• Balbir Bora

Data Protection and Privacy

Data Privacy

In the world of digitisation, almost every minute piece of information is available online which can be easily accessed by anyone and further be used inappropriately. The possibility of our private information being extremely vulnerable is very real and therefore, we require data privacy. Let us delve deep on the meaning of data privacy in this blog and why it is so important in the modern world.


What is data privacy?

‘Data’ refers to any piece of information, while ‘privacy’ refers to preserving or keeping it to one-self. To sum it up, ‘data privacy’ is generally the need of preserving/protecting any personal information pertaining to an individual or an organization from exposing it to a third party. It is also referred to as information privacy.


Any personal data that is sensitive or can be maliciously used by someone is a crucial part of data privacy. These personal details include data that is given out during any online activity (most of the sites have privacy policies for using the data shared by the user), financial data (bank account details shared online or offline that can be misused by someone to deceit the other), or any other sensitive information like medical history of a person and his treatment records that should not be disclosed to a third party. Sharing of location details online also involves a high risk, which needs to be protected too.


Why is data privacy important?

In the current times, data has become close to a basic human need and the data economy has raised tremendously. This is the reason why big companies like Facebook, Amazon, Google, etc. are on top of the data economy. It is necessary for them to maintain transparency and abide by the privacy policies to build an environment of trust and accountability for the customers.


We have heard plenty of major data privacy issues that have occurred in the past, which has led to the amendment of privacy laws, be it GDPR or CCPA.


One of the biggest data breach incidents is the Cambridge Analytica debacle when Facebook’s Security Breach exposed accounts of 50 million users. The world’s largest social media platform’s CEO Mark Zukerburg had to apologize in front of the United States Senate for this violation. Another such incident happened with LinkedIn where a whopping 165 million user accounts were compromised. Many more incidents have been occurring in the past and have raised doubts in the mind of the common people- is their data really safe?


According to a recent report by ‘Cyble’, more than 1 lakh IDs of Indian users like Aadhaar, PAN, driving license, passport, etc. are on sale on dark web. Based on file details, they appear to have originated from 2017 to 2020. Cyble is investigating the source of leak. The total size of the data is alleged to be over 100GB


Data Privacy Laws across the world

Over the period of time, various data privacy laws have been introduced and enacted by different countries. The most recent and the popular ones are GDPR (General Data Privacy Regulation) 2018 and CCPA (California Consumer Privacy Act) 2020.


EU’s GDPR Enacted in May 2018, it aims to protect the EU's citizens personal data and provide a regulatory environment for business so that citizens as well as the businesses in the European Union can benefit from the digital economy. The official PDF of the regulation comprises of a total of 11 chapters which further contain 99 articles. The seven principles include: lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality (security), and accountability. In case of any violation in the laws, the individual or the organisation involved in such activity can be charged a heavy penalty.


US’s CCPA Enacted in January 2020, it allows the citizens of California with right to demand the view of all their information that a company has saved as well as the full list of the third parties with whom the data is shared. In addition, the law also allows consumers to sue the companies if they intend to violate any of the privacy guidelines, even if there is no data breach.


Current Situation for Data Protection in India

India does not have any proper privacy policy as of now. However, the Indian legislature did amend the Information Technology Act 2000 (‘IT Act’) to include Section 43A and Section 72A, which gives the right of compensation for improper disclosure of personal information in 2008. Subsequently, in 2011, the Information Technology Rules was issued for commercial and business entities in India.

In 2016, a biometric based unique identification number for residents called ‘Aadhaar’ was also introduced. Aadhaar is regulated by the Aadhaar (Targeted Delivery of Financial and Other Subsidies Act) 2016 (‘Aadhaar Act’).


Now the whole country is waiting for the enactment of the Data Protection Bill 2019 which will be India’s first law on the protection of personal data of individuals as well as the businesses operating in country.


India’s Data Protection Bill

Along the same lines of Europe and US popular laws, India has been working on the framework of India’s Personal Data Protection Bill. In December 2019, the Bill was introduced in Lok Sabha. It is speculated that the 2019 Bill will be given the shape of a legislation in the near future and we will very soon have the Personal Data Protection Act, in force. The Bill is modelled on the similar principles as EU’s GDPR and is expected to be even more stringent.


Conclusion

Many companies are taking initiatives to secure their customers data- Google recently announced that it would phase out third-party cookies. Similarly, the EU’s landmark GDPR data privacy legislation has had a profound impact on how businesses are approaching data privacy. But still there is a large scope for improvement, and we need to see the implementation of stronger data privacy and protection laws across a wider jurisdiction as soon as possible.