Question : Breach of Data Privacy

Will the Minister of Electronics and Information Technology be pleased to state:

(a) whether there is any impending danger from foreign companies regarding privacy of data of Indians;
(b) if so, the monitoring of the said companies carried out by the Government regarding the privacy and secrecy of data; and
(c) the efforts made by the Government to ensure that foreign companies do not make undesirable use of the data of Indians?

Answer given by the minister

(a): Cyber space is a complex environment of people, software, hardware and services on the Internet. With a borderless cyberspace coupled with the possibility of instant communication and anonymity, the potential for misuse of cyberspace and social media platforms for criminal activities is a global issue. Any Apps created from anywhere in the world and made available through Internet/AppsStores from can be accessed anywhere. Most of such Apps tend to collect large amount of personal data. Such data can be further transferred to any other entity. Though all such collection, processing and transfer should happen with the prior consent of the user, there is always a danger regarding possible misuse and privacy risk for users.

(b): Ministry of Electronics and Information Technology (MeitY) does not monitor content/App available on Internet. However, law enforcement agencies monitor such content on a case-to-case basis.

(c): Social networking companies, for the third party information hosted on their platforms, are intermediaries in the context of the Information Technology (IT) Act, 2000. They are required to follow certain due diligence as specified in the Information Technology (Intermediaries Guidelines) Rules, 2011 notified under section 79 of the IT Act. This includes publishing of terms and conditions of their platform and privacy policy.

Section 43A of the IT Act, 2000 provides for compensation to be paid to the victim in case of unauthorized access of information and leakage of sensitive personal information respectively. It mandates body corporates to implement reasonable security practices for protecting sensitive personal information of individuals. The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 notified under this section defines sensitive personal information and also mandate that body corporate must provide policy for privacy and disclosure of information, so that user is well aware of the type of personal data collected, purpose of collection and usage of such information. The rules also specify mode of collection of information, disclosure of information, transfer of information, etc.

Also, section 72A of the IT Act provides for punishment for disclosure of information in breach of the lawful contract.

MeitY has introduced the Personal Data protection Bill, 2019 in parliament during the winter session of 2019. The Bill has been referred to a joint committee of the parliament.

******

Download PDF Files