However, surprisingly WhatsApp operates within the existing legal framework of India’s privacy legislation therefore jeopardizing and compromising the privacy of Indians leaving them with little to no respite from data privacy violations. Recently, India marginally moved closer towards realizing the Right to Privacy guaranteed under Article 21 of the Constitution with the enactment of the Personal Data Protection Bill, 2019. Unfortunately, several nuances, procedural and administrative details have not been adequately clarified under the Bill. Therefore, the Bill lacks tooth and nail to fight against rising data breaches and cyber attacks in an increasingly digitized commercial environment amidst the pandemic.
Moreover, the Information Technology Act 2000/2008, suffers from grave shortcomings on the data privacy front. For instance, the IT Act provides for data collection and usage standards, but overlooks on establishing a framework for data storage techniques, user consent and data processing standards. In an effort to surmount the shortcomings, the IT Act was amended to include Section 43-A and Section 72-A, which give a right to compensation for improper disclosure of personal information. Subsequently, additional rules issued by the Information Technology Rules, 2011 impose additional requirements on commercial and business entities in India relating to the collection and disclosure of sensitive personal data or information which bear some similarities with the GDPR and the Data Protection Directive, which recognize the right to privacy. However, expectations from the Bill and its Data Protection Authority to be at the standard of G.D.P.R. without any experience is a tall ask.
Author- Sonam Chandwani, Managing Partner, KS Legal & Associates