The term ‘data’ generally refers to the collection of facts or information in an organised form. Though it’s a general term and can be used anywhere, in today’s context, this term is usually associated with the facts or information which is stored in the computer or is available on the Internet or on the World Wide Web. There is a wide amount of data, both personal and public, which is available on the computers and on the internet. “Personal data” means any information relating to an identified or identifiable individual (called the data subject). With the advancement in technology at its peak, the amount of data present on the internet is also increasing at an alarming rate. This has also led to increasing crimes related to the computers and information technology, the so-called ‘cyber crimes’. One of the major crimes in the cyber world is the collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, alignment or combination, blocking, erasure or destruction and many other operations on personal data of an individual by another individual for unlawfully gaining the advantage over others. It can also be said that there is a completely new definition of crime in the cyber world.
Data protection or data privacy or information privacy refers to the legal protection of a person (called the data subject) with regard to the processing of data concerning him – or herself by another person or institution (called the data controller). Bygrave defines data protection as a set of measures (legal and/or non-legal) aimed at safeguarding persons from harm resulting from the processing (computerised and/or manual) of information on them and embodying a group of principles on the processing of personal information. As already mentioned, there can be legal as well as non-legal ways to protect the personal data. The non-legal ways include the development of Cyber Security Institutions, Cyber Security Cells, Data Protection Cells and many such platforms involving computer and IT experts. On the legal frontier, there is a need for legislations and expert lawyers in order to make Data Protection effective and to stop cyber crimes related to data stealing or data theft.
The credit for the origin of data protection laws goes to the German state of Hesse which adopted a data protection law in 1970. In 1973 a Data Protection Act was passed in Sweden which prohibited the opening of “personal data registers” without official permission, established a Data Protection Board to supervise the operation of those registers which were permitted, set out rules designed to ensure the accuracy of such registers and laid down penalties for unauthorized disclosure of information. In 1974, USA passed Privacy Act which aimed at prohibiting disclosure of personal information or data without the consent of the individual concerned. In the consequent years, many Europeans country adopted the data protection legislations. In today’s world, almost all Western Countries have either adopted the data protection legislation or are considering to adopt such legislations. Article 8 of the Charter of Fundamental Rights of the European Union grants data protection as a Fundamental Right. The Article provides:
“Article 8 – ‘Protection of personal data’ –
- Everyone has the right to the protection of personal data concerning him or her.
- Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
- Compliance with these rules shall be subject to control by an independent authority.”
There are certain core principles of data protection laws as highlighted in OCED’s Guidelines governing the protection of privacy and trans-borders flows of personal data (2013) and in General Data Protection Regulation (GDPR) 2016 by the European Union. These principles are Fair and Lawful processing, Purpose Specification, Minimality, Quality, Openness or transparency, Data Subject Participation, Sensitivity, Security and Confidentiality, Accountability etc. These core principles need to be incorporate and given effect in order to protect the personal data without any fail.
As clearly highlighted in this article, protection of personal data at both national as well as the international level is a necessity in order to ensure Right to Privacy to each and every individual in this world. Though some countries have already adopted such data protection legislations in order to curb the issue of rising cyber crimes, there are still many more countries like India which does not have a proper legislation for the protection of personal data or data privacy. Although Article 21 of the Constitution of India guarantees Right to Privacy within the scope of Right to Life and Personal Liberty, still there is a need for a proper legislation in order to ensure safety and privacy to the individuals regarding the presence of their personal data on computers and the internet. Unless and until a proper legislation for Data Protection is passed, the crimes related to data stealing, data theft, data destruction etc will not be easy to curb.
 Section 1(b) of Part I of OCED’s Guidelines governing the protection of privacy and trans-border flows of personal data 2013
 Core Principles of Data Protection Law by Anneliese Roos published in The Comparative and International Law Journal of Southern Africa, Vol. 39, No. 1(MARCH 2006), pp. 102-130
 Data Protection Law by A.C. Evans published in The American Journal of Comparative Law, Vol. 29, No. 4 (Autumn, 1981), pp. 571-582
This post is written by the close friend of mine. Chirag Jindal, who studies in National University of Advanced Legal Studies, Kochi and resides in Madhya Pradesh. He is a pundit in cyber crimes and security and very humble by nature. He loves to write and promised me to supply more knowledge regarding his niche.