In an era dominated by digital connectivity, the pervasive sharing of personal data has become an inherent aspect of daily life. As individuals navigate the intricacies of the online landscape, the sheer volume of information willingly disclosed on various platforms paints a vivid portrait of our lives.
From social media interactions to e-commerce transactions, our digital footprint has grown exponentially, creating an intricate web of personal details accessible to both legitimate entities and malicious actors.
The consequences of this heightened exposure are multifaceted, affecting individuals and governments alike. On a personal level, the commodification of data raises concerns about privacy infringement.
As companies harness user information for targeted advertising and algorithmic profiling, individuals often find themselves unwittingly immersed in a world where their preferences, habits, and even intimate details are commodified for financial gain.
This erosion of privacy not only challenges the autonomy of individuals but also leaves them vulnerable to identity theft, cyberbullying, and other malicious activities.
At the governmental level, the magnitude of personal data available poses intricate challenges to national security and public governance. State institutions, entrusted with safeguarding citizens, grapple with the responsibility of protecting vast datasets from unauthorised access.
The potential misuse of such information, whether by external hackers or internal breaches, underscores the fragility of contemporary digital ecosystems. Furthermore, the aggregation of data on a massive scale raises ethical questions about surveillance, civil liberties, and the delicate balance between security and individual freedoms.
The symbiotic relationship between individuals and governments in the digital age demands a nuanced understanding of the implications of widespread data exposure.
While India has made progress in addressing data protection concerns, the ultimate effectiveness depends on the implementation, enforcement mechanisms, and the adaptability of the legislation to the rapidly-evolving digital landscape.
“The Digital Personal Data Protection Act, 2023 deals extensively with personal data. While being approved, the lack of clarity on its implementation and with the rules not being released, the reliance is still on the Information Technology Act, 2000and its various amendments and rules thereunder, as regards to the protection of personal data,” Tony Varghese, Partner and Attorney, JSA Advocates and Solicitors, said.
This backdrop raises questions about the efficacy of current measures and the anticipation of more robust protection under the upcoming DPDP Act.
Over the last decade there has been a lot of focus on the protection of personal data, given the extensive use and misuse of personal data and the incidents of data breaches that have been occurring not just in the private sector, but also in the public sector including government databases.
“The provisions of the IT Act and its rules thereunder have been comprehensive in lending support to enforcement agencies, in taking appropriate action in protection of data and prosecuting offenders,” Varghese said.
He added, “The invoking of the provisions of the IT Act which are relevant to offenders and masterminds are typically Sections 43, 43A, 69A, 72 and 72A. These provisions invoke the liability on persons who possess and deal with personal or sensitive data, misusing the same and/or are negligent in maintaining reasonable security measures and procedures, thereby causing loss or wrongful gain to anyone.”
Speaking to IANS, Varghese said that the provisions of the IT Act override the provisions of any criminal enactment such as the Indian Penal Code, with powers for criminally prosecuting offenders, not necessitating the need to invoke the provisions of the Indian Penal Code, which essentially deals with criminal laws in general.
“This has been reiterated by various courts in their verdicts, wherein it has been settled that for actions attracting offences with similar ingredients under both the statutes, an accused can only be charged under the IT Act given the principles of double jeopardy,” he told.
While there seems to be some level of clarity on the invoking of the criminal laws, the concerns around invoking the provisions of the IT Act are on the levels of severity of the actions/penalties that could be taken against offenders, given that the offences if invoked under the IT Act are usually bailable/compoundable with payment of fines.
Therefore, Varghese said, “Crimes which may have caused severe consequences to victims, if invoked under the IT Act could result in a legal/moral imbalance. This has indeed also resulted in lower levels of enforcement unless there is active persuasion on behalf of the victims.”
“With this being the case, while the IT Act has been enabling enforcement, given the high levels of data breaches and crimes pertinent to personal data, there is indeed hope that the DPDP Act may enable improved protection and enforcement in the future to personal data,” he added.
Striking a delicate equilibrium between technological innovation, individual rights, and national security emerges as a critical imperative. As society grapples with the repercussions of this data-centric paradigm, navigating the delicate balance between convenience and privacy remains an ongoing challenge with far-reaching implications for the future.
The interplay between the IT Act and the impending DPDP Act sparks discussions on legal clarity, severity of penalties, and the pursuit of justice.
While the IT Act has been a stalwart in addressing digital offences, the DPDP Act holds the promise of refining the landscape, fostering enhanced safeguards and enforcement mechanisms for personal data in the years to come.
20231111160390