India: Relevance Of Privacy Policy In Today's Context

Introduction

With the digital boom in India, the issues relating to protection of data and avoidance of identity, theft or fraud are real concerns and information on the internet is vulnerable to get misused, therefore, there is a dire need to protect citizens. The need for a privacy policy is most pivotal while handling or dealing with such personal information for companies with web interface. New businesses must deal with care and create a protected eco-system of data collection should consider privacy risks relevant to their specific sector or their type of clientele.

A privacy policy is one such legal document to disclose practices on protecting personal information and have procedures in place, for a website that gathers, uses, discloses, and manages a customer or client's data. It's a great way to show that a company can be trusted by safeguarding customer's privacy and by respecting the people who provide their time, data and money to a company. A clear, up-to-date, and easily accessible privacy policy is a great checkpoint for demonstrating the business' principles of transparency, legitimacy of purpose and proportionality providing users with full assurance and knowledge of what they're getting into.

Data Protection Laws and importance of having privacy policy

Data Protection refers to the set of privacy laws, policies and procedures that aim to minimise intrusion into one's privacy caused by the collection, storage, and dissemination of personal data. Personal data generally refers to the information or data which relate to a person who can be identified from that information or data whether collected by any Government or any private organization or an agency. In India, having a privacy policy is mandated under law, namely, the Information Technology Act and the rules framed thereunder to put the viewers to notice on the way their information will be collected, stored and processed. Indian scenario only envisages privacy of individuals and not that of corporate bodies / persons.

The "right to privacy" in India was declared a fundamental right by the Hon'ble Supreme Court of India on August 24, 2017, in its landmark judgment in the case of Justice K.S. Puttaswamy (Retd.) and Anr. v. Union of India And Ors.1("Right to Privacy Case"). After this case, the need was felt to have a stronger legislation in place to protect the personal data and privacy of individuals. On the foundation of this landmark judgment, the Personal Data Protection Bill, 2019 was formulated which is broadly based on the framework and principles of the General Data Protection Regulation. This Bill would replace both Section 43A of the Information Technology, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

If you run any business that collects personal data, it is important to understand the GDPR and how it's being used, as GDPR has wide-reaching effects. European Union's Data Protection Law is GDPR ("General Data Protection Regulation") (https://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/) which has been in force, that is intended to give individuals more control over their personal information and push corporates to adopt more and more transparent policies to comply with the regulations in spirit. Personal data under the GDPR is information like a name, email address, and credit card number that can lead to the identification of a person. The drafters of this law rightly understood that technology evolves and so do elements that can lead to individual identification. It has forced companies to reframe how they think about data privacy, making it paramount.

The essential components of Privacy Policy

1. How the Data Is Used (Including Cookies): If your site uses cookies to track visitors to your website, be clear about that. These temporary text files are placed on visitor's computers by your site or third-party sites to customize a visitor's experience. While cookies can make browsing easier, they can also be used to track how customers use the internet.

• Storage and Security Policies: Users should know if your company stores their data and, if so, what security measures you've taken to keep that information safe. This point is especially crucial for any type of payment information. The Payment Card Industry Data Security Standard
  (PCIDSS) https://www.controlcase.com/what-are-the-12-requirements-of-pci-dss-compliance/ was designed so merchants who accept and process credit card payment information do so in a secure environment.

• Opt-Out: Privacy laws like the General Data Protection Regulation (GDPR) revolve around requirements that mandates businesses which get users to "opt in" certain data collection and processing activities. Opting in means that a user will take an affirmative action to offer their consent. Opting in can be used in a variety of situations, including subscribing to email and newsletter mailing lists, accepting cookie use, and agreeing to legal policies. Opting out means a user takes action to withdraw their consent. Consent withdrawal is when company offers a user a way to withdraw their permission or change their preferences after the original point of consent. For example, not choosing to subscribe to newsletters, unticking a previously ticked checkbox, not consenting to save personal details, rejecting the use of cookies, etc. are some examples of opt-out.

• Indicating the Effective Date: Always include an effective date for your privacy policy so your customers see how recent your policies are and that would likely need to be updating your policy often as technology and collection practices change.

Key Takeaways

Privacy of information is important because people define themselves by exercising control over information about themselves. A free society permits people to make their own choices about what information is shared. Respect for privacy and the duty to safeguard information as confidential are also important for practical, consequence-oriented reasons.

Privacy policy is one such document to safeguard citizens and having one is the wise way to go about things, especially if you're a web-based start-up with an online presence intending to offer to buy/sell products or services based on sensitive consumer information. It is an absolute must if you intend to keep users' banking and other financial details as they need assurance that their information and details are safe. People need to be assured that their privacy is not the price they'll have to pay to access your services.

Different websites represent different businesses that offer different products and services, which should be reflected in the privacy policy. Never consider copying a privacy policy from another site. Many business owners use templates to create a privacy policy for their website, but these are often too generic, presenting the same problem as with copying another website's privacy policy. The content of your website's privacy policy depends on your site's function and the information it collects and uses.

"Privacy isn't negotiable, its everyone's right".

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.