Open Access Research Article
COMPARATIVE STUDY ON DATA PROTECTION AND LEGAL PRIVACY BY: SAPNA R. MAURYA
Published Paper
Article Details
COMPARATIVE STUDY ON DATA
PROTECTION AND LEGAL PRIVACY
AUTHORED BY: SAPNA R. MAURYA
LLM II, Semester IV
SUBJECT: Mass Media Law
Savitribai Phule Pune Univeristy.
Modern Law College, Pune.
ABSTRACT
Developing effective
data protection and privacy the framework is vital for the progress of the
country. This is because of the trend among organizations collect personal and
sensitive information. India was recognized as an outsourcing hub by countries
such as Great Britain and the USA. These countries take data privacy into
account and protection as a fundamental right of its citizens. So, right it is
important that India has strong data protection and the legal-political
framework of privacy protection to preserve it competitive position. In this
paper it was found that India is doing better than China when it comes to data
protection and privacy, but lags behind Australia. India must develop data
protection and privacy law and also develop appropriate enforcement mechanisms.
Keywords: Cyber
??offenses, cyber crimes, data Protection, Privacy, Information Technology Act
2000.
INTRODUCTION
Enthusiasm in many
countries around the world towards data protection principles and laws is
growing.
This is because they are
increasingly sensitive and personal data collected by organizations. That's why
it's important for organizations to protect and manage personal information.
Some countries already do
have strong data
protection laws in place, while some do moving in that direction. Recently,
there has been a concern India emerged on the impact of data protective laws
adopted in other countries. According to Forrester Research (2013), China
actually does not India has privacy and data protection restrictions minimum
restrictions and Australia has some restrictions.
It would therefore give
a comparative study of these three countries some ideas to move India forward.
OBJECTIVE OF STUDY
The objectives of this
research paper are listed below:
• Understand the legal
and political aspects data protection and privacy in India.
• Compare data
protection and privacy policies as well as laws of India with China and
Australia.
• Explore the importance
of data protection and privacy for India.
OVERVIEW OF DATA LAWS & POLICIES PROTECTION
AND PRIVACY
Overview of data
protection laws and principles a privacy laws and policies in India, China and
Australia given below:
A. Data Protection and Privacy Laws in
India
India has not passed a
data protection law, unlike European
Union or USA. Due to the absence of a specific law data protection in India is
implemented through implementation privacy and property rights. Privacy rights
are enshrined in the Constitution of India and also included in the Information
Technology Act, 2000. Proprietary Rights are covered by the Indian Contract
Act, 1872; Copyright Act, 1957; and Indian Penal Code, 1860. India’s Ministry
of Communications and Information Technologies has adopted rules for the
protection of personal data, called information technology (Reasonable security
practices and procedures a Sensitive Personal Data or Information (Lok Sabha Secretariat,
2013). These rules require business entities to collect, process and collect
personal data. Personal data includes sensitive personal data comply with
established procedures.[1]
B. Data Protection and Privacy Laws in
China
China has not passed
extensive data protection legislation. So the data protection provisions and
privacy comes from many laws and regulations. China has effective declarations
that form the basis data protection.
Examples:
• Decision to strengthen
online information Protection passed in December 2012
• National information
security standard the technology passed in February 2013
The purpose of these statements
is to protect information safety; defend the interests and legal rights of
citizens, legal entities and other organizations; and guards the public interest
and national security. It is noteworthy that in China, a decision has the same
effect as a law. in addition there are certain provisions in various legal
instruments which includes certain aspects of privacy and data protection, such as, Article 253 of the Criminal Code,
provisions on Personal telecommunications and Internet users Information
Protection, Consumer Rights Protection Act etc.[2]
C. Data Protection and
Privacy Laws and Policies in Australia
Data protection and
privacy policies apply in Australia a mix of federal and state government legislation.
The Australian Government Federal Privacy Act 1988 The Privacy Policy applies
to the entire Commonwealth Government agencies, Australian Capital Territory Government
agencies and private sector companies with a minimum annual turnover of AUD 3
million. Australian States have data protection laws. Examples include:
• Privacy Act, 2014 by
Australian Capital Area
• Information Act, 2002,
Northern Territory
• Privacy Act 2004 Tasmania
• Privacy and Personal
Data Protection Act, 1998, New South Wales (NSW)
• Privacy and Data
Protection Act 2014, Victoria
• Privacy Act 2009,
Queensland
There are some other
laws that affect data protection and privacy for specific data or activities.
They are:
• Commonwealth
Telecommunications Act 1997
• National Health Act,
1953, Commonwealth
• Health Records and
Privacy Act 2002 NSW
• Health Records Act,
2001, Victoria
• Workplace Supervision
Act, 2005, NSW
According to the
Personal Data Protection Act, an organization can be an individual,
partnership, body of a
legal entity, association not registered in the commercial register or
even trust.[3]
STATUS OF DATA PROTECTION AND PRIVACY
RIGHTS IN INDIA
Article 21 of the
Constitution of India and related they provide constitutional provisions on
fundamental rights the right to privacy. Article 21 of the Constitution of
India states that no person can be deprived of life or personal liberty except
due process law. The Supreme Court has clarified this in many cases the right
to privacy is included in the right to life and personal freedom.
However, constitutional rights cannot be
invoked private individuals or organizations. They can be claimed only towards
the state or state-owned enterprises. The The Information Technology Act 2000
contains provisions against cyber breaches according to section 43(a) to (h) and
cyber crimes under sections 65 to 74. Cyber Violations include obtaining
illegal access and Obtaining data from computer systems or networks. Such violation
may result in civil prosecution in India. The Cyber ??crimes include tampering
with a computer resource code, hacking with intent to damage the system and breach
of privacy and confidentiality. These cyber attacks lead
for prosecution under
the IT Act. IT Act too establishes sanctions for these offenses (Information
Technology Act, 2000).
According to the
provisions of the IT Network Service Act the provider or intermediary is
responsible for any misuse from 3rd party info. It is also
responsible for no with due diligence to avert crime. IT Act mentions in the
term diary as the entity acting on behalf of another entity and receives,
stores, transmits or provides electronic message services. So, an the
outsourcing company may be responsible for the service provider. The IT Act
also has extraterritorial scope. It includes crimes and misdemeanors committed
outside India. It it does not matter that the person committing the offense is Indian
or Foreigner. The only requirement is that the relevant computer system or
network should be located in India.[4]
The confidentiality requirements
under the IT Act are limited to officers authorized by law. These requirements
do not apply to private individuals. Also the official is not responsible for
the compensation of the person(s), who has suffered some damage by exposure. At
the same time
penalties imposed under
the provisions of IT Act range from INR 2 hundred thousand to INR 5 hundred thousand
(Information Technology Act, 2000). Such financial penalties are compared to
profits that may accrue
to a person committing cybercrime.
STATUS OF DATA PROTECTION AND PROPERTY
RIGHTS IN INDIA
Article 300A of the
Constitution of India states that no a person may be deprived of his property
except authority of law. However, this right cannot be claimed against private
entities. It can only be claimed against the state. At the same time, the
affected data must be considered the property of the person to be recovered this
right.
The Copyright Act 1957
in India protects intellectuals proprietary (IP) Rights. IP rights are reserved
for artistic, dramatic, musical, literary and cinematic it works. It is
interesting to note that computer databases are included under literary works.
So the act of copying and / or distribution of a computer database may result
in infringement Copyright. Civil and criminal remedies for this violation under
the Copyright Act can be started in 1957 (ind Copyright Act, 1957). However,
copyright law does not distinguish between data protection and database
protection protection. Data protection aims to protect privacy information of
individuals. Database protection intends defend originality and investment in
it compilation, verification and presentation of databases.[5]
Indian Penal Code (IPC),
1860 can also be used as an effective tool to prevent data theft. under the
IPC; theft, embezzlement and criminal trespass trust are crimes. Punishments
include
imprisonment and fine.
The crime of embezzlement of property applies only to movable property under
the IPC. It includes corporeal property of every description. Oh yes they do
not include things that are permanently attached to land. Since computer
databases are mobile in nature.
So they can be protected
under IPC to some extent degrees (Law Commission of India, 1997).
A Comparative Study of
India, China and Australia
A comparative study of
legal and political provisions on privacy and data protection in India, China
and Australia are listed below:-
A. Definition of
Personal Data
• India - Any information
that is related to natural person and can identify such a person. This
the information may also
be available to the company entity.
• China – all data
related to a specific person, which can be used to identify it.
• Australia - Any
information or opinions on an individual who is identified or is reasonably
identifiable.
B. Definition of
Sensitive Personal Data
• India - Sensitive
personal data includes financial data information; physical, physiological and
mental health condition; Password; medical history records; sexual orientation;
biometric data etc.
• China - Sensitive
personal information includes personal information information, the disclosure
of which could have an adverse effect to the persons concerned. Such
information includes personal identification number, mobile phone number, race,
religion, political views, genetics or fingerprints.
• Australia - Sensitive
personal data includes genetic data information, racial or ethnic origin,
political opinions, philosophical beliefs, sexual orientation, religion convictions,
health information, criminal record, union membership etc.[6]
C. National Data
Protection Authority
• India and China - in both
there is no such authority countries.
• Australia – The Data
Protection Officer acts as National Data Protection Authority.
D. Registration
No registration required
in India, China and India,Australia.
E. Data Protection
Officers
• India – Grievance Officer
to be appointed by each legal entity.
• China – No
requirement. However, the data controller does recommended.
• Australia – No requirement.
However, data protection we strongly recommend the officer.[7]
F. Collection and
Processing
• India – a legal entity
will be held liable for damages if it fails to perform a comply with the rules
of personal data protection.
• China - Before
collecting personal data; there he should be available for a precise, clear and
deliberate purpose with the data controller.
• Australia – Organizations
may not assemble in person information unless it is vital to the business. It
should be also confirm that the personal data is judicious, accurate and
up-to-date.
G. Transfer
• India - Data collector
must obtain consent provider for any transfer of sensitive persons
information.
• China - Data controller
may transfer personal data information by 3rd parties under certain conditions.
• Australia - Personal
information can only be disclosed organization outside Australia if it takes
steps to do so to confirm that legal provisions are complied with.
H. Security
• India – Corporate unit
needs to maintain reasonable security practices and procedures to protect
sensitive personal data.
• China - The data
controller must accept the corresponding measures against unauthorized
processing a accidental loss or destruction of personal data.
• Australia – Organizations
must state as appropriate security measures in place.[8]
I. Notice of Breach
• India - Computer
Emergency Response Team (CERT) is authorized to collect, examine and
disseminate information about cyber incidents.
• China - There is no
requirement. However, the instructions recommend immediate notification of data
breaches data subjects concerned.
• Australia - There is
no obligation. However, the guidelines are recommended by the concerned persons
and the Office the Australian Information Commissioner should be announced.
J. Enforcement
• India - Privacy
failure attracts citizens and criminal sanctions. Civil penalties are
prescribed
up to EUR 694,450.
Criminal penalties are
imposed a prison sentence
of up to 3 years or a fine up to the amount 6950 or both.
• China - No special
consequences there China.
• Australia – there are
fines for individuals and corporations in Australia for failing to protect
personal data. For individuals,
the fines are up to 340,000 AUD. For corporations, the fines are up to 7
million AUD.
K. Electronic Marketing
• India – E-marketing is
not directly addressed in India. But sending false information for the cause harassment
is punishable by law.
• China - organizations
and individuals are not allowed to collect personal electronic marketing
information by illegal
methods.
• Australia – Electronic
marketing is regulated by SPAM Act, 2003 by the Commonwealth Government. This
act is enforced by Australian Communications and the Media Office.
L. Online Privacy
• India – There are no
regulations in India regarding cookies, location data or behavioral
advertising. However, the IT Act contains some provisions against civil and criminal
for different computers crimes.
• China - According to
the decision, the companies are banned from disclosure, falsification, damage,
sale or illegal provision of personal electronic data to anyone else.
• Australia - Collection
of location data, use of cookies etc. are governed by the Personal Data Protection
Act and the State and Territorial privacy laws of Australia.[9]
IMPORTANCE OF DATA PROTECTION AND PRIVACY
IN INDIA
Many developed countries
have taken the lead in data protection and privacy. India turned out to be the
best choice for global outsourcing . India has clearly benefited from
outsourcing. In a survey conducted by the company Statistic Brain Research
Institute (2015), 26% Chief Chief Financial Officers (CFOs) prefer India for
their company outsourcing needs. The companies surveyed cited economic,
political and cultural incentives to choose India. Companies were also
impressed by India pro-business and entrepreneurial climate. India historical
trade links to the United Kingdom and the United Kingdom States also play an
important role (George and Gaut,
2006). India also has
cheap and highly skilled workforce with English speaking skills and progress educational
standards. India is a stable democracy government, independent institutions,
advances in Information technology and also convenient geography which is
suitable for continuous work does it companies can look for outsourcing to
India as a preferred destination (Chandra and Narsimhan, 2005). However, it is
important to note that global competition in outsourcing is growing. Country
like Indonesia, Estonia, Singapore, Indonesia, Bulgaria, Philippines etc give
tough competition to India. In addition, they are considering countries in
Europe and the United States privacy is a fundamental right. So it takes hours that
India should tighten data protection and privacy laws. It is also important that
India supports companies to self-regulate. India has to address loopholes in
its data protection and privacy laws to address the concerns of Americans and
Europeans companies about protecting their data and privacy. India it needs to
assure its outsourcing clients that the cost-effectiveness of outsourcing will
not be undermined additional costs for processing personal data of customers in
case of breach.[10]
CONCLUSION
India has made progress
in data protection and privacy by introducing various legal and political
measures. The the main conclusions of this data protection research and privacy
in India are:
• Privacy and
proprietary rights granted under The Indian legal and policy framework provides
certain amount of data protection and privacy.
• There are many laws in
India which protect certain aspects of data protection and privacy. These laws
include the Constitution of India; Information Technology Act, 2000; Indian
Contract Act, 1872; Copyright Act, 1957; and the Indian Penal Code, 1860.
• India has also developed
privacy rules for business entities to manage personal data.
• There is no single
comprehensive legal policy framework in India for data protection solutions and
Privacy.
• Penalties prescribed
under existing Indian laws are not enough to deter cybercriminals.
• Existing Indian laws
mostly apply to state a state-owned enterprises.
• Existing Indian laws
do not address finer points details on data protection and privacy. For
example, lack of distinction between data protection and database protection
under the Copyright Act 1957.
Clearly, India has some
limitations in its data the legal-political framework of protection and
privacy. India It seems to be doing better than countries like China,
but not as good as a
country like Australia. The India's data protection and privacy gaps vis-à-vis
Australia are:
• India has no national
data protection An authority such as the Australian Privacy Commissioner.
• Unlike the Australian
SPAN Act 2003; there is none here legal-policy framework in India for data
handling security and privacy issues related to electronics marketing.
• Unlike Australia,
there are no laws and regulations India to manage cookies, location or
behavioral data advertising.
A comprehensive legal
framework for data processing security and privacy issues are the order of the
day in India. Such a legal and policy framework can be vital to sustain investor
confidence. This applies especially to foreigners investors sending large
volumes of data to India managing their back-office operations. Data protection
can play an important role in outsourcing.
These arrangements delegate
the Indian company with a confidential customer data of foreign companies,
business secrets etc. Since outsourcing by foreign companies plays a significant
role in contributing ind economy. So it acts as another incentive for India strengthen
its legal and policy framework to deal with its data protection and privacy.
[1] http://www.dlapiperdataprotection.com/system/modul
es/za.co.heliosdesign.dla.lotw/functions/export.pdf?c ountry=all
[2] Worldwide
data protection laws.
[3] http://heatmap.forrestertools.com/
[4] http://blj.ucdavis.edu/archives/vol-6-no2/offshore-outsourcing-to-india.html
[5] http://copyright.gov.in/documents/copyrightrules1957
[6] http://lawcommissionofindia.nic.in/101-169/Report156Vol2.pdf
[7] http://ijtr.nic.in/articles/art41.pdf
[8] http://ijtr.nic.in/articles/art41.pdf
[9] http://lawcommissionofindia.nic.in/101-169/Report156Vol2.pdf
[10] http://www.dot.gov.in/sites/default/files/itbill2000_0.pdf
Article Information
COMPARATIVE STUDY ON DATA PROTECTION AND LEGAL PRIVACY BY: SAPNA R. MAURYA
Authors: SAPNA R. MAURYA
- Journal IJLRA
- ISSN 2582-6433
- Published 2023/06/05
- Volume 2
- Issue 7
About Journal
International Journal for Legal Research and Analysis
- Abbreviation IJLRA
- ISSN 2582-6433
- Access Open Access
- License CC 4.0
All research articles published in International Journal for Legal Research and Analysis are open access and available to read, download and share, subject to proper citation of the original work.
Disclaimer: The opinions expressed in this publication are those of the authors and do not necessarily reflect the views of International Journal for Legal Research and Analysis.