Privacy Protection and the IT Act 2000

Netizens' demands for privacy and data protection have been increasing globally for the past decade.  It is not uncommon to find a person's name, contact details, profession, family, opinions, etc on websites of schools, colleges, banks, surveys, directories or even social-networking sites. This situation could potentially have a series of adverse impacts on a person's life, ranging from annoying marketing calls to something more dangerous like cyberbullying. Therefore, enforcing certain standards of web safety is essential. However, as the Internet crosses the borders of all nations, it becomes difficult to promote one individual's right to information without infringing on another's right to privacy. Article 21of the Constitution of India does not specifically confer the right to privacy to netizens, but it has been interpreted that way by the Supreme Court. Yet, in order to understand the condition of data protection in India, it is necessary to examine and evaluate the Information Technology Act, 2000. The following are the provisions of this act:
(1) If a person contravenes the privacy of an individual by means of computer, computer system or computer network located in India, he would be liable under the provisions of the Act.
(2) If a person makes an unauthorized use of the computer, computer system or computer network of another person by accessing, downloading, introducing computer contaminant, damaging, disrupting, denying access etc., he will automatically violate the privacy of the owner and shall be liable to pay compensatory damages not exceeding Rs.1 crore ($225,378) to the person so affected.
(3) A person tampering with another's computer source documents shall be punishable with imprisonment up to 3 years or with fine, which may extend up to Rs.2 lakhs ($4,507), or with both.
(4) If a person commits hacking or causes wrongful loss or damage to any person, by destroying, deleting or altering any information residing in his (owner's) computer resource or diminishes its value or utility or affects it injuriously by any means, he shall be punishable with imprisonment up to 3 years or with fine, which may extend up to Rs.2 lakhs, or with both. However, an innocent infringer will not be liable if he proves that he committed the act without any intention or knowledge.
(5)  A network service provider shall be liable for violation of privacy of a third party if he makes available any third party information or data to a person for the commission of an offence. However, a network service provider will not be liable if he proves that the offence or contravention was committed without his knowledge or he had exercised all due diligence to prevent such commission.
(6) Where the privacy rights of a person are infringed by a company, every person who at the time of contravention was in charge of and was responsible to the company for the conduct of its business as well as the company shall be guilty of the contravention and liable to be processed against and punished accordingly. (Dalal)
While the IT act discusses a range of themes, like digital signatures, public key infrastructure, e-governance, cyber contraventions, cyber offences and confidentiality and privacy, many individuals and multi-national companies have complaints that it does not lay down any specific data protection principles. Also, there exists no actual legal framework or authority to oversee the functioning of this act. (Sharma)

Dalal, Praveen. "Privacy and Data Rights in India." ipFrontline.com. N.p., 12
     Sept. 2006. Web. 2 Oct. 2010. <http://www.ipfrontline.com/depts/
     article.asp?id=12612&deptid=6>.

Sharma, Vakul. White Paper on Privacy Protection in India. Internet and Mobile
     Association of India. N.p., Jan. 2007. Web. 2 Oct. 2010.
     <http://www.iamai.in/Upload/IStandard/
     White%20Paper%20on%20Privacy.%202007.pdf>.