11,569.85-108.65
Stock Analysis, IPO, Mutual Funds, Bonds & More

IT act needs a rethink to plug FB-like data leaks

Experts say sections of IT Act have provisions to govern Facebook on privacy but that’s not enough

, ET Bureau|
Last Updated: Apr 03, 2018, 11.16 AM IST
0Comments
A7F55490-90B3-4BE8-8D1D-B8410C39A69E
The experts, however, agree that India needs a full-blown data protection law since these provisions may not be sufficient to handle instances such as the recent one.
NEW DELHi: Even as India is working on a comprehensive data protection law, the existing Information Technology (IT) Act has provisions that allow the government to take action against companies, social media platforms or mobile application providers who exploit user data through unauthorised means.Privacy analysts and legal experts say Section 43 and 43A, Section 66 and Section 72 of the IT Act along with the intermediary guidelines, have provisions to govern platforms such as Facebook on how they have handled user privacy.

The experts, however, agree that India needs a full-blown data protection law since these provisions may not be sufficient to handle instances such as the recent one of Facebook data being harvested by Cambridge Analytica to allegedly influence elections across the world. They also express concern over weak enforcement citing the few judgments against companies that have misused data.

Cyber expert and Supreme Court advocate Pavan Duggal said if someone accesses your systems without permission, copies or downloads data, it becomes the basis for seeking damages by way of compensation under Section 43 of the IT Act, and under Section 43A, one can seek unlimited damages in case sensitive personal data is unauthorisedly accessed.

“The way Indian law defines sensitive personal data, it is very clear that the data Facebook had shared cannot be said to be sensitive personal data because it’s neither medical, biometric nor financial,” he said. According to him, a person can file a criminal complaint against Facebook and Cambridge Analytica for an offence under Section 66 which says that if any person dishonestly or fraudulently without permission copies data or diminishes its value or utility that becomes an offence.

“This can be read with Section 85 which says that if an offence is committed by a company then every person responsible for the day to day management shall also be guilty of the said offence. These are the limited remedies we have but none of them are “effective” provisions. When you talk of a comprehensive data protection regime, we don’t have that yet,” he added.

Comments
Add Your Comments
Commenting feature is disabled in your country/region.

Other useful Links


Copyright © 2020 Bennett, Coleman & Co. Ltd. All rights reserved. For reprint rights: Times Syndication Service