#privacy Archives - Prime Legal

Appropriate risk governance management in the fields of digital data privacy and security in the business world requires not only understanding of applicable laws and regulations, but also at least a reasonable awareness of modern techniques and the activities of the organization or other organization that are accumulating or using private information or controlling behaviour. The Data Protection Act (DPA) regulates the gathering and use of private information. ‘Personal data’ refers to information that may be used to identify any living individual or that, when combined with other information stored by you, can be used to identify any person.

The term ‘processing’ of personal data refers to the act of acquiring, collecting, or storing information. Because you will be managing the private information of your workforce, suppliers, and/or customers as a company, it is probable that your actions will fall under the purview of the DPA. If you are a ‘data controller’ under the Act and fail to tell the Information Commissioner about your organization, your directors may face criminal prosecution. A system administrator is an individual or organization that determines why personal data is handled. Private data must be protected under the DPA.

Personal information according to the DPA must be:

fairly and legally processed;
processed for reasons; adequate, meaningful, and not unnecessary; Personal information must be:
fairly and legally processed;
processed for reasons;
adequate, meaningful, and not unnecessary;
accurate and, where required, updated regularly;
not kept for longer than needed;
processed in accordance with the person’s freedom;
kept safe; and
not transferred to countries outside the EEA unless the information is adequately protected.

Failure to comply can lead to an enforcement letter prohibiting your company from analysing information, thus shutting down numerous firms, as well as severe fines may be imposed. Furthermore, a company’s officials, managers, and directors could be held personally criminally accountable for the violation. Laws governing information privacy, data privacy, or data protection establish a legal framework for obtaining, using, and storing personal data.

The different laws throughout the globe define natural individuals’ rights to regulate who uses their information. This often involves the right to obtain information about which information is held, for what purpose, and to seek deletion if the objective is no longer specified.

Personal Data Protection Bill (PDP)

The PDP Bill (Personal Data Protection Bill) was proposed and passed in India to protect the current data protection system of India. Currently governed under the Information Technology Act 2000. The Personal Data Protection Bill provides rules for notice and previous approval for the use of personal information, constraints on the reasons for which organizations can handle data, and limitations to guarantee that only information needed to provide a service to the person concerned is gathered.

It also contains criteria for data localization and the designation of data protection administrators inside enterprises. This precise data protection regulation has not yet been established in India. The Indian legislature did, nevertheless, alter the Information Technology Act (2000) to add Sections 43A and 72A, which provide for reimbursement for wrongful personal data. Rules governing the acquisition and sharing of private information.

Under Article 43A of the IT Act, the Indian federal government later enacted the Information Technology Rules. The Regulations place extra duties on corporate and commercial enterprises in India for the acquisition and disclosure of sensitive private and confidential information, which are comparable to the GDPR and the Data Protection Regulations. Organizations in regulated industries, such as financial services and telecommunications, are subordinate to confidentiality obligations under sectoral laws that force them to keep customers’ data kept private and use it only for recommended purposes or in the sort of way agreed upon with the customer.

PDP will be introduced in stages. The Indian government and a Joint Parliamentary Council have submitted the original PDP Bill on data protection, which would be India’s first legislation on the protection of personal information and therefore will abolish Section 43A of the IT Act. Nevertheless, yet after approval, the law is likely to be adopted in stages. There is currently no available information concerning the deployment timeframe.

Furthermore, India lacks a national regulatory authority for personal data protection. The Ministry of Electronics and Information Technology oversees overseeing the IT Act and making regulations and other adjustments under the IT Act. The Personal Data Protection Bill proposes the establishment of a Data Protection Authority of India, which would be accountable for safeguarding data principals’ rights, prohibiting the exploitation of personal information, and enforcing compliance with the new legislation.

WhatsApp clashes with the Indian government Regarding Privacy Rules

Recently WhatsApp filed a suit in Delhi against the Indian Government to block the rules which may be coming into force. Experts suggested that would compel Facebooks messaging application to break the privacy and protection. The appeal seeks the Delhi High Court to determine since one of the new IT rules violates India’s constitution’s right to privacy by requiring social media websites to identify the “original source of data” when officials seek so. WhatsApp claims that since conversations are secured end-to-end, it would have to decrypt messages for both message recipients and senders in order to keep up with the changes in the new legislation.

When asked to elaborate on the court case, WhatsApp said in a statement, “Mandating text messaging applications to detect chats is the equivalent of having others to maintain an information of every particular message sent through WhatsApp, which might dissolve end-to-end encryption and profoundly diminish anyone’s privacy rights.” The court determined that privacy should be protected unless legality, need, and proportionality all counted against this. WhatsApp says that the new legislation breaches all those requirements, beginning with a lack of clear legislative support.

Data Protection Act and its Impact on Small Businesses

The Data Protection Act of 1998 safeguards personal data held by corporations and governments by setting restrictions on the transmission of such data and information. The Legislation contains various provisions that should be followed while acquiring and providing data. These guidelines, or Data Protection Policies, are issued by the Information Committees Office, which oversees determining how businesses utilize personal information and if they are accountable enough while collecting and distributing such data. Every day, many enterprises, especially huge ones, manage massive amounts of data. Therefore, they must devise methods for auditing enormous amounts of redundant or outmoded data. Previous Information is already out of date as well as prone to mistakes like transmitting incorrect information.

Records having past data are harder to verify than those carrying recent data. It is difficult to uncover private information among a slew of worthless data. Given all these factors, it becomes critical for businesses, whether big or small, to maintain and update on a regular basis and discard older data that might create errors in sharing information, as well as safeguard confidential material from ending up in the hands of a rival

Conclusion

Data protection regulations have become more important not only in our country but then also throughout the globe. Because more and more technologies are used in their daily lives, users’ security must be safeguarded because they are surrendering it with each usage. Nowadays, practically every element of our interaction and privacy is controlled by a third person. The dimensions of the current virtual era are such that practically every single transaction that persons engage in includes some type of information transmission or another.

This might also raise concerns about the “data protection expectations” which have been established as a significant foundation in the scope of Data Protection Legislation. While the information may be put to good use, the uncontrolled and random use of data worldwide has generated concerns among people about their security and liberty. In addition, the Apex Court issued a historic decision on the subject topic, which resulted in the implementation of the right to privacy and freedom of expression as a fundamental right.

“PRIME LEGAL is a full-service law firm that has won a National Award and has more than 20 years of experience in an array of sectors and practice areas. Prime legal fall into a category of best law firm, best lawyer, best family lawyer, best divorce lawyer, best divorce law firm, best criminal lawyer, best criminal law firm, best consumer lawyer, best civil lawyer.”

References:

Petrescu, M., & Krishen, A. S. Analysing the analytics: Data privacy concerns

– Journal of Marketing Analytics. Retrieved from

https://link.springer.com/article/10.1057/s41270 –018 –0034 –x

Martin, K. D., Borah, A., & Palma tier, R. Data Privacy: Effects on Customer and firm performance. Retrieved from

https://www.researchgate.net/publication/305822708_Data_Privacy_Effects_on_Customer_a nd_Firm_Performance

LLP, P. What is the Data Protection Act, and how does it affect my business? Retrieved from https://www.bdbpitmans.com/insights/what –is –the –data –protection act –and –how –does –it –affect –my –business/

Data Protection Act 1998. Retrieved from https://en.wikipedia.org/wiki/Data_Protection_Act_1998

What is a Data Subject? Experian Business. (n.d.). Retrieved from

https://www.experian.co.uk/business/glossary/data –subject/index

Data Protection / Privacy Policy – DCD. (n.d.). Retrieved from

https://www.datacenterdynamics.com/en/data –protection –privacy –policy/

Johnson, K.Council Post: The Impact of Data Privacy on Your Business. Retrieved from https://www.forbes.com/sites/forbestechcouncil/2018/09/14/the impact –of –data –privacy –on –your –business/?sh=54fb2fe0196c

Written by- Anushka Satwani

High Court Of Gujarat vs Gujarat Information Commission on 17 January, 2023

Bench: Honourable Justice Biren Vaishnav

R/SPECIAL CIVIL APPLICATION NO. 18152 of 2016

FACTS

The respondent no: 2 who is a Judicial Officer submitted an application seeking information in reference to

Details of Home town, place of practice, personal data form, relation with any Judicial Officer/Advocate
Decisions of Hon’ble High Court of Gujarat on the representations for transfer submitted by the judicial officers of his batch
Certified copy of representations for transfer submitted by the judicial officers of his batch

Among other things.

The application along with the money order was received by the Public Information Officer. Thereafter, the Public Information Officer initiated a correspondence with the concerned department for collecting the information as sought for by the respondent that involved a considerable time. He provided all the information requested by respondent no: 2 except the above mentioned information sought by the respondent. Aggrieved by the action of the Public Information Officer, the respondent filed First Appeal No.37 of 2014 on 11.04.2014 before the Appellate Authority. He contended that information with regard to certain items viz. items had not been provided. On hearing the parties, the Public Information Officer addressed a reply to the respondent providing the details of the information sought by him. In reference to some of the points for which the information was not provided, the public information officer stated that the information was highly personal and hence he could not provide it.

The Appellate Authority after examining the case rejected the appeal of the respondent. While rejecting the appeal the Appellate Authority observed that since some of the information was personal in nature, it could not be provided

Aggrieved by the order of the First Appellate Authority, the respondent no: 2 filed an appeal before the respondent no.1. By the impugned order dated 23.06.2014, the Appellate Authority has passed a judgement directing the Public Information Officer to provide the remaining information available to the respondent no.2 within 15 days from the receipt of the order. It is on this ground that the petition has been filed.

The advocate for the petitioner submitted that the Information Commission could not direct the respondent to provide the information which it itself could not provide as it pertained to third party and in view of the embargo imposed in Section 8(1)(j) of the Act, it was rightly not provided. Section 8(1) (j) of the RTI Act, 2005 encapsulates that information which relates to personal information the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual, unless the CPIO or SPIO or the Appellate Authority is satisfied that the larger public interest justifies the disclosure of such information should be exempted from disclosure

Judgement

The Gujarat High Court after considering representation from both the parties held that the above mentioned information sought by respondent no: 2 was evidently personal and the appellate authority rightly rejected such information under section 8(1)(j) of the RTI Act.

The Honourable judge also held that any information between the employer and employee solely governed by the service rules and falls within the ambit of ‘personal information’ and the disclosure of which would cause unwarranted intrusion of privacy need not be disclosed.

The Court held that since the above mentioned information is highly personal and warrants a clear breach of privacy, it is not liable to be disclosed.

JUDGEMENT REVIEWED BY AMIT ARAVIND

click here to view judgement

Best Lawyers in Bangalore

DATA PRIVACY LAWS AND THEIR IMPACT ON BUSINESS OPERATIONS

A Public information officer is not liable to disclose personal information if it warrants a clear breach of privacy of the individual: Gujarat High Court