India I Flashcards
Right to privacy - Which law (Article) says that a person’s right to privacy is a fundamental human right? What is it? What is the relevant Supreme Court decision?
Article 21 (right to life and personal liberty), Puttaswamy vs Union
Why was the IT act enacted? What were the aims of the IT Act?
The aim of the IT Act was to set up India’s first ever information technology legislation. There were three reasons: (a) to facilitate the development of a secure regulatory environment for electronic commerce by providing a legal infrastructure governing electronic contracting, security and integrity of electronic transactions, (b) to enable the use of digital signatures in authentication of electronic records, (c) to showcase India’s growing IT prowess and the role of Government in safeguarding and promoting IT sector.
What are the key sections amended in the ITAA? What are they?
Major amendments s 43A, 66A (unconstitutional), 66C to F, 67, 67B, 69A & B, 70B
- Section 43A which provides compensation for failure to protect data
- Section 66A - which has been held to be unconstitutional because it was ‘over broad’ – penalises the sending of “offensive messages”
- Sections 66C and 66D which penalise identity theft and computer-based scams
- Sections 66E and 67 which penalise voyeurism and transmission of obscene material, respectively
- Section 66F which penalises cyber-terrorism
- Section 67B which penalises child pornography
- Section 69A which gives the government power to block public access to information through a computer resource – which has been held to be constitutional because it is narrowly framed
- Section 69B which gives authorities the power of “interception or monitoring or decryption of any information through any computer resource“
- Section 70B which establishes the Indian Computer Emergency Response Team as an agency of the Central Government and designates it to serve as the national agency for cyber security
Why is Section 66A removed? Why is it important? What is the relevant case?
Held to be unconstitutional because it was “overbroad” and violated freedom of speech. It penalises the sending of offensive messages. Shreya Singhal v Union of India
What is the application and scope of the IT Rules? What are the exemptions?
Applies to bodies corporates or persons located in India.
Do not apply to the processing of data in India regarding data subjects located overseas
Some of the rules do not apply to B2B, but only to the collection of individuals’ data by bodies corporate.
Does not apply to religious and social, charitable organisations, non-commercial organisations and non-automated data.
How is Personal Information defined in India?
Any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such a person.
(No specific definition of the term “personal data”)
IT Rules - What is considered sensitive personal data or information (SPDI)?
Passwords
Financial information, such as bank account or credit card details
Physical, physiological and mental health condition
Sexual orientation
Medical records and history
Biometric information
What are the IT Rules? RSPP
Rule 4 - Provide Privacy Policy
Rule 5 - Collection of Information
Rule 5(1) - Consent and Purpose Limitation
Rule 5(2) - Lawful Purpose and Minimal Collection
Rule 5(3) - Notice and Purpose Limitation
Rule 5(4) - Retention
Rule 5(5) - Use
Rule 5(6) - Subject Access and Correction
Rule 5(7) - Option to Refuse or Withdraw Consent
Rule 5(8) - Security
Rule 5(9) - Complaint Handling
Rule 6 - Disclosure Limitations and Exceptions
Rule 7 - Transfer of Information / Data Export Restriction
Rule 8 - Reasonable Security Practices and Procedures
What are the regulatory bodies in India and what do they each regulate?
UIDAI, RBI, MEITY, TRAI
UIDAI: Unique Identification Authority of India - biometric-based Unique Identifi cation Numbers (UIN) i.e. “Aadhaar”.
RBI: Reserve Bank of India - regulatory body for CICRA Credit Information Companies (Regulation) Act 2005.
MEITY: Ministry of Electronics and Information Technology - responsible for administering the IT Act, IT Rules, IT Amendment Act etc.
TRAI: Telecom Regulatory Authority of India - regulates unsolicited commercial communications through telephone or text. Telemarketers must register themselves with TRAI before they may send out marketing communication through telephone or text messages. Those who do not wish to receive unsolicited commercial communications can opt out by registering one’s preference with the Customer Preference Registration Facility (CPRF).
What does the Grievance officer do? What does the Adjudicating officer do? What does a company do when there are complaints? Who are these officers appointed by?
The Grievance office addresses all discrepancies or grievances reported. The Grievance Officer must redress respective grievances within a month from the date of receipt of said grievances. Appointed by the Organization/Company.
The adjudicating officer has the power of a civil court to adjudicate any matter before it (Section 46 of the IT Act). The adjudicating officer has jurisdiction over claims only up to a maximum of INR 50,000,000 (about US$700,000). Adjudicating Officer is appointed by the Central Government.
How does body corporate obtain consent from data subjects (provider of information)?
The consent has to be provided by letter, fax or email.
Press note: Consent can be obtained using any mode of electronic communication.