements even if the local entity has been following global best practices in this regard. Further, the privacy policies and other related policies of a body corporate should be in line with the Rules so as to protect the SPDI of the information provider.

 

Clasis Law Logo

 

 

W: www.clasislaw.com

E: vineet.aneja@clasislaw.com

E: vasudha.luniya@clasislaw.com

T: (91) 11 4213 0000

F: (91) 11 4213 0099

Tags: Cybersecurity, Data Privacy, India
Related Articles by Firm
India going all out to woo foreign companies moving out of China
A silver lining of the Covid-19 crisis is the potential of becoming an attractive alternative to China.
Doing business and ease of doing business in India
VIDEO BRIEFING: The government has taken numerous steps to give an impetus to foreign investment, but a lot remains to be done.
MCA introduces e-form DIR-3-KYC for directors with approved DINS
This compliance exercise seems to be a checkpoint for only genuine individuals acting as directors in a legitimate capacity.
A wide net of ineligibilities for being a resolution applicant
Almost two years after the Bankruptcy Law Reforms Committee submitted its report, the Insolvency and Bankruptcy Code is still a work in progress.
Insolvency in India: Section 29A…
A wide net of ineligibities for being a Resolution Applicant ...
DISHA — India’s probable response to the law on protection of digital health data
Sensitisation and protection of people’s right to privacy and security of their data are the bedrock of DISHA.
The Admiralty (Jurisdiction and Settlement of Maritime Claims) Act, 2017
This much-awaited piece of legislation brings clarity to various deadlocks in Indian jurisprudence.
Metro projects likely to drive India's infrastructure sector
Metro Rail projects in India have picked up pace and are likely to catalyse substantial opportunities over the next few years.
Handling disciplinary proceedings by employers
Breach of an employment contract by an employee often results in disciplinary action leading up to termination in cases of serious misconduct.
Clasis Law Newsletter
The latest legal news from India, including recent court judgments, changes to corporate/commercial law and updates on projects and IP.
Initial Coin Offerings: Another brainteaser in the virtual currency bandwagon
The position of virtual currencies and ICOs in India remains murky.
The impact of General Data Protection Regulations on Indian companies
Extraterritorial applicability of GDPR makes it clear that these regulations will be applicable regardless of whether the processing takes place in EU or not.
ONGC vs Sime Darby consortium
An unsuccessful party cannot possibly apply for interim relief in aid of what it lost before the arbitral tribunal.
The Fugitive Economic Offenders Bill 2018
The bill aims to provide an effective, expeditious and constitutionally permissible deterrent to ensure that such actions are curbed.
Understanding The Maharashtra Shops And Establishments Rules 2018
The Act regulates the employer–employee relationship and service conditions such as hours of work, payment of wages, overtime, leave, holidays, etc.
Supreme Court gives clarity on Section 26 of the Arbitration and Conciliation (Amendment) Act, 2015
In Board of Control for Cricket in India vs Kochi Cricket, the Supreme Court has clarified some issues surrounding the Act.
Delhi High Court resolves uncertainty between two conflicting clauses in contracts
The settled principle of contra proferentem has been re-affirmed by the Court in a case involving Delhi Metro Rail and Voestalpine.
India: Supreme Court update
Supreme Court refers the question to determine the liability of the consignee or steamer agent in respect of ground rent charges to be paid to the port trust to a larger bench ...
Corporate Social Responsibility
There is a growing realization among the corporates that business growth along with positive community/social impact is now an expected goal ...
India: Execution Proceedings for Enforcement of Arbitral Award
Recent Supreme Court judgement resolves certain issues and requirements ...
India: Impact of the Companies (Amendment) Act, 2017
With the assent of the President on January 3, 2018, the much-awaited Companies (Amendment) Act, 2017 (Amendment Act), which provides for simpler provisions but stringent penalties, has finally seen the light of the day ...
Voluntary Liquidation in India
Winding up under Insolvency and Bankruptcy Code, 2016 ...
Strike Off of Companies in India
Over the years, many companies have been lagging behind in filing of annual documents such as annual returns, financial statements etc ...
India: Valuation by Registered Valuer
“Price is what you pay, Value is what you get” ...
India: Amendments Under Master Directions on Issuance and Operation of Prepaid Payment by RBI
Digital wallets such as PayTM, along with debit and credit cards, are expected to reduce (if not completely replace) the use of paper currency …
India: Institutional Arbitration – Need of the Hour
The need to promote and encourage institutional arbitration for commercial disputes in India ...
India: Supreme Court settles the law: Major relief for foreign operational creditors
Clasis Law recently represented Macquarie Bank in two civil appeals before the Supreme Court of India ...
India: Consumer Protection
NCDRC’s ruling on ‘Voluntary Consumer Association’ under the Consumer Protection Act, 1986 ...
India: Foreign Exchange Management Regulation
Significant changes for transfer or issue of security to a person resident outside India ...
India: Directors' duties and liabilities under the Companies Act, 2013
Directors must be aware of their role, responsibilities and duties towards the company and its shareholders ...
India Update for December 2017
This edition brings to our readers a featured article titled “The Tourism and Hospitality Sector 2017 — The Year Gone By!!”
India: RBI issues Directions on Peer to Peer Lending Platform
Online lending transactions are in their nascent stage in India and given the increase in peer-to-peer (P2P) lending through e-commerce marketplace it is of extreme importance to regulate such transactions ...
India: Protection against groundless threats under Indian IP laws
Rapidly growing awareness of intellectual property (IP) rights and a well-structured statutory regime protecting IP has allowed rights owners to assert and enjoy the limited monopolies conferred on them ...
Corporate compliance: Necessity and implication
The Companies Act of India is the primary legislation governing the functioning of companies established in India during their lifecycle....
India update from Clasis Law
Including briefings on the national food processing policy, projects and energy, and intellectual property.
RBI intervenes in patching up of Tata and DoCoMo’s joint venture
Background to the joint venture: Tata DoCoMo, an Indian mobile network operator, was set up as a joint venture between Tata Teleservices (TTSL) and NTT DoCoMo in November 2008...
Regulatory challenges for Vodafone Idea merger
Vodafone India is in discussions with Idea Cellular for an all-share merger. It appears that the intense competition the Indian telecom industry is facing due to freebies offered by the new entrant, Reliance Jio, has ...
India Update, inc: Regulatory challenges for Vodafone Idea merger
This months India newsletter from Clasis Law includes an article on the “Regulatory challenges for Vodafone Idea merger”, plus updates in Projects, Energy, IP and Banking & Finance ...
Investment conditions and restrictions for venture capital funds
Venture capital funds (VCFs) are contributing considerably to India’s economic growth. The amount of investment directed to venture capital has grown in recent years due to the pro-business environment and ...
India’s bid to become a hub for international commercial arbitration
As one of the world’s fastest-growing economies, India is a party to many international commercial arbitrations and the government is making efforts ...
Brands – Role and liability of celebrity endorsers
The marketing and advertising industry has grown as an organised industry using innovative ideas that are designed to ...
Related Articles
Related Articles by Jurisdiction
India: Execution Proceedings for Enforcement of Arbitral Award
Recent Supreme Court judgement resolves certain issues and requirements ...
Handling disciplinary proceedings by employers
Breach of an employment contract by an employee often results in disciplinary action leading up to termination in cases of serious misconduct.
Latest Articles