By- Shreeji Saraf, IILM University Greater Noida
•Abstract
In today’s digital world, data has become an invaluable asset as it governs one’s personal, social, and economic connections. For this reason, it becomes necessary to ensure a strong data privacy and protection mechanism. This paper covers the comprehensive analysis of the data privacy and protection in India starting from the Information Technology Act, 2000, which had laid the foundation for cybersecurity but lacked particular provisions related to privacy, which resulted in the enactment of the Digital Personal Data Protection (DPDP) Act, 2023. The paper even discusses the judicial decisions relating to the right to privacy, particularly the Supreme Court’s ruling on the historic case of Justice K.S. Puttaswamy (Retd.) v. Union of India, which acknowledged the right to privacy as a fundamental right under Article 21 of the Constitution. The paper even highlights the importance of data privacy laws, which are eventually essential to prevent identity theft, data breaches, and misuse of personal data.
Introduction
The world is becoming more and more digitized, and almost every aspect of our life is being digitally connected, and for this, data protection and data privacy laws are of great importance. In today’s world, more or less everything is being governed by data. The data of any individual is very crucial. The data helps in predicting outcomes; it is considered to be more reliable, but on the very same hand, the data can be misused to a great extent. So hence the enactment of laws that regulate the protection and safeguarding of data is of great essence. A mechanism that ensures security on one hand and on the other punishes the one who causes a data breach is needed. The Digital Personal Data Protection (DPDP) Act, 2023, is the result of this, which manages personal data, provides privacy, and even protects it on the same hand.
History
The concept of data privacy had already existed in India. The Information Technology Act (IT Act), 2000 is said to have served as the foundation for data protection laws. This act initially focused on information security, but it lacked data privacy provisions. A Supreme Court ruling in the year 2017, which acknowledged the right to privacy as a fundamental right, led to the establishment of a recent act named the Digital Personal Data Protection Act (DPDP Act) of 2023. This act tends to cover in more detail the management of personal data in the digital age. Compared to the initial act, this act provides a more comprehensive framework of data protection.
Some of the crucial developments in the field of data protection legislation include:
The first step regarding data protection which was the establishment of the IT Act in the year 2000. This act mainly highlighted the cybersecurity laws rather than dealing with privacy laws in detail.
After this, to regulate the processing of sensitive personal data, further information was added with the adoption of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data of Information) Rules in 2011. In the case of Justice K.S. Puttaswamy (Retd.) v. Union of India, the Supreme Court has recognized privacy as a fundamental right under the guidelines of the Indian Constitution, which in return demanded more detailed specific data protection laws.
After the passing of the Supreme Court decision, it was followed by the establishment of the Digital Personal Data Protection Bill in 2023, which came to be known as the DPDP Act. This act covered in detail all the provisions relating to data protection laws.
