The “right to privacy” in India was declared a fundamental right by the Hon’ble Supreme Court of India on August 24, 2017, in its landmark judgment in the case of Justice K.S. Puttaswamy (Retd.) and Anr. v. Union of India And Ors.1(“Right to Privacy Case”). After this case, the need was felt to have a stronger legislation in place to protect the personal data and privacy of individuals. On the foundation of this landmark judgment, the Personal Data Protection Bill, 2019 was formulated which is broadly based on the framework and principles of the General Data Protection Regulation. This Bill would replace both Section 43A of the Information Technology, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
If you run any business that collects personal data, it is important to understand the GDPR and how it’s being used, as GDPR has wide-reaching effects. European Union’s Data Protection Law is GDPR (“General Data Protection Regulation”) (https://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/) which has been in force, that is intended to give individuals more control over their personal information and push corporates to adopt more and more transparent policies to comply with the regulations in spirit. Personal data under the GDPR is information like a name, email address, and credit card number that can lead to the identification of a person. The drafters of this law rightly understood that technology evolves and so do elements that can lead to individual identification. It has forced companies to reframe how they think about data privacy, making it paramount.
- Storage and Security Policies: Users should know if your company stores their data and, if so, what security measures you’ve taken to keep that information safe. This point is especially crucial for any type of payment information. The Payment Card Industry Data Security Standard
(PCIDSS) https://www.controlcase.com/what-are-the-12-requirements-of-pci-dss-compliance/ was designed so merchants who accept and process credit card payment information do so in a secure environment.
Privacy of information is important because people define themselves by exercising control over information about themselves. A free society permits people to make their own choices about what information is shared. Respect for privacy and the duty to safeguard information as confidential are also important for practical, consequence-oriented reasons.
“Privacy isn’t negotiable, its everyone’s right”.
-Anushka Nagpal, Associate, Agama Law Associates