wordpress blog stats
Connect with us

Hi, what are you looking for?

Will the Lack of Criminal Liability Provisions in India’s Data Protection Law Impact Compliance? #PrivacyNama2023

Although there are no criminal provisions in the DPDP Act, Section 72A, a rather dominant clause in the IT Act of 2000, penalises privacy violations with jail term of upto three years, a maximum fine of Rs 5 lakh, or both.

“I think this really a welcome step,” responded K&S Digiprotect’s S. Chandrasekhar to a question on the lack of criminal liability embedded into India’s new data protection law, while speaking at MediaNama’s PrivacyNama conference last week. “It’s bad news for the lawyers, and bad news for people like us [data principals], because [on the question of] implementation, nobody’s taking it seriously because nobody’s going to be jailed. But from the ease of doing business [perspective], from the way multinational companies look at it, from the way India is positioned as a [global technology] destination, I think it is a really welcome step because there was a lot of fear and terror about how it will be used.”

Non-compliance with the Digital Personal Data Protection Act will be determined by the Data Protection Board of India—which, after inquiring into complaints, may impose financial penalties on defaulters, to be deposited with the Consolidated Fund of India. The panellists at PrivacyNama’s “Data Protection Board” session exchanged notes on whether the glaring lack of criminal liability in the data protection law would impact compliance with the law—or if loopholes to bring criminal charges still existed.

Chandrasekhar was joined by co-panellists Alok Prasanna Kumar (Vidhi Centre for Legal Policy), Anirudh Burman (Carnegie India), and Meghna Bal (Esya Centre). The panel was moderated by Arya Tripathy (PSA Legal).

This discussion was organised with support from Meta, PhonePe, Google, and Salesforce, and in partnership with CUTS and the Centre for Communication Governance.

Criminal provisions for privacy violations persist within a separate law—the Information and Technology Act, 2000: “Although there are no [criminal] provisions of that nature in the DPDP Act [for privacy violations], there is a rather dominant clause in the IT Act, 2000, which is Section 72A, which still survives,” an audience member pointed out.

Section 72A of the IT Act punishes disclosing information in breach of a lawful contract. It states that “any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both.”

Section 43A of the IT Act also deals with compensation to the user when a body corporate fails to protect their personal data. However, this provision has been repealed under the new personal data protection law.

Advertisement. Scroll to continue reading.

“I think that the dominant section under the IT Act [Section 72A] will get triggered after complaints and after people become literate about these particular sections in future,” the audience member added.

“So, you’re saying there might be a window between the Data Protection Bill and the Digital India Act for someone to file a criminal case,” MediaNama’s Editor Nikhil Pahwa concluded.

Criminal charges can also be brought for ‘breach of trust’: Responding to Chandrasekhar, Vidhi’s Alok Prasanna Kumar observed that the lack of criminal provisions in the data protection law itself need not deter criminal complaints. “Lawyers may perversely see that as a challenge,” Prasanna Kumar pointed out. “It [criminal charges] may not be in this legislation, but if somebody is determined enough, my guess would be they will invoke criminal breach of trust. And it’s not about getting a conviction at the end of the day. The power of a criminal court issuing notice to directors to come to court and answer the allegations is enough [intimidation] in a lot of instances. Or the police turning up at your office, saying criminal breach of trust [charges are being filed] against your company…So, I’m again using that horrid lawyer hat of mine, but it’s possible. This law may not provide for it, but do not put it past some clever member of my fraternity [to file similar charges].”

Read more

STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!


Advertisement. Scroll to continue reading.
Written By

Free Reads


While Chandrasekhar said the advisory doesn't include startups, the advisory itself does not make any such classification based on platform sizes.


The case dates back to 2019 when Spotify filed a complaint against Apple's anti-steering rules which prevented apps like Spotify from informing their users...


DIP contains information regarding cases detected as misuse of telecom resources and acts as a back-end repository of all requests received on the Sanchar...

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...


Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...


The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...


Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...


Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ