Facebook RSS Twitter
Download Now
Home Blog Page 99

Ajit Singh vs. State of Punjab (1999)   

By
Rachit Garg
-
0

This article has been written by Soumyadutta Shyam. It deals with the important constitutional case of Ajit Singh and others versus the State of Punjab (1999). It discusses the details of the case, the background of the case along with Reservation Policy in India, facts of the case, issues raised by the parties, arguments of the parties, law discussed in the case, judgement given by the Supreme Court and analysis of the case.

Introduction 

This case deals with the important issue of reservation in employment. In this case, three interlocutory applications were presented for interpretation by the State of Punjab with respect to the case of Ajit Singh Januja v. State of Punjab (1996), which dealt with seniority and promotion of reserved and general category candidates. 

The case dealt with substantial questions regarding the interpretation of Article 16 clause (1), (2), (4) and (4-A) as well as Article 14 of the Indian Constitution. One of the main issues in this case was whether the right to be considered for promotion is interpreted as only a statutory right or a fundamental right.

This case is important as it dealt with many questions relating to interpretation and application of the rules relating to reservation and promotion contained in Article 16 of the Constitution. This case finally made it clear that the right to be considered for promotion is not only a statutory right but a fundamental right under Article 16 of the Constitution. 

Details of the case

Name of the case

Ajit Singh and Ors. v. State of Punjab and Ors.

Name of the petitioner

Ajit Singh and others

Name of the respondent

State of Punjab and others

Citation

AIR 1999 SC 3471

Advocates on behalf of the petitioners

Adv. Rajiv Kr. Garg, Adv. Preetesh Kapur, Adv. N.D Garg, Adv. Rajiv Dutta, Adv. Enakshi Kulshrestha, Adv. Kapil Sharma, Adv. Hemant Sharma, Adv. K.C Kaushik, Adv. D.S Mahra, Adv. Anil Katiyar and others.

Advocates on behalf of the respondents

Adv. Hardev Singh, Adv. Rajeev Dhavan, Adv. Altaf Ahmed, Additional Solicitor General of India Mr. C.S Vaidyanathan, Adv. Harish Salve, Adv. K. Parasaran, Adv. D.D Thakur, Adv. M.N Rao, Adv. Jose P. Verghese.

Date of judgement

16.09.1999

Bench 

Chief Justice of India- A.S Anand, Justice K.Venkataswami, Justice G.B Pattanaik, Justice K.P Kurdukar, Justice M. Jagannadha Rao. 

Background of the case

In this case, the earlier decisions of Ajit Singh Januja v. State of Punjab (1996), Union of India v. Virpal Singh Chauhan (1995) and Jagdish Lal v. State of Haryana were discussed. The present case was filed by the Government of Punjab for seeking clarifications in relation to the judgement in Ajit Singh Januja v. State of Punjab (1996). It is important to understand these cases in order to understand the background as well as the issues in the case of Ajit Singh v. State of Punjab.

Cases which were considered in Ajit Singh vs. State of Punjab (1999)

Union of India v. Virpal Singh Chauhan (1995)

The Union of India v. Virpal Singh Chauhan (1995) case was about the legitimacy of extension of reservation in Railway Service which allowed groups coming under reserved category (SC/ST) not only to get jobs based on their caste but also receive promotions on the same basis. The Supreme Court ruled, in this case, that seniority among reserved category candidates and general or unreserved candidates shall be decided by the panel provided at the time of their selection. 

Facts of Virpal Singh Chauhan

There are four categories of guards in Railway Service i.e, Grade C , Grade B, Grade A and Grade A Special. New recruitments were made to Grade C, after which they were promoted to upper ranks. The requirement for advancement from one grade to the other was seniority-cum-suitability. Reservation was applicable not just at the preliminary level of recruitment to Grade C but also with respect to promotion. The total quota allotted for Scheduled Castes and Scheduled Tribes was 22.5 percent. To implement the norm of reservation, a roster was made in which certain points were reserved for people belonging to SC/ST. Seats reserved in the roster for Scheduled Castes were 14, 22, 28 and 36; whereas seats reserved for Scheduled Tribes were for 4, 17 and 31 for grade A, B and C respectively.

In 1986, both the general candidates and the respondents (SC/ST) were in Grade A in Northern Railway. In August, 1986, some general candidates were promoted on an extemporaneous ground to Grade A Special but were later reverted and members of SC/ST were promoted. They challenged this situation as illegal, arbitrary and unconstitutional. They argued that once the quota allocated for reserved category is filled, the norm of reservation or 40 % roster made to implement the rule should not be enforced any longer. It may give accelerated promotion but cannot grant seniority to the reserved category candidate in the promoted category. Therefore, the seniority among the reserved category candidates and general category candidates within the promoted category will keep being ruled by their panel position. They contended even if a reserved category member receives promotion prior to his senior, who is a general candidate, the situation is supposed to be that when the general candidate also receives promotion subsequently, he should redeem his seniority. 

The Supreme Court upheld their view and held seniority among the reserved category candidates and general category candidates in the promoted class should keep being determined by their grade in the panel.

Ajit Singh Januja v. State of Punjab (1996)

The Supreme Court ruled in Ajit Singh Januja v. State of Punjab (1996) that promotions of the candidates belonging to Scheduled Castes or Backward Classes, which were made above the specified threshold based on State Government’s order, were invalid. 

Reservation of 14 percent of the posts was the substantive requirement, while the roster system was a procedural guide. Roster system was a practical guide for application of the reservation policy. The roster system was used to calculate the percentage of reserved seats based on the number of positions available in the cadre. Roster points were held to be seniority points in relation to Scheduled Castes and Backward Classes. After the necessary quota has been satisfied and the roster has been filled for the candidates of Scheduled Castes and Backward Classes for which particular class reservation is provided and roster is formulated, the process of promotion to upper grade posts comes next.

After the required roster is formulated, their claim to be promoted even to the upper grade posts with the unreserved category should be evaluated. They cannot be promoted just based on ‘accelerated seniority’ against the general category. Here ‘accelerated seniority’ means promoting a candidate belonging to the reserved category before their senior belonging to the general category and then evaluating seniority in service based on that promotion. In this case, the Supreme Court dismissed the contention of the petitioners that people belonging to Scheduled Castes could not be considered against unfilled posts. Accelerated promotions should only be made against the reserved posts or recommended roster. The question of benefit does not arise in case a candidate from Scheduled Caste or Backward Class asserts promotion counter to general category posts in the higher grade. Those candidates who belong to the Scheduled Caste or Backward Class and got promoted based on reservation or utilisation of roster system earlier than their seniors in lower grade from the general category, in the course have not supplanted them, since there was not any equivalence of merit between them. Therefore, once these seniors who come under general category, were given promotion afterwards, it could not be claimed that they have been supplanted by these candidates from Schedule Castes and Backward Classes who received promotion in advance. When considering them for additional promotion against general category posts, if just the issue that they got promotion in advance because of belonging to Scheduled Castes or Backward Classes was taken into account, then that would defy the principle of equality and be contrary to the position taken in R.K Sabharwal & Ors v. Union of India (1995) by the Constitution bench as well as the position taken in the Indra Sawhney v. Union of India (1993), wherein it was ruled that in any cadre, reservation must not be above 50 percent.

Based on this reason, the Supreme Court held in Ajit Singh Januja v. State of Punjab that at any time if candidates belonging to Scheduled Castes are taken into account for advancement to posts that have not been reserved for them, then they shall have to be chosen on merit. The reservation policy should not be applied in a way to hinder the channel of merit and to render it useless. To encourage meritorious and gifted individuals to join the public services, an equilibrium needs to be achieved, whilst making the provisions of reservation available. Seniority in service is among the main requirements in promotion. Society is benefited when equal opportunities for elevation are there for all suitable personnel in service. The right to equality set out in the Constitution should be conserved by avoiding reverse discrimination, too.

While the policy of reservation accords accelerated promotion, it does not provide “consequential seniority”. If a candidate belonging to Scheduled Caste or Scheduled Tribe category receives promotion in advance as a result of reservation or roster and his senior from general category is advanced afterwards to that higher grade, then the general category candidate will re-attain his senior status above the Scheduled Caste and Scheduled Tribe candidate who received promotion earlier. Thus, it is fair, equitable and reasonable to decide that when the candidate belonging to unreserved category is promoted afterwards from the lower grade to the higher grade, he shall be regarded as senior than a candidate belonging to Scheduled Caste or Scheduled Tribe category who got accelerated promotion in relation to the reserved post. The process must be in consonance with the requirements of Article 16(4) and Article 335.

The Supreme Court thus, in Ajit Singh Januja case allowed the appeals and reversed a part of the judgement in Jaswant Singh v. The Secretary to Government of Punjab, Education (1989).

Jagdish Lal and Ors. v. State of Haryana (1997)

In this case the appellants i.e, Jagdish Lal, Ram Dayal and Surinderjit Kapil , who belonged to the general category, challenged the promotion of Scheduled Caste and Scheduled Tribe candidates, Ram Asra, H.S Hira, Sant Lal and Ajmer Singh as Superintendents in Class III service of Haryana Government. In the lowest cadre post i.e, clerks and assistants in the Education Department, the appellants were senior to the respondents. They further asserted that though the reserved candidates had got promotion to the different posts earlier than them, the appellants still were entitled to be senior to them for the purpose of promotion to class I posts. The High Court dismissed the writ petition on account of unnecessary delay in challenging the promotion of the reserved candidates to the post of Assistant/Deputy Superintendents. The High Court also rejected the argument that the appellants were denied of their right to equality because of the rule of reservation and roster point.

On appeal, the Supreme Court opined that, “Equality must not remain mere idle incantation but must become a vibrant living reality for the large masses of people.” Equality of opportunity is not just a matter of legal equality. Its existence depends not only on the absence of disabilities but on the presence of opportunities for excellence in each cadre/grade. It is, thus, essential to take into consideration de facto inequalities which exist in the society and in order to give true equality affirmative action must be there to fills the gap and preference should be given to the socially and economically disadvantaged sections. 

It is therefore a settled constitutional principle that facilities and opportunities should be given to the Dalits and Tribes for promotion to higher cadre or grade, gain accelerated seniority and surpass the seniority of general candidates in the lower cadre or grade in accordance with the roster point. Thus, the Dalits and Tribes get accelerated placement in the higher echelons of the cadre or grade. It is Constitutionally permissible classification having reasonable relation to the object of equality. It is a just and reasonable procedure prescribed to achieve the constitutional objectives of equality of opportunity and dignity of person in accordance with Articles 14, 15 and 16 of the Constitution. 

The Supreme Court ruled that the earlier promotions cannot be reconsidered. The claim of the appellants to redo the seniority held by them in various cadres/grades in accordance to the service rules, were not amenable to judicial review at that later stage. Therefore, the Supreme Court held that the decision of the High Court is not vitiated by any error of application of wrong principle of law. The appeal was accordingly dismissed. 

However, till this case, the right to be considered for promotion was not expressly recognised as a fundamental right under Article 16 of the Constitution. 

Reservation in India

Reservation is a form of affirmative action or positive discrimination which is practised in India. It seeks to elevate the socio-economic conditions of certain disadvantaged castes or tribes who faced discrimination and exclusion in Indian society historically. This measure has been taken to set a level playing field for these groups. In addition to the right to equality, some extra provisions have been made for these vulnerable groups so that true social equity and fairness can be achieved.

Under the policy of reservation, the government can reserve seats for vulnerable and disadvantaged classes in government educational institutions, government jobs and legislative bodies. Besides, the candidates belonging to the reserved categories, receive benefits of upper-age relaxations, lower cut-off marks, etc.

Reservation falls under the category of reasonable classification within the scope of Article 14. The following provisions of the Indian Constitution provide for the policy of reservation:-

  • Article 15(3) bestows power on the State to lay down special provisions for women and children. Thus, special legislation or reservation in favour of women or children is valid.
  • Article 15(4) mentions that the State has the power to lay down special provisions for the progress of any socially or educationally backward classes of citizens or for Scheduled Castes and Scheduled Tribes. 

The logic behind the particular clause is that favourable consideration can be given where socially and educationally backward classes require it. The phrase Backward classes is not explained in the Constitution, although the President under Article 340, can designate a Commission to inquire into the situation of socially and educationally backward classes and according to that report, the President may stipulate as to who may fall under the category of Backward Classes.

Under Article 16(4), the State has the power to formulate special provisions for reservation of appointments or posts for any backward class of citizens that in its view is not sufficiently represented in public employment. This provision should be interpreted along with Article 335 that says that the requirements of the SC/ST shall be taken into account while considering the efficacy of the administration in making of appointments to services and posts in connection with the affairs of the Union or of a State. The reservation for backward classes must be reasonable while having due regard to the employment opportunities of the general public.

Section 16(4-A) was included in order to mitigate the impact of the decision given in Indra Sawhney v. Union of India (1993). This provision allows the State to extend the policy of reservation to issues pertaining to promotion or advancement in jobs, too. This clause was amended in 2001 vide the Constitution (Amendment) Act, 2001. By this amendment, the words with consequential senioritywere added to this clause. The validity of the clause has been upheld in M. Nagaraj v. Union of India (2007).

To understand the complexity and intricacy of the Reservation in India, it is vital to analyse the case of Indra Sawhney v. Union of India (1993). Prime Minister Morarji Desai designated the Backward Classes Commission in 1979 in accordance with Article 340 of the Constitution. The Commission was supervised by chairman B.P Mandal to inquire the conditions of Socially and Educationally Backward Classes in India and also suggest steps for their progress, including the feasibility for formulating provision for reservation of seats for them in public service. Its report was laid down in December, 1980. It ascertained 3748 castes as socially and educationally backward classes and advised 27 percent reservation in public service for them. In August, 1990, Prime Minister Vishwanath Pratap Singh issued the Office Memoranda reserving 27 percent seats for Backward Classes in Government services based on the report of Mandal Commission. This resulted in widespread riots and protests across India. Indra Sawhney filed a Public Interest Litigation (PIL) against the order of the Government. The Apex Court said the decision of the Government to reserve 27 percent of seats in Government sector jobs for Backward Classes was constitutionally permissible. However, the Court said that the socially advanced persons among the Backward Classes i.e, the creamy layer should be kept out. It was also held that the maximum limit of 50 percent should not be surpassed. Although, in special situations, it may be modified for people living in far-flung and remote areas of the country.

Facts of the case

Three interlocutory injunction applications were filed in this case by the petitioners before the Apex Court seeking clarification regarding the judgement in Ajit Singh Januja v. State of Punjab (1996). The issue in this case was regarding the contention pertaining to seniority of reserved and general category candidates.

With regard to this case, the question was, if there were rosters at Level 1 and once more at Level 2 and a reserved candidate had been promoted from Level 1 to Level 2 and once more from Level 2 to Level 3 on the basis of roster point. A senior candidate belonging to the general category at Level 1 has subsequently come up to Level 3 and at that time the reserved candidate is yet at Level 3. The general candidates claimed that he attained seniority at Level 3 since  he was senior to him at Level 1. Disregarding the senior general candidate at Level 3, the reserved category candidate was given promotion to Level 4 before 1st March, 1996 when the Ajit Singh Januja case was decided. Then, the prospective operation of the Ajit Singh Januja case meant, according to the reserved candidates, that such a reserved candidate should not be reverted, but his seniority should be safeguarded. The general candidates stated that subsequent to the judgement in Ajit Singh Januja, the said promotion was made to Level 4, brushing aside senior general candidates at Level 3, should be reassessed and the seniority at Level 3 should be restored. 

Subsequently, when the general category candidate is promoted to Level 4, then the senior status of the reserved category candidate also has to be fixed on the basis as to when he would have been otherwise promoted, after contemplating the issue of his senior belonging to the general belonging.

Issues raised 

The main issues before the Supreme Court in this case were:

  • Whether the roster point candidates i.e, reserved category candidates should calculate their seniority in the promoted rank from the day of their steady performance in relation to the general category employees who were senior than them in the lower category, and who were subsequently given promotion to the same level?
  • Whether the Virpal Singh Chauhan case, Ajit Singh Januja case and Jagdish Lal case (1997) were correctly adjudged?
  • Whether the ‘catch up’ principle argued by the general category candidates was acceptable?
  • What was the connotation of “prospective” operation in R.K Sabharwal case and to what extent Ajit Singh Januja case was prospective in nature?

Arguments of the parties

The arguments from both the parties involve extensive discussion about the interpretations of Article 16 (4) and (4-A) as well as the Ajit Singh Januja case and Virpal Singh Chauhan case. Many other cases on this topic were also discussed.

Contentions of the petitioners

The Advocate appearing on behalf of general candidates said that in Ashok Kumar Gupta v. State of U.P (1997), it was stated that right to promotion is just a “statutory right” whereas the rights under Article 16(4) and 16(4-A) are “Fundamental Rights”. Similar position was taken in Jagdish Lal v. State of Haryana (1997) and some subsequent judgements.

The Petitioner’s side also took support of paragraph 43 of the Ashok Kumar Gupta judgement. It said that it is definite, the right to promotion is a statutory right. It is not a Fundamental Right. The Advocate representing the Petitioners contended that this was the correct Constitutional Position.

Contentions of the respondent

Advocate Hardev Singh, appearing for the State of Punjab said that as Jagdish Lal case judgement was in contrast to Virpal Singh Chauhan case and Ajit Singh Januja case, the State was in a “quandary” as to what would be the suitable course of action.

In these cases and the related cases which were enumerated together and heard, disputations had been raised by Advocate Rajeev Dhavan and Advocate Altaf Ahmed, Additional Solicitor General of India for the State of Rajasthan and Mr. C.S Vaidyanathan, Additional Solicitor General of India for the Union of India contended that the “roster point promotes” that is, the reserved candidates cannot demand seniority on the basis of steady service. But, Additional Solicitor General, C.S Vaidyanathan for the Indian Railways took a different position and notwithstanding the fact that the Railways had taken up the view of Virpal Singh Chauhan judgement and released a circular on 28th February, 1997 that roster point promotions in Railways did not vest seniority. 

Advocate K. Parasaran, Advocate D.D Thakur, Advocate M.N Rao and others as well as Advocate Jose P. Verghese representing reserved candidates depended on Jagdish Lal case and argued that Virpal Singh Chauhan case and Ajit Singh Januja case decisions were incorrect. It was contended that the validity of ‘catch-up’ rule accepted in Virpal Singh Chauhan case and Ajit Singh Januja case was in favour of general candidates. In R.K Sabharwal case it was held that once roster point promotions were made in respect of the reserved candidates, the roster ceased to operate. The reserved candidates now contended that not only the reserved candidates so promoted in excess of the roster points could not be reverted but their seniority against such excess promotions was also protected.

Legal aspects discussed in this case

Article 16 : Equality of opportunity in matters of public employment 

In this case, there were substantial questions as to interpretation and application of Articles 16(1), 16(4) and 16(4-A) relating to promotion, seniority, and the roster system for reserved category candidates.

Article 14

Article 14 provides everyone equality before law and equal protection of law. In this case, the Apex Court contemplated on the question ‘should the right to be considered for promotion be treated as a fundamental right’. Article 14 and 16(1) are closely related. They both cover individual rights. While Article 14 sets out equality before law and equal protection of law, Article 16(1) gives equal opportunity in relation to employment to public offices. It was observed that it has been repeatedly ruled that Article 16(1) is an aspect of Article 14 and emanates from Article 14. Article 16(1) ensures to each employee who is suitable for promotion, a fundamental right to be “considered” for promotion. Promotion based on equal opportunity and seniority are dimensions of fundamental right under Article 16(1). If promotion normatively is “seniority-cum-suitability”, the qualified seniors at the preliminary level according to seniority should be considered first and promoted if found eligible.

Article 16(1), (2) and (3)

Article 16(1) guarantees equality of opportunity for all citizens in matters of employment or appointment to any office under the State. 

Clause (2) prohibits discrimination on the grounds of religion, race, caste, sex, descent etc., in respect of any employment or office under the State. Article 16(3) is an exception to clause (2) of this Article. This clause empowers the Parliament to make a law by prescribing any requirement as to residence within that State or Union Territory for employment to any office under the Government or any local or other authority within a State or Union Territory. 

Article 16(4)

Article 16(4) empowers the State to make special provision for the reservation of appointments or posts in favour of any Backward classes of citizens which, in the opinion of the State, are not sufficiently represented in the services of the State. The Supreme Court observed while explaining Article 16(4), that it is supposed to be construed bearing in mind the situations prevalent when the Constitution was made and when Article 16(4) was included in the Constitution. The founding members of the Constitution were cognisant of the fact that special provisions for reservation were important to ensure that backward classes of citizens are sufficiently represented in the services. Thus, an elucidation that promotes this goal must be made applicable. 

Article 16(4-A)

Clause (4-A) was added by the Constitution (77th Amendment) Act, 1995. This clause empowers the State to make provisions for reservation in matters of promotion, with consequential seniority, to any class or classes of posts in favour of Scheduled Castes and Scheduled Tribes which, in the opinion of the State, are not sufficiently represented under the services of the State. Clause (4-B) was added by the Constitution (81st Amendment) Act, 2000. The objective of adding this clause was to protect reservation for Scheduled Castes and Scheduled Tribes in the unfilled seats or vacancies.

The declaration of purposes and causes in relation to the inclusion of Article 16(4-A) are also important. Indeed from the side of the reserved category candidates, it was argued that the said officers should not be positioned as equivalents to general candidates, keeping in mind their underdevelopment and historical social oppression. The main objective of Article 16(4) and Article 16(4-A) is fair representation of specific classes in certain posts. 

The Constitution has set out, the boundaries of positive discrimination through reservation under Articles 16(4) and 16(4-A). It has also included Article 335 so that the efficacy of administration is not compromised. The Court also stated that in C.A Rajendran v. Union of India (1968), it was observed that Article 16(4) conferred an option and did not give rise to a Constitutional duty or obligation. It was also said that Article 16(1) sets out a Fundamental Right while Article 16(4) and (4-A) are enabling provisions.

Judgement of the case

The Supreme Court disposed of the applications presented by the State of Punjab. It was held that Ajit Singh Januja v. State of Punjab and Virpal Singh Chauhan v. the Union of India set out the right law and law laid down in Jagdish Lal v. State of Haryana was not valid in this respect as it was limited to its own specific facts. The Court passed distinct orders in the Punjab, Haryana and Rajasthan cases based on the principles set forth in this case which was named Ajit Singh II.

Rationale behind this judgement

Right to be considered for promotion is fundamental right

The Supreme Court restated its view that Article 16(1) is an aspect of Article 14, and it is rooted in Article 14. This clause specifies the general nature of Article 14 and gives Constitutional recognition to equality of opportunity in employment as well as appointment to State office. The term “employment” is broader, there is no contention that in its scope, the element of promotion to posts beyond the first level of recruitment is also included. Article 16(1) gives to all employees who are suitable for advancement and who comes into the scope of consideration, a fundamental right to be “considered” for promotion. If an  employee fulfils the eligibility criteria as well as the area requirement and is not considered for promotion, then it shall be a violation of their fundamental right to not be “considered” for promotion, which is also a personal right.

When promotional avenues are available, seniority becomes closely inter-linked with promotion, provided such a promotion is made after complying with the principle of equal opportunity under Article 16(1). The right to be considered for promotion is not just a statutory right, but a fundamental right within the meaning of Article 16.

Validity of Ajit Singh Januja Case and Jagdish Lal case

The Supreme Court held that the position taken in Ajit Singh Januja case was correct.The Court opined that the view pronounced in Ashok Kumar Gupta case and followed in Jagdish Lal case and other cases if it was meant to set out that the right given to employees for being “considered” for promotion is just a statutory right and not fundamental right, it was not acceptable.

Seniority and Promotion

Statutory rule of seniority should not be disconnected from the promotion rule and applied to roster point promotions. It is unacceptable to disconnect the seniority rule for recruitment and apply it to promotions made based on roster. The Court viewed this as the right way of balancing the fundamental rights under Article 14 and Article 16(1) and provisions regarding reservation in Article 16(4) and 16(4-A) on the other.

‘Catch-up’ rule

It was held that the ‘catch-up’ rule as accepted in Virpal Singh Chauhan Case and Ajit Singh Januja Case was correct. In case any senior general candidate at Level 2 reaches Level 3, before the reserved candidate at Level 3 goes further up to Level 4, in that case the seniority at Level 3 has to be modified by placing such a general candidate above the roster point promotee (Reserved Category), reflecting their seniority at Level 2. Further promotion to Level 4 must be on the basis of such modified seniority at Level 3, namely, that a senior general candidate of Level 2 will remain senior also at Level 3 to the reserved candidate, even if the reserved candidate had reached Level 3 earlier and remained there when the senior general candidate reached at Level 3. In cases where the reserved candidate has gone upto Level 4 ignoring the seniority of the senior general candidate at Level 3, seniority at Level 4 has to be refixed on the basis of when the time of reserved candidate for promotion to Level 4 would have come, if the case of senior general candidate was considered in due time. This process was viewed by the Supreme Court as proper balance of rights of the reserved candidates and the fundamental rights guaranteed under Article 16(1) of the general candidates.

Prospective Operation of R.K Sabharwal case and Ajit Singh Januja Case

It was observed by the Supreme Court that prior to the R.K Sabharwal case was decided in 10-2-1995, it was evident that in several services, the roster was initially put in operation and promotions at all the roster points were filled up. But the roster was once again operated on future vacancies, even though all the required reserved candidates were in position at the promotional level. It was not realised that once the roster were all filled, the roster had served its purpose and fresh members of the reserved classes could claim promotional posts only if any promotional posts only if any promotional posts already filled by the reserved candidates became vacant. This misinterpretation of the roster system came to be removed for the first time after the R.K Sabharwal case was decided. If the rule declared in R.K Sabharwal case were to be treated as retroactive as in the normal position whenever the law is declared by the Court, it would have resulted reversions of several officers in the reserved classes as their promotions before the decision in 10-2-1995 by the fresh operation of the roster system, it would be totally unjustified. Therefore, while promotions in excess of the roster made before the R.K Sabharwal case are protected, however such promotees cannot claim seniority. Seniority in the promotional cadre of such excess roster-point promotees shall have to be reviewed after R.K Sabharwal case and would have to be counted only from the date on which they would have otherwise got normal promotion in any future vacancy arising in a post previously occupied by a reserved candidate.

In regards to the Ajit Singh Januja case, it was said by the Supreme Court that where before the judgement in 1-3-1996 in Level 3, there were reserved candidates who were promoted to the Level earlier and also senior general candidates who reached there later and when inspite of the fact the senior general candidate had to be treated as senior at Level 3, the reserved candidate is further promoted to Level 4 without considering the fact that the senior general candidate was also available at Level 3 then after the decision, it becomes necessary to review the promotion of the reserved candidate to Level 4 and reconsider the same. When the senior reserved candidate is later promoted to Level 4, the seniority at Level 4 also needs to be refixed on the basis of when the reserved at Level 3 would have got his normal promotion, treating him as junior to the senior general candidate at Level 3.

Analysis of the case

The Supreme Court discussed extensively about meaning and interpretation of Article 16(1), 16(4) and 16(4-A) and clarified the position regarding the Ajit Singh Januja judgement in this case. The Apex Court explained the intent behind incorporating Article 16(4) into the Constitution. It said that the intention behind incorporating this clause was to ensure that candidates coming from backward classes are fairly represented in public employment. It was also observed that Article 16(4-A) was enacted taking into consideration the disadvantages and social oppression which certain social groups were historically subjected to. 

The Court also delved into the close connection of Article 14 and Article 16(1). While Article 14 enshrines the general principle of equality, Article 16(1) gives equal opportunity in relation to employment in state offices. It was laid down in this case that the right to be considered for promotion was a fundamental right. It was further stated that promotion based on equal opportunity and seniority in State services were aspects of the right under Article 16(1) of the Constitution. 

The Court also observed that Article 16(4) and 16(4-A) were enabling provisions. Through enabling provisions, it makes the law operational. The above-mentioned clauses make it possible for the socio-economically disadvantaged classes to avail the benefit of right to equality of employment enshrined in Article 16(1) by giving them fair and equitable representation in State services.

An array of related cases were considered in this case. The Apex Court analysed the cases cited by the petitioners and the respondents to arrive at the decision in this case. It was clearly expressed in this case that Article 16(1) specifies the generality of Article 14 and warrants equality of opportunity in government services. It also provides to every eligible employee the right to be appraised for promotion. It was explained that the right to be taken into consideration for promotion is not merely a statutory right, which was a clear departure from the judgements of Ashok Kumar Gupta v. State of U.P (1997) and Jagdish Lal & Ors. v. State of Haryana (1997). The Court further stated that related cases upheld the view taken in Ajit Singh Januja case and the Virpal Singh Chauhan case, while setting aside the position taken in Jagdish Lal case. In this case, there was the statutory rule that seniority should not be delinked from the promotion rule and made applicable to roster point promotions. 

The Supreme Court after considering the arguments of both the sides, noted the following points:

  1. While interpreting Article 16(1), the intention behind its incorporation must be kept in mind. It is rooted in the principle of equality enshrined in Article 14.
  2. Article 16(4) and 16(4-A) were enacted to safeguard the interests of disadvantaged classes and to give them a significant presence in the State services.
  3. Right to be considered for promotion is not just a statutory entitlement, it is a fundamental right.
  4. The seniority rule cannot be delinked from the promotion rule and applied to roster based promotions.
  5. Articles 16(4) and 16(4-A) are enabling provisions.

Judgements which referred to the case of Ajit Singh v. State of Punjab (1999)

The decision of Ajit Singh v. State of Punjab was followed in the cases mentioned below:-

The Supreme Court in Union of India v. Manpreet Singh Poonam (2022), while referring to the present judgement, took a similar view and observed that Article 16(1) issues a positive directive that there shall be equality of opportunity for all citizens in matters of employment or appointment to any office under the State. It was also reiterated that clause (1) of Article 16 is an aspect of Article 14 and that it takes root from Article 14. Equality also means the right to be considered for promotion. It was held in this case that notional seniority cannot be granted from backdate and if it is done, it must be based on objective considerations and on a valid classification and must be traceable to the Statutory rules. 

In State of Tamil Nadu v. T. Dhanraju (2016), the Madras High Court, dealt with similar issues as in this case. The Court while referring to this judgement observed that when promotions are given to the post of Sub-Registrar Grade II, the rule of reservation is followed. By application of the rules of reservation, the member of the reserved category is given accelerated promotion ahead of his seniors belonging to the general category. When the senior candidate belonging to the general category gets promoted, he retains seniority over the junior candidate belonging to the reserved category, despite the fact that the latter was promoted earlier, on the basis of reservation.

In T. Sidhardha Reddy v. Rajive Kumar Gupta (2020), the Kerala High Court while following the present judgement, observed that Article 16 (4-A) of the Constitution is an enabling provision which lays down that the State may make provision for reservation of appointments in favour of any backward classes of citizens which is not adequately represented in the services of the State. Article 16(4) and 16(4-A) should be read with Article 335 of the Constitution, which says that the claims of the members of Scheduled Castes and Scheduled Tribes shall be taken into consideration consistently with the efficiency of administration.

Conclusion

The State of Punjab in this case sought interpretation of the judgement in Ajit Singh Januja v. State of Punjab (1996). The case also involved the question of seniority. The State was in a predicament as to what should be its approach in this matter since there were conflicting decisions on this particular issue. The Supreme Court observed that Article 16(4) must be construed taking into account the situations prevalent when this clause was incorporated. It was incorporated to ensure sufficient representation of backward classes in Government services. Similarly, Article 16(4-A) was also incorporated while contemplating the backwardness and social oppression of certain classes.

The Court also said that Article 14 and 16(1) are interrelated. Article 16(1) provides equality of opportunity in employment, and under this provision the right to be considered for promotion is not just a statutory prerogative, but a fundamental right. Seniority becomes connected to promotion, when that promotion is granted after following the rule of equal opportunity in Article 16(1). Since seniority in service is connected to promotion, the statutory rule of seniority cannot be delinked from the promotion rule and applied to roster point promotions.

In light of the above discussions, the Supreme Court held that the decision in Ajit Singh Januja and Virpal Singh Chauhan case were accurate and the view taken in Jagdish Lal case was improper.

Frequently Asked Questions (FAQs)

Why were the three interlocutory injunctions filed in this case?

The three interlocutory injunctions in this case were filed by the State of Punjab for interpretation of the case of  Ajit Singh Januja v. State of Punjab (1996). Since the Jagdish Lal case judgement was in contrast to what was decided in Virpal Singh Chauhan case and Ajit Singh Januja case the State was in a predicament as how to apply the rule of reservation in relation to promotion and seniority in service.

According to the decision in this case, is the right to be considered for promotion a statutory right or a fundamental right?

In this case, the Supreme Court opined that the right to be considered for promotion is not merely a statutory right but a fundamental right under Article 16 of the Constitution.

What is ‘Consequential Seniority’?

Consequential seniority permits reserved category candidates to retain seniority over their general category peers. If a reserved category candidate is promoted before a general category candidate because of reservation in promotion, then for subsequent promotion the reserved category candidate retains seniority. Therefore, consequential seniority revokes the ‘Catch-up’ rule that allowed general category candidates to catch up to reserved category candidates.

What is the Mandal Commission?

Prime Minister Morarji Desai appointed the Backward Classes Commission in 1979 as per Article 340 of the Constitution. This Commission was led by chairman B.P Mandal. The Commission was constituted to inquire into the conditions of Socially and Educationally Backward Classes in India and also suggest steps for their advancement. This Commission came to be known as the Mandal Commission.

Who can designate a class as a Backward Class?

According to Article 340, the President can appoint a Commission to inquire into the conditions of Socially and Educationally Backward Classes and in accordance with the report of that commission, the President may direct as to who may fall under the category of Backward Classes.

Why are ‘reservations’ permissible?

Reservations are permissible because they fall under the category of reasonable classification within the scope of Article 14.

What was the landmark case which put the 50% ceiling limit on the reservations?

The case of Indra Sawhney v. Union of India (1993) put the limit of 50% on the total reservations that could be given to the reserved categories. 

What was the final view of the court regarding Article 16(1), 16(4) and 16(4A)?

The Court cleared that the Article 16(1) is a fundamental right provided in the Constitution, whereas Article 16(4) and 16(4A) are enabling provisions.

References

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/lawyerscommunity

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

Download Now

Digital Personal Data Protection Act (DPDPA), 2023

By
Rachit Garg
-
0
consumer data protection

This article is written by Adv. Priyanka. This article covers a detailed analysis of the Digital Personal Data Protection Act, 2023 which includes key features, highlights, principles on which this Act is based, and all the provisions of the Act with relevant examples. Further, an exhaustive differentiation between various drafts of the Digital Protection Bills is explained.

Introduction

Let’s go back to the time when there was no online shopping or food applications and every time you had to visit the malls or the grocery shops to buy what you needed! It feels like a hassle now, in today’s world! But by the end of the 20th century, when the wave of globalisation and liberalisation started globally, the markets started shifting from physical to virtual platforms. And now you even get a pen delivered to your doorstep!

All these services acquire our personal data by making us accept their terms and conditions or ‘cookies’.Cookies are bits of data that are sent to and from a browser to identify a certain user. These terms and conditions or cookies are so lengthy and technical that most people skip reading them. Starting from online shopping to net banking, from commuting from one place to another to watching online shows and movies everything takes some personal information of an individual. Have you ever thought that between taking a service and paying for it, the virtual service provider also gets the personal data of an individual which can be misused and this misuse can not only affect the individual but also the whole country. These applications collecting the personal data of individuals can impact their right to privacy.

“As it is aptly said that ‘data’ is the new oil, so it is very important to secure and manage the large volumes of data that are being processed in the country daily. After the covid 19 pandemic, not only the business and corporate world but also the state itself shifted to digital databases to securely work in these changing times. A country’s progress and individual’s rights can be balanced by implementing rules and regulations governing the conflicting interests and deciding the extent and nature of the use of digital personal data of an individual which an enterprise or the state can do. Due to the huge multifaceted impact of digital shifting and high-risk factors along with growing dependence on artificial intelligence technologies, the government passed the Digital Personal Data Protection Act (‘DPDPA’), 2023  which addresses all the concerns related to digital personal data privacy.

Data Protection landscape before the Digital Personal Data Protection Act (DPDPA), 2023 

Before the passing of the DPDPA, 2023 in India there were various other acts, rules, bills, cases, and drafts that dealt with the privacy of the personal data of individuals.

The first law that was enacted to secure the digital information of individuals was Information Technology Act, 2000. Later in the year 2011, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 came into force to secure the sensitive personal data or information of individuals. Further, the Ministry of Electronic and Information Technology codified Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 to balance the privacy rights in the interest of national security and public order.

In the case of Karmanya Singh Sareen and Anr vs. Union of India and Ors. (2016), WhatsApp’s 2016 privacy policy to permit WhatsApp to share data with Facebook was challenged before the Delhi High Court, wherein the High Court upheld WhatsApp’s policy and directed them to delete the data of the users who have opted out from this service.

In the case of Justice K S Puttaswamy (Retd.), and Anr. vs. Union of India,(2012), the 9 judges’ bench of the Supreme Court of India declared that the right to privacy is a fundamental right of the person under Article 21 of the Constitution of India. Following this, the B.N. Shrikrishna committee was formed to report on the concerns regarding the digitalization of personal data and propose solutions. The Draft Personal Data Protection Bill, 2018 was drafted by the committee which was presented before the lower house of the Parliament. Later in the year 2019, the draft Bill of 2018 was referred to the joint parliamentary committee for examination and was for public comments.

Now, after 5 years of extensive submissions, discussions, recommendations, consultations, customizations, and deliberation, a final draft of the Digital Personal Data Protection Bill, 2023, which after approval from the cabinet, was finally ready to be presented before the houses of the parliament and finally got passed in the lower house. 

A brief timeline of the Data Protection law in India is reproduced below for ready reference-

Journey of the Data Protection law in IndiaYear/ Bill/Act Name
First draft of the Bill(submitted by the committee formed under the chairmanship of Justice Srikrishna)Personal Digital Protection Bill, 2018 (PDP Act)
PDP Act introduced in parliament and referred to Joint Parliamentary Committee (JPC)December 2019
Report by JPCDecember 2021
New version of Data Protection ActDecember 2021
The Data Protection Bill, 2021
Draft of Data Protection Bill, 2021 withdrawnAugust 2022
Bill replaced (Draft released by Ministry of Electronics and Information Technology)Digital Personal Data Protection Bill, 2023 (“DPDP Bill, 2023”)
DPDP Bill, 2023 tabled before Parliament3 August 2023
DPDP Bill, 2023 passed by the Lower House of Parliament7 August 2023
DPDP Bill, 2023 passed by the Upper House of Parliament9 August 2023
DPDP Bill, 2023 presidential assent and became law of the landDigital Personal Data Protection Act, 2023(passed on 11 August, 2023)

Overview of Digital Personal Data Protection Act (DPDPA), 2023

The Digital Personal Data Protection Act, 2023 (hereinafter referred to as the “DPDP Act” or “Act”) is an elaborative effort of the Indian legislature to protect the privacy of an individual in today’s world where an individual’s personal data is floated digitally for innumerable reasons. 

The main idea of the DPDP Act of India comes from the data privacy regulation of the European Union, which is known as the General Data Protection Regulation, but rather than being prescriptive and extensive, it is a concise and comprehensive draft that incorporates most of the concerns surrounding the data protection regime in India. The current draft proposed is a very pragmatic and thoughtful step taken to establish the data protection regime in India by keeping in mind the rights and concerns of the people of India along with the globalization goals of the Indian economy.

When we read this DPDP Act, we get to see how the legislature has been successful in implementing the balance between data sovereignty and economic growth through globalization. Another major aspect covered by this proposed legislation is the extent of the use of personal data obtained by any business or entity. The Act aims at circumscribing the use of personal digital data collected to limit it within the parameters of legal boundaries. Further, the Act also gives the control to the individual, whose data is collected, to consent, access, and edit their data and make corrections. This results in building the people’s trust in this digital regime and makes them feel secure and empowered. 

Key difference between drafts of various Data Protection Bills

BasisThe Digital Personal Data Protection Bill, 2023The Personal Data Protection Bill, 2019The Draft Data Protection Bill, 2018
Scope and ApplicabilityDoes not cover offline personal data and non-automated processingCovers anonymised personal dataProcessing of personal data by government and private entities and entities incorporated overseas.
Transfer of personal data outside IndiaThe Central Government may restrict the transfer of personal data through notification.Some of the sensitive personal data may be transferred only if explicit consent is provided.The personal data may be transferred to certain permitted countries or countries under contract with the authorities. This can only be done if consent is provided.
Data Breach reportingAll the personal data breach should be intimated to the Data Protection Board of India and also the affected Data Principal (as hereinafter defined in the course of this article).Same as the Data Protection Bill of 2018.All the personal data breach should be intimated to the Data Protection Board of India. The affected Data Fiduciary will only be informed if the Board decides.
ExemptionsGranted by the Central Government through notification. There is no safeguard or procedure for exemption specified.Granted by the Central Government through order. Exemptions may be granted to some agencies wherein processing is necessary or it is subject to certain procedures.The Exemption may be granted where processing is authorised by law and as per the procedure established by law.
Right to be forgotten(The individuals have right to limit the disclosure of their personal data on the internet)Not providedProvidedProvided
Harm from the processing of personal dataNot providedSimilar to the Draft Data Protection Bill, 2018This harm includes monetary loss, loss of reputation, and identity theft. Data Fiduciaries need to take measures to mitigate the risk of harm and Data Principal has the right to seek compensation in case of harm caused.
Right to Data PortabilityNot providedProvidedProvided
RegulatorThe Data Protection Board of India The Data Protection Board of India and the Appellate TribunalThe Data Protection Board of India and the Appellate Tribunal

Objectives of Digital Personal Data Protection Act (DPDPA), 2023 

This DPDP Act, apart from being concise in length, is also written in very simple words and has further simplified by exemplifying the provisions through illustrations. 

One of the unique features of this Act is that for the first time legislation uses the word ‘she’ instead of ‘he’ in the law-making in India. This acknowledgment of women in legislation points toward steps taken by the legislature toward gender equality in law-making. 

The DPDP Act is also free of any provisos. This further reduces the complexity of this proposed legislation. The parties referred to in this Act are ‘Data Principal’ and ‘Data Fiduciary’. The objectives of the DPDP Act are:

  • to govern the processing of personal data on the digital platform in India whether obtained online or offline;
  • to provide for the protection of digital personal data;
  • to lay down grounds for processing personal data;
  • to make provisions that will harmonise the ever-evolving digital infrastructure and technological advancement in India with the core fundamental right of privacy of its individuals;
  • to place general and in certain cases special obligations on entities that process personal data;
  • to confer rights in respect of their personal data on individuals;
  • to provide for the duties of the individual while exercising their rights and providing their personal data for certain purposes;
  • To lay down a digital design compliance framework for easy and faster implementation of the proposed Act;
  • to regulate digital technology by ascertaining the accountability of  AI-driven applications and platforms while handling personal digital data;
  • to enable parties in dispute to attempt for mediation;
  • to provide for monetary penalties for non-compliance of the provisions of the Act; and
  • to enable voluntary undertaking for faster resolution and rectification of lapses.

Highlights of Digital Personal Data Protection Act (DPDPA), 2023

The following are the highlights of the Act:

  1. It covers digital personal data.
  2. Data Fiduciary or a class of Data Fiduciary including startups are exempted from the provisions of this Act. The power to exempt is with the Central Government who shall inform it through notification.
  3. For onboarding a Data Processor (as defined hereinafter) a valid contract is mandatory.
  4. Cross-border transfers are valid. However, certain transfers are restricted by the Central Government.
  5. The Act excludes personal data that is made publicly available by the Data Principal.
  6. Situations labelled as deemed consent in the previous Act have been permitted as ‘certain legitimate uses’.
  7. No criminal liability for non-compliance with the provisions of the Act.
  8. The personal data of children cannot be used for tracking, behavioral monitoring, or targeted advertising.
  9. Introduction of Significant Data Fiduciaries who shall appoint a Data Protection Officer to conduct periodic data protection impact assessments.
  10. The privacy notice should be in English or any other language that is specified in the Eighth schedule of the Indian Constitution.
  11. The right to nominate for Data Principal has been added.
  12. The key stakeholders of this Act are:
  1. Data Principal 
  2. Data Fiduciary
  3. Significant Data Fiduciary
  4. Data Processors
  5. Consent Manager

Key features of Digital Personal Data Protection Act (DPDPA), 2023

The key features of the DPDP Act, 2023 are as follows:

  1. Applicability of the Act: The provisions of this Act will apply to the processing of digital personal data within the territory of India where such data is collected either in the digital form or non-digital form and is digitised. Further, the Act shall also apply to the processing of digital personal data outside the territory of India. In simple words, the DPDP Act also applies to non-citizens living in India. It does not apply to the processing of personal data for domestic or personal purposes by individuals and personal data made publicly available.
  2. Consent: The Act allows personal data to be processed only after the consent of the individual is given or for ‘legitimate use (lawful use of the personal data)’. Further, the consent needs to be given only for lawful purpose. Along with the consent the personal data and the purpose for which the consent is given needs to be proposed. The consent given must be ‘free, informed, specific and unconditional’.

Example: A, an individual opens a share trading account using the mobile app or website of C, a share trading website. For completing the Know-Your-Customer formalities A chooses to process her personal data by C through live video-based verification. C shall give a notice to A that will give a detailed explanation of the personal data and the purpose of its processing.

  1. Exemptions: The right of the Data Principal and obligations of the Data Fiduciary shall not apply when the processing of data is:
  1. for enforcement of any legal right or claim;
  2. by the court or tribunal or any other body in India entrusted with the performance of judicial or quasi-judicial or supervisory function;
  3. for prevention, investigation, detection, or prosecution of any offence;
  4. not within the territories of India;
  5. essential for a scheme of compromise, arrangement, or merger, or amalgamation of two or more companies or undertakings;
  6. for ascertainment of financial information and assets and liabilities of a person who has defaulted payment due to loans or advances from financial institutions. 

Further, the exemptions also include the processing of personal data:

  1. in the interest of the sovereignty and integrity of India, friendly relations with foreign states, state security, and public order; and
  2.  for research, archiving, or statistical purposes.
  1. Personal data transfer to outside India: One of the features of this Act is that it allows the transfer of personal data outside India, but not to the countries restricted by the central government through notifications issued in this regard.
  2. Rights and duties of Data Principal: The Act gives certain rights to the Data Principal which include the right to:
  1. access information about personal data;
  2. correct and erase personal data;
  3. grievance redressal; and 
  4. nominate another individual to exercise rights in case of death or incapacity of the Data Principal. 

The duties of the Data Principal include:

  1. complying with the provisions of all the laws;
  2. ensuring no impersonation of another person while providing her personal data;
  3. ensuring no suppression of material information;
  4. not registering any false complaint or grievance; and
  5. furnishing authentic information. 
  6. Data Protection Board of India (DPBI): There shall be a DPBI consisting of a chairperson and other members as appointed by the Central Government. The tenure of the chairperson and other members will be two years and they are eligible for re-appointment. The main function of the board will be to:

(i) direct any urgent or mitigation measure in case of a personal data breach;

(ii) impose penalties;

(iii) monitor compliances; and 

(iv) hear grievances made by the affected persons.

  1. Penalties: There are penalties for various offences specified in the schedule of the Act. Some of the penalties include a penalty extending to 150 crore for a breach in observance of duties specified under Section 15.

Principles on which Digital Personal Data Protection Act (DPDPA), 2023 is based

The following are the principles on which the DPDP Act is based:

Principle of consent

This principle denotes how the data must be collected from the individuals. Every data collected must be through lawful means and should follow fair procedure. This fair and transparent procedure means that the concerned individuals must be informed about the nature, purpose, and use of the personal data collected from them. After being informed it is also mandatory that the individuals give their consent to the collection and use of their personal data.

Principle of purpose limitation 

This principle denotes that once consented personal data is collected, the use of it must be restricted to the purpose for which it was collected and the purpose for which consent is received from the individual. Any deviation from the consented purpose is prohibited in the proposed legislation. While obtaining the consent of the individual, the data fiduciary must make sure to comprehensively inform the purpose of such personal data collection to the individual.

Principle of data minimization

This principle speaks of the proportionality between the purpose of the data and the personal data collected in that context. It must be ensured that the personal data collected is not more than the specific purpose for which it is collected. There should not be extra personal data collected in the veil of serving a specific purpose.

Principle of personal data accuracy

The next principle is about updating the personal data collected. The Act allows for certain reasonable measures that can be taken to ensure the accuracy and correctness of the personal data collected from the individual. Also, it is expected that the Data Fiduciary takes reasonable measures to update the personal data collected to its utmost accuracy. This principle is incorporated to ensure the accuracy of the personal data at every level for achieving the specific purpose for which it was collected.

Principle of storage limitation

This principle adheres to the rule against perpetuity. The time period of storage of the personal data must be directly proportional to the specific purpose for which it is collected. Once the said purpose is accomplished, the data must be removed from the access of the Data Fiduciary. The duration of personal data storage should not be perpetual by default. It must be limited to the reasonable time required for the fulfilment of the specific purpose for which it was collected.

Principle of data safeguard with reasonable measures 

Once the Data Fiduciary has acquired the trust and consent of the individual to receive her personal data for a specific purpose, they must ensure that such personal data is secured and it must not be breached, shared, processed, or accessed for any purpose other than the ones which are authorized. This principle gives the outline for protection against any of the unauthorized uses of the personal data collected other than the uses for which the consent was obtained.

Principle of accountability 

One of the most important principles on which any protective law is based is the one of accountability. Any preventive or protective laws decide the accountability of the wrong done or committed. The DPDP Act determines the accountability of the data fiduciary who has collected the personal data of the individual after obtaining her trust and consent. Once the data is collected, any further use, accessibility, sharing, or any other type of processing of such data will be the responsibility of the person in charge of such data. The redressal, penalties, etc. for the breach of the provisions and the trust of the individual are all available in the provisions of this proposed legislation. 

Key terminologies in Digital Personal Data Protection Act (DPDPA), 2023

The definitions are explained in Section 2 of the DPDP Act. There are a total of 28 legal terms defined in the Act. The definition clause is an attempt to give the direction in which the legislators want the interpretation of the terms used in the Act. The definitions are alphabetically arranged and the reference of where to find the exact definition of the mentioned terms. 

The term ‘Appellate Tribunal’ is defined under clause (a) means the Telecom Regulatory Authority of India Act, 1997 under section 14 which establishes the ‘Telecom Disputes Settlement and Appellate Tribunal’.

Clause (b) defines the term ‘automated’ by a very inclusive definition using the terms ‘any digital process’ and ‘instructions are given or otherwise’. It explains that any automatic digital process which is processing data on any given instructions or its own will be termed as ‘automated’. 

Clause (c) is not so much of a definition clause but rather just a clarification clause stating that wherever this Act uses the term ‘Board’ it means the Data Protection Board of India established under section 18 of the DPDP Act by the Union Government. 

Clauses (d), (e), and (f) are more or less referral or clarification clauses. They deal with the terms ‘certain legitimate uses’, ‘chairperson’, and ‘child’. The term ‘certain legitimate uses’ is referred to in section 7 of the DPDP Act, 2023. ‘Chairperson’ is clarified to be construed as the ‘Chairperson of the Board’ and for the question of ‘which board’, refer to clause (c). Lastly, the term ‘child’ is defined as any person who has not attained the age of eighteen years. This is a very generalized blanket, especially concerning the subject that this Act is dealing with i.e. digital privacy and personal data protection. 

The next definition in the row is ‘Consent Manager’ under clause (g). It is defined as a sole intermediary platform that enables the Data Principal to give and access her consent to review, supervise, or recant it at any stage. This transparent medium enables the trust of the Data Principal in the Data Fiduciary and ensures fair and authentic accessibility and processing of the digital data collected.

The term ‘Data’ is defined under clause (h) as any kind of communicable representation that can be communicated, processed, understood, and explained by any individual or artificial intelligence. 

The person determining the objective of collection of personal data and the methods and extent of processing the same is known as a ‘Data Fiduciary’ as defined under clause (i). The definition also states that it can be a single person or several persons who can act as a Data Fiduciary. 

Clause (j) gives an inclusive definition and defines ‘Data Principal’ as any individual whose personal data is collected. It further elaborates that the lawful guardian of a child including parents and the lawful guardian of the disabled person will also come under the term ‘Data Principal’. 

Clause (k) defines the term ‘Data Processor’ as whenever any person processes the personal data of the Data Principal, on behalf of the Data Fiduciary, then that person will be known as a Data Processor.

Clause (l) gives a referral definition to the term ‘Data Protection Officer’. It says that whoever is appointed by the Significant Data Fiduciary under section 10(2)(a) will be a Data Protection Officer. 

Clause (m) defines ‘Digital Office’ as an online mechanism where all the related redressal proceedings from the filing of complaints, appeals, etc. to their disposal are conducted. As stated all of these proceedings are conducted online or digitally. Then, clause (n) defines ‘digital personal data’ as any personal data in digital form. Unlike the earlier regulation, there is no further bifurcation of digital personal data based on its sensitivity in this current DPDP Act.

The next two clauses (o) and (p) define the terms ‘gain’ and ‘loss’. These definitions are just explanatory and not exhaustive. It says that any gain or loss in property or services or opportunity of legitimate remuneration or any financial advantage will be ‘gain’ or ‘loss’ under this Act. 

Clause (q) gives an inclusive definition of the term ‘member’ which is member of the Board including the Chairperson. 

Clause (r) defines ‘notification’ which includes the terms ‘notify’ and ‘notified’ and should be published in the Official Gazette. 

The term ‘person’ is defined under clause (s) in an inclusive definition including any individual, a Hindu Undivided Family, a company, a firm, an association of persons, a body of individuals, whether or not incorporated, the State, and every other artificial juristic person.

‘Personal Data’ is defined in clause (t) as any data that can identify or relate to an individual. 

Clause (u) defines ‘personal data breach’ as the unauthorised processing of personal data or accidental disclosure, sharing, use, or alternation of personal data which leads to compromising its confidentiality, integrity, or availability. 

‘Prescribed’ as defined under clause (v) means any rules that are prescribed under this Act.

Any action taken by the board under this Act is termed a ‘proceeding’ [clause (w)].

The term ‘processing’ is described exhaustively under clause (x). It is related to the processing of personal data and means either wholly or partly automated operations performed on personal data. The personal data in which it should be processed should be digital. Operation includes recording, collection, storing, indexing, organisation, structuring, adapting, retrieving, using, aligning or combining, sharing, disseminating or making available, erasure, restriction, or destruction.

One of the most unique features of this Act is the use of the term ‘she’ which is defined under clause (y).  The term she refers to any individual irrespective of gender.

Clause (z) defines ‘Significant Data Fiduciary’ as any Data Fiduciary or class of Data Fiduciaries. These data fiduciaries or class of data fiduciaries are notified by the Central Government under Section 10 of the Act.

‘Specified Purpose’ as defined under Section (za) means the purpose mentioned in the notice given by the Data Fiduciary to the Data Principal. This is done in accordance with the provision of the Act and its rules.

Lastly the term ‘state’ has been defined under clause (zb). Don’t we all remember this term is defined in the Indian Constitution Article 12? It means the same over here.

Rights of Data Principal

The rights of the Data Principal are mentioned in Chapter III of the Act. A Data Principal has four rights under the Act which are as follows:

Right to access information about personal data (Section 11)

The Data Principal has the right to obtain-

  1. a summary of the personal data being processed by the Data Fiduciary;
  2. the identities of all the data fiduciaries and the data processors to whom the personal data is shared along with the detailed description of the personal data shared; and 
  3. any other information related to the personal data from the Data Fiduciary.

But if the Data Fiduciary shared the personal data with any other Data Fiduciary who by law is authorised to obtain the personal data, and the personal data is being shared for carrying out prevention, detection, investigation of cyber incidents or prosecution or punishment of offences, the rights which are mentioned in (b) and (c) shall not apply.

Right to correction and erasure of personal data (Section 12)

If the Data Principal wants she can get her personal data –

  • corrected, if there is any inaccurate or misleading personal data;
  • updated;
  • complete, if the personal data is incomplete; and
  • erased (unless retention is necessary for compliance with the law or specified purpose)

The Data Principal needs to request the Data Fiduciary to get this done and once the Data Fiduciary receives the request he is obliged to do it in accordance with the law.

Right of grievance redressal (Section 13)

In case of any grievance, the Data Principal has the right to register a grievance with the grievance redressal mechanisms provided by the Data Fiduciary or the Consent Manager who shall respond to the grievance within the prescribed period notified by the Central Government. Further, the Data Principal must exhaust the redressal opportunity as provided in the section before approaching the Data Protection Board. 

Right to nominate (Section 14)

How can the personal data of a Data Principal be handled after his death or incapacity? Under this section, the Data Principal has the right to nominate any other individual who shall exercise the right of the Data Principal as per the provisions of the rules specified.

Duties of Data Principal

The DPDP Act (Section 15) specifies five Duties that the Data Principal shall perform:

  1. Compliance – The Data Principal shall comply with the provisions of all the applicable laws while exercising the rights under the provisions of the Act.
  2. No impersonation: The Data Principal must not impersonate another person at the time of providing her personal data.
  3. Full Disclosure-  A complete disclosure of the personal data should be provided by the Data Principal. No suppression of any material information must be done. All the documents, proof of identity, or proof of address should be accurately presented.
  4. No false or frivolous grievance- The Data Principal should not register any false or frivolous complaint or grievance with the Data Fiduciary or Consent Manager or the Data Protection Board.
  5. Authentic information-  Only verifiable authentic information must be provided by the Data Principal while exercising the right to correction or erasure.

Obligations as a Data Fiduciary under the Digital Personal Data Protection Act (DPDPA), 2023

Before knowing the obligations of a Data Fiduciary, let us understand who is a Data Fiduciary. A person who either alone or with some other person decides for what purpose and for what means the personal data is processed. 

The obligations of Data Fiduciary are outlined under Chapter II of the Act. There are two grounds under which the personal data of a Data Principal can be processed:

  1. When the Data Principal has given her consent; or
  2. When it is used for certain legitimate use.

Moreover, a Data Fiduciary can process the personal data of a Data Principal only for lawful purposes.

Explaining more about the Data Principal, if the Data Principal is a child, it will include their legal guardian or parents. If the Data Principal is a person who has a disability, it will include a legal guardian who will act on their behalf.

Notice to the Data Principal

Any request for consent made to the Data Principal should be accompanied by a notice from the Data Fiduciary specifying the purpose of processing personal data, the manner in which she may exercise her rights, and the complaint mechanism. If this consent is given before the date of commencement of the DPDP Act, the Data Fiduciary is obliged to give notice to the Data Principal specifying the purpose of processing personal data, the manner in which she may exercise her rights, and the complaint mechanism thereof. Further an option will be given to the Data Principal to access the contents of the notice in English or any language specified in the Eighth schedule of the Indian Constitution.

The personal data of the person shall be processed until the Data Principal withdraws her consent.

Consent by the Data Principal

The consent that is given by the Data Principal should be freely given, specific, informed, unconditional, and unambiguous. The consent must indicate an agreement to the processing of personal data for the specified purpose and be limited only to the specified purposes. If any part of the consent violates the Act’s provision it will be considered invalid. The consent presented to the Data Principal should be clear and in plain language. It should also provide the details of a Data Protection Officer, where applicable, or any other person authorised by the Data Fiduciary to respond to a communication from the Data Principal.

Data Principals have the right to withdraw their consent at any time and the consequences of such withdrawal will be borne by the Data Principal. For example, A, an individual orders clothes from the website of B, an e-commerce service provider. A before placing an order consents to process her personal data by B for supplying her order. If A withdraws her consent, B can stop A from placing further orders from her website but can’t stop the processing of the supply of goods already ordered. 

In case of withdrawal of consent, the Data Fiduciary is obliged to cease processing the personal data of the Data Principal within a reasonable time unless such processing is done without her consent or as authorized by this Act or rules or any other applicable Indian laws.

The Data Principal can give, manage, review, or withdraw consent from the Data Fiduciary through a Consent Manager (registered with the Board), who will be accountable to the Data Principal. The Consent Manager acts on behalf of the Data Principal.

If any question is raised against any processing of personal data of the Data Principal, the Data Fiduciary has to prove that the notice was given by her to the Data Principal according to the provisions of the Act.

Certain legitimate uses

Section 7 of the Act states that the processing of personal data of the Data Principal by the Data Fiduciary must be done only for the following purposes:-

  1. When the Data Principal has voluntarily provided her personal data to the Data Fiduciary. 

Example: A, an individual goes to a superstore B, to buy groceries. A voluntarily provides B with her personal data and requests B to send the Bill to her mobile phone through a message. B can only process the personal data of A for the purpose of sending the bill.

  1. For the state or any of its instrumentality for subsidy, benefits, service, certificate, license, or permit to be provided or issued to the Data Principal. This can be done only in case she has previously consented to process her personal data or such personal data is available in digital form or non-digital form and digitized from the state or any of its instrumentality maintained books, registers, database, or any other document;
  2. For the performance by the state or any of its instrumentality for any function under Indian law or in the interest of the sovereignty and integrity of India;
  3. For the fulfilment of any obligations on any person to disclose any information to the state or any of its instrumentality;
  4. For compliance of decree or judgment or order issued;
  5. For compliance with any judgment or order related to claims of a contractual or civil nature being in force outside India;
  6. For responding to a medical emergency that involves a threat to the life or immediate threat to the Data Principal or any other individual;
  7. For providing medical treatment or health services to an individual during any outbreak of disease, epidemic, or any other threat to health of the public;
  8. For taking steps to ensure the safety of or providing assistance to any individual during a disaster or breakdown of public order;
  9. For the purpose of employment or safeguarding the employer from loss or liability like maintaining confidentiality of intellectual property or trade secret etc.

General obligations of Data Fiduciary

Apart from the above-mentioned obligations, there are some general obligations of Data Fiduciary outlined in Section 8 of the Act. These are as follows:

  1. To adhere to the provisions of this Act and the rules while processing personal data.
  2. To engage, appoint, or involve a Data Processor in processing the personal data on its behalf for activities relating to the offering of goods or services to the Data Principal.
  3. To ensure data accuracy, completeness, and consistency.
  4. To implement technical and organisational measures.
  5. To protect personal data in its control or possession.
  6. To inform the Board and affected Data Principal about the breach in personal data.
  7. On withdrawal of consent by the Data Principal erase the personal data and cause its Data Processor to erase the personal data that was made available to them.
  8. Publish the contact information of the Data Processor Officer.
  9. Establish an effective redressal grievance mechanism for the Data Principal.

Processing of personal data of children

If the personal data of a child or personal disability is being processed, the Data Fiduciary should obtain verifiable consent from their parent or lawful guardian. The personal data will not be processed if it is likely to harm the well-being of a child. Further, no tracking or behavioural monitoring of children or targeted advertising directed at children will be done.

Additional obligations of Significant Data Fiduciary

Before knowing their obligation let us quickly know about Significant Data Fiduciary. Significant Data Fiduciaries are any Data Fiduciaries or class of Data Fiduciaries that the Central Government notifies. 

  • The Significant Data Fiduciary appoints a Data Protection Officer who represents them, is based in India, is responsible to the Board of Directors or similarly governing body of the Significant Data Fiduciary, and is a point of contact for grievance redressal mechanism.
  • An independent auditor is also appointed by the Significant Data Fiduciary, who carries out data audits and ensures compliance with the provisions of the Act.
  • Periodic data protection impact assessment shall be conducted by the Significant Data Fiduciary. This assessment comprises of description of the rights of the Data Principal and the purpose of processing their personal data, and other matters regarding this process of assessment.
  • Periodic audit shall be undertaken by the Significant Data Fiduciary.
  • Other such acts/measures shall be done by the Significant Data Fiduciary as consistent with the provisions of the Act.

Provisions of Digital Personal Data Protection Act (DPDPA), 2023

Exemptions

The following exemptions have been provided under Section 17 of the DPDP Act, 2023:

General exemptions

The provision of Obligation of Data Fiduciary [except Section 8 (1) wherein it is provided that the Data Fiduciary shall irrespective of any agreement carry out the duties under this Act, and (5) wherein it is provided that Data Fiduciary shall protect personal data in its possession by taking reasonable security safeguards to prevent personal data breach], provisions of rights and duties of Data Principal, and Section 16 ( Processing of personal data outside India) shall not apply where the personal data –

  1. is processed to enforce any legal right or claim;
  2. is processed by any court or tribunal for the performance of any judicial, quasi-judicial, or supervisory function;
  3. is processed to prevent, detect, investigate, or prosecute any offence;
  4. of the Data Principals is not within the territory of India and is processed under any contract entered with any person outside the territory of India;
  5. is processed for a scheme of compromise, amalgamation, arrangement, or merger of two or more companies.
  6. is processed for ascertaining the financial information and assets and liabilities of any person who defaulted in payment of a loan or advances borrowed from the financial institution.

Exemptions from the Central Government and States

Further, the provisions of the Act shall not apply to the processing of personal data-

  1. by any notified agency in the interest of the sovereignty and integrity of India, friendly relations with the foreign state, security of the state, maintenance of public order, etc;
  2. for research, archiving, or statistical purposes; and
  3. for startups or any other notified Data Fiduciaries or class of Data Fiduciaries by the Central Government.

Data Protection Board of India

The DPDP Act, 2023 establishes a Data Protection Board of India (referred to as ‘Board’) which shall function as an independent body and also try to function as a digital office of the Board. The Board shall try to adopt techno legal measures provided in the Act. The main aim of establishing this Board was to ensure compliance with the provisions enumerated in the Act. The composition of the Board and its establishment is determined by the Central Government.

Composition and qualifications for the Board

The Board shall comprise a Chairperson and other such members who shall be appointed by the Central Government. If necessary for the efficient discharge of function as per the Act, the Board with prior approval of the Central Government can appoint other officers and employees. Section 25 of the Act mentions that the members, chairperson, officers, and employees of the Board shall be public servants as per Section 21 of the Indian Penal Code.

Further, the persons appointed shall be persons of ability, integrity, and having knowledge of data governance, administration, digital economy, information technology, dispute resolution, and other fields that the Central Government deems useful in this regard. At least one of the members of the Board shall be a law expert.

Salary, allowances, and tenure

The salary and allowances of the service shall be prescribed by the Central Government. The tenure of the chairperson and other members shall be two years who are also eligible for re-appointment.

Disqualifications of the Board members

The chairpersons and the members shall be disqualified for appointment and continuation if any of them-

  1. has been adjudged as insolvent;
  2. has become incapable (physically or mentally) of acting as a member;
  3. has been convicted of an offence, which in the opinion of the Central Government involves moral turpitude;
  4. has abused the position held; or
  5. has developed financial or other interests which shall affect the functions to be performed being such a member.

However, the chairperson or member of the Board shall not be removed from the office unless they have been given the opportunity of being heard.

Resignation of members 

If the chairperson or any other member of the Board wants to resign, she can do so by giving a notice in writing to the Central Government. But this doesn’t mean the resignation will be effective from the date of notice. It will be effective only when-

  1. the Central Government permits her to relieve office; or
  2. on expiry of a period of three months from the date of receipt of the notice; or
  3. a successor enters her office; or
  4. her term has expired from the office,

whichever is earliest.

Now the next question that arises here is how will the vacancy be filled. In case of resignation, removal, or death of the chairperson or any member of the Board, it will be filled by a fresh appointment in accordance with the provisions of the Act.

The Act clearly states that if the chairperson or any other member vacates, she shall not be allowed to accept any employment for one year from their last day of working and they also need to disclose to the Central Government about any acceptance of employment with any Data Fiduciary against whom proceedings were initiated by or before such chairperson or any other member.

Proceedings of Board

As per Section 23 of the Act, for holding and undertaking transactions of business at its meeting and authenticating its orders, directions, and instruments the procedure as prescribed in the Act shall be followed. Further, no act or any proceedings will be invalid because of –

  1. vacancy or any defect in the constitution of the Board;
  2. defect in the appointment of a person acting as the chairperson or other members of the Board;
  3. irregularity in the procedure of the Board, not affecting the merits of the case.

Powers of the Chairperson

The DPDP Act, 2023 enumerates certain powers that the chairperson of the Board can exercise, like:

  1. general superintendence;
  2. giving instructions for all administrative matters of the Board;
  3. authorising any officer of the Board to scrutinise any complaint, reference, intimation, or correspondence addressed to the Board;
  4. authorising any power of any of the functions of the Board and conduct of its proceedings; and
  5. allocating proceedings amongst the members of the Board.

Powers and functions of the Board

As per Section 27 of the Act, the following are the powers and functions of the Board:

  1. In case of any personal data breach, inquire about it, direct any urgent remedial or mitigation measures, and impose penalties as specified under the Act. The intimation of the personal data breach should be given by the Data Fiduciary;
  2. To inquire into a complaint made by a Data Principal for a personal data breach or a breach in observance by a Data Fiduciary of its obligation with respect to the personal data or rights under the Act or on the reference made by the Central Government or State Government to the Board or in compliance with the directions of any court and impose penalties;
  3. To inquire into a breach by the Consent Manager of its obligation and impose penalties. The complaint must be made by the Data Principal; and
  4. Inquiring for breach of any condition of registration of a Consent Manager and imposing penalties.

The directions shall be given by the Board only after giving the concerned person an opportunity of being heard and record the reasons in writing. The concerned person is bound to comply with the directions issued. The Board also has the power to cancel, modify, withdraw, or suspend its directions.

Procedure to be followed by the Board

The procedure that the Board needs to follow when they receive any intimation or complaint of reference or directions is listed under Section 28 of the DPDP Act, 2023. The Board shall have similar powers as are vested in a civil court under the Code of Civil Procedure,1908 (CPC). The powers vested in a civil court under the CPC are-

  1. summoning and enforcing the attendance of any persona and examining her on oath;
  2. receiving evidence of affidavit requiring the discovery and production of documents;
  3. inspecting any data, document, book, register, books of accounts, or any other documents; and
  4. such other matters as may be prescribed.

The procedure to be followed by the Board after receiving any intimation or complaint of reference is as under-

  1. Analyze and determine whether there are sufficient grounds to proceed with an inquiry.
  2. If there are no sufficient grounds, the proceedings will be closed and the reason will be recorded in writing.
  3. If there are sufficient grounds, the reason will be recorded and the Board shall inquire into the matters. The Board to ascertain if the person is complying with or has complied with the provisions of the act.
  4. During the inquiry, the Board or its officers cannot prevent access to any premises or take custody of any equipment/items that can affect the day-to-day functioning of the person. 
  5. In case the Board needs the assistance of any police officer or any other officer of the Central Government or a State Government, such officer shall comply with the Board.
  6. While the inquiry is in process, the Board can issue an interim order after giving the person an opportunity to be heard. The Board needs to record the reasons in writing for issuing an interim order.
  7. When the inquiry is completed and a chance of being heard is given to the person, the Board can close the proceedings. The reasons for closing the proceedings must be recorded in writing.
  8. If the Board finds that the complaint is false and frivolous, it may issue a warning or impose costs to the complainant. This can be done at any stage after the receipt of the complaint.

Appeal to Appellate Tribunal

If any person is aggrieved by the direction or order of the Board, the option of appeal before the Appellate Tribunal (herein referred to as ‘Tribunal’) is always open for her. However, the appeal should be made within 60 days from the date of receipt of the order or direction and shall be made in such form and manner as prescribed. The appeal shall be accompanied by fees. Once the appeal is received the Tribunal shall give the parties an opportunity of being heard and pass orders that may be to modify, confirm, or set aside the appealed order. Once the order is passed, a copy of the order shall be sent to the Board and the parties of the appeal. Every endeavour shall be made by the Tribunal to deal with the appeal within 6 (six) months from the date on which the appeal was presented to it. If within six months the appeal is not disposed of, the Tribunal shall record the reasons in writing for not disposing of the appeal within time. The order which is passed by the Tribunal shall be executable as a decree of civil court and the Tribunal shall have the power of a civil court.

The provision of Section 18 of the Telecom Regulatory Authority of India Act,1997 shall apply if an appeal is filed against the order of the Tribunal.

What will happen if a person is not able to file a complaint within 60 days? In that case, the Tribunal may hear the appeal if it is satisfied that there is sufficient cause for not filing the appeal within 60 days.

At any stage of the proceeding in the Tribunal, the Board may accept a voluntary undertaking from any person which may include an undertaking to take such action within the time determined by the Board or refrain from taking such action or publicising such undertaking. If the person fails to adhere to the voluntary undertaking terms it shall constitute a breach of the provisions of the Act and after giving the opportunity of being heard the Board shall impose penalties accordingly.

Alternate Dispute Resolution

There can be cases when the Board may direct the parties to solve the complaint by mediation and appoint a mediator by mutual consent.

Penalties

Before imposing any monetary penalty on any party, the Board shall give her an opportunity to be heard. 

Parties on whom penalties may be imposed

The Board may impose penalties on the following parties and in case of the following circumstances:

  1. Consent Manager– In case of a breach in observance of its obligations with the Data Principal’s personal data or any condition of registration of consent manager.
  2. An intermediary– In case of breach of its obligation for blocking the access to information when directed by the Central Government to do so.
  3. Data Fiduciary– In case of a breach of personal data or a breach in observance of its obligations with the personal data or in exercising Data Principal’s rights.

The question now is – How is the monetary penalty determined? 

The Board shall determine-

  1. the nature, gravity, and duration of the breach;
  2. the type and nature of the personal data that is affected by the breach;
  3. repetitive nature of the breach;
  4. if any gain is realised or loss is incurred to the person due to breach;
  5. if any actions were taken to mitigate the effects and consequences of the breach by the person;
  6. the timeliness and effectiveness of the actions taken by the person to mitigate the effects and consequences of the breach;
  7. if the monetary penalty imposed is proportionate and effective; and
  8. the impact of the imposition of the breach on the person.

The penalties prescribed in the Schedule of the Act are as follows:

S.noBreach of provisions of the ActPenalty
1Section 8(5) – Breach in taking reasonable security safeguards to prevent personal data breach by the Data FiduciaryMay extend to  Rs. 250 crores
2Section 8(6) – Breach in giving the Board or affected Data Principal notice of a personal data breachMay extend to  Rs. 200 crores
3Section 10 – Breach in observance of additional obligations w.r.t childrenMay extend to  Rs. 200 crores
4Section 10 – Breach in observance of additional obligations of Significant Data FiduciaryMay extend to  Rs. 150 crores
5Section 15 – Breach in observance of the duties of the Data PrincipalMay extend to  Rs. 10,000
6Section 32 – Breach of any term of voluntary undertaking accepted by the BoardUp to the extent of the breach in respect of which the proceedings under Section 28 were instituted.
7Breach of any other provision of this ActMay extend to  Rs. 50 crores

The sums realised by way of penalties shall be credited to the Consolidated Fund of India. (Section 34)

Protection of action taken in good faith

Anything that is done or is supposed to be done in good faith by the Central Government, the Board, its chairperson, and any Member, officer, or employee will not be held liable. No suit, legal proceedings, or prosecutions shall lie against them. (Section 35)

Power of Central Government

The Central Government shall have the following powers for the purpose of this Act-

  1. To call for information from the Board and any Data Fiduciary or intermediary. (Section 36)
  2. To issue directions to any agency of the Central Government or any intermediary to block access by the public or cause to be blocked for access by the public. These directions shall be recorded in writing. (Section 37)
  3. To make rules which are consistent with the provisions of the Act. (Section 40)
  4. To amend the Schedule by notification. (Section 42)
  5. To make provisions that are not inconsistent with the provisions of the Act. (Section 43)

Consistency with other laws

All the provisions of this Act will not be derogatory of any other law which is in force. Further, if the provisions of this Act conflict with any other law, the provisions of this Act shall prevail. (Section 38)

Bar of jurisdiction

The suit or proceeding which the Board is empowered under the provision of this Act shall be entertained by the civil court. Further, no injunctions shall be granted by any other court or authority. (Section 39)

Challenges and concerns related to Digital Personal Data Protection Act (DPDPA), 2023

There are several concerns and challenges related to the DPDP Act, 2023:

Sharing of personal data

  1. The consent of the individual can be carried forward by giving a notice. However, that notice is vague and it does not provide any information about what and when will the Data Fiduciary be allowed to keep that data. This raises a concern about whether the trust on which the personal data is shared with the Data Fiduciary can be breached and whether personal information can be corruptly processed.
  2. Another major concern of this Act is regarding the use of voluntary sharing of personal data. If an individual is sharing her personal information on any AI application or any digital platform then she has no protection under this proposed legislation. The application may use or share such personal data in any way and there is no accountability for such usage or processing of these voluntarily shared personal data. This concern also extends to anonymous personal data which is also kept outside the scope and purview of this Act.
  3. Another issue raised is that while acquiring the consent of an individual to process her personal data for a specific purpose it is not mandatory to mention that the personal data will be shared if it is required to achieve the said purpose. The Data Fiduciary will not be accountable for not sharing information about the transfer of personal data as long as it is for the specified purpose. Mass surveillance is also not actioned in this Act. The union government can easily withhold personal data for an unspecified period which poses a great threat to the privacy rights of an individual.

Cross-border transfer of data

Another concern of this Act is the protection in case of cross-border transfer of data. There is a provision in the Act that states that the Central Government may restrict the transfer of data across countries through a notification, however, there are no clear restrictions mentioned in the Act for transfer of personal data to other countries. This creates a question of whether there is an adequate mechanism for protection in case of cross-border transfer of data.

Ascertainment of children

The persons of age below 18 years are categorized as children and parental consent has been made mandatory for acquiring any of their personal data. Now, there is no clear provision as to how will the Data Fiduciary ascertain that a particular individual is a ‘child’ under this proposed legislation. The Act is very narrow and vague in this aspect. Further, the Act states that the processing will not be done by the Data Fiduciary if it is detrimental to the well-being of the child, but the Act does not define detrimental effect. 

Privacy risks

  1. The accountability of the Data Fiduciary is parallel to the ‘reasonable security safeguards’ that they have taken to prevent any kind of breach of the personal data that they have collected. How and on what parameters will this reasonableness be tested is not provided anywhere in this Act. This points out another vagueness of this proposed legislation which will directly affect the privacy of the individual.

Ambiguous Central Government powers

  1. The vagueness of the Act concerning the unprecedented powers of the Central Government is of great concern. Most of the provisions use the words ‘as may be prescribed’ without any limitations or clarity of the extent of such prescription that gives unrestricted power to the union government to make rules on data protection and processing. This may hamper the privacy of the individual. Further, without the parliamentary process such delegated legislation can exceed the scope of its parent legislation.
  2. Then the words ‘larger public interest’ are used to restrict the use of the information but it does not restrict the government’s power to withhold the information and surpass the Right to Information Act. This weakens the authority of the Act.

Tenure and authority of the Data Protection Board of India

  1. The members of the Data Protection Board of India are appointed for only 2 years, however, they are eligible for re-appointment. The concern here is that this short appointment of 2 years may affect the independent functioning of the Board.
  2. The most viable concern is regarding the authority of the Board which is set up for grievance redressal. All the powers and functions of the Board along with the very appointment of its members are in the hands of the Central government which raised the question of the conflict of interest, authority, and independence of the Board to address the concerns raised against the government or government bodies. If the judge, jury, and executioner is the government itself, indirectly through a Board then the hope of people that this legislation will safeguard their Right to Privacy will be in great danger and confusion. If that is the case then such a redressal mechanism is just a show of justice with the real intention of keeping the power in the union government’s hands only.

Recommendation for enhancing the comprehensiveness of Digital Personal Data Protection Act (DPDPA), 2023

Here are some recommendations/suggestions to overcome the challenges and concerns related to the DPDP Act, 2023:

  1. There should be clear limitations and parameters set while using the phrase ‘as may be prescribed’ to avoid ambiguity.
  2. A detailed clause/provision must be there specifying the data to be retained, the purpose, and the duration. This will ensure transparency.
  3. The Act should incorporate provisions/clauses for the protection of personal data shared on AI platforms or any digital platform.
  4. A provision should be added making it mandatory for the data fiduciaries to inform the individuals about the transfer of their personal data (if it is necessary for a specified purpose). It will ensure accountability.
  5. There should be a refinement of the ‘Large Public Interest’ term. It should be defined and the scope of this should be limited to prevent any misuse.
  6. Regarding the ascertainment of children’s age, there should be a provision that mentions how the Data Fiduciary ascertains the age for the purpose of this Act.
  7. The tenure of the Data Protection Board members should be extended to ensure stability and independence. 
  8. A provision for allowing public opinion on some decisions of the Data Protection Board should be incorporated. By doing so, there will be a broader perspective and would enhance the democratic nature of the decision-making.
  9. There should be an enhanced redressal mechanism. This can be done by appointing an independent body to handle the grievances against the government bodies. This will result in an unbiased adjudication.
  10. Incorporate robust restrictions and guidelines for cross-border transfer of data. It should also specify under what circumstances the transfer of data may be restricted by the Central Government.

Conclusion

The Indian Digital Personal Data Protection Act, 2023 is a unique combination and compilation of the currently existing legislations on data protection around the world. India has learned and taken guidance from data protection regimes like the USA, China, Australia, etc. Though the basic structure of the Act is taken from General Data Protection Regulation, there are some key differences in the Act like wide powers to the Central Government, limited ground for processing, no right to data portability, no strict requirements for data localization, and no provision for special categories of personal data. Through this Act, the legislature has aimed to safeguard the personal data of the individual and has addressed the privacy of individuals and cross-border transfer of personal data. The drafting of this Act is intended to strike a balance between Indian law relating to data privacy and foreign laws on international trade, especially data-driven businesses.

However, the Act still is required to be more refined and detailed in certain aspects which are discussed above and we can expect the evolution of this law according to the changing scenarios of the society through amendments undertaken in future.

Frequently Asked Questions (FAQs)

Is the Digital Personal Data Protection Act, 2023 in force?

The Bill has been passed by both Houses of Parliament and also received the assent of the President of India, however, it is not in force yet. The Act and its provisions will come into force when the Central Government will issue a notification in the Official Gazette.

If the data of Indian Citizens is processed outside India will the provisions of the act apply?

Yes, the provision of the act will apply if the data of Indian citizens is processed outside India.

How to know whether any organisation is covered by the DPDP Act?

If any organisation collects and processes the personal data of any individual like name, Aadhar, PAN card, passport, etc., they will be covered under this Act.

Are there any criminal penalties for non-compliance with the provisions of this Act?

No, there are no criminal penalties for non-compliance with the provisions of the Act.

What is Data Protection Impact Assessment? I own an organisation, do I need to undertake a  Data Protection Impact Assessment?

Data Protection Impact Assessment needs to be conducted by all the Significant Data Fiduciaries. Under this assessment, the organisation needs to assess the manner and the purpose of processing the personal data, the related harm, the measures for mitigating the harm, and any other matter relating to the processing of personal data.

If your organisation is a Significant Data Fiduciary only then it needs to undertake a Data Protection Impact Assessment.

Are startups exempted from the DPDP Act?

No, startups are not exempted from the Act. Certain startups are exempted based on the volume and nature of the personal data that is processed.

Who is a child for the purpose of data processing?

An individual who has not completed the age of eighteen years is considered a child for the purpose of data processing under this Act.

What type of data does the Digital Personal Data Protection Act apply to?

The Act will apply to digital personal data and non-digitised personal data which is intended to be digitised.

Who is a ‘Consent Manager’?

A person who is accountable to the Data Principals and acts on their behalf to manage their consent is known as a ‘Consent Manager’. These consent managers need to be registered with the Data Protection Board of India.

What is the Data Protection Board?

It is an independent body that conducts inquiries, responds to data breaches, issues interim orders, determines non-compliance, and imposes penalties.

Is cross-border personal data transfer permitted?

Yes, it is permitted. However, certain transfers are restricted by the Board.

I am a Data Principal, can I withdraw my consent?

Yes, you being a Data Principal can withdraw your consent.

I have accidentally sent an email that comprised of the personal data of a third party to one of my customers, should I notify the affected Data Principal and the Data Protection Board of India?

Yes, you need to notify the affected Data Principal and the Data Protection Board of India in this case. This will be a case of a Personal Data breach which includes accidental disclosure of personal data that comprises the confidentiality, integrity, or availability of personal data.

What is the right available with the Data Principal in the event of a data breach?

The Data Principal has the right to inform the Board in the event of a data breach.

References

Download Now

Data privacy laws and regulations worldwide : US, California and India

By
Vanshika Kapoor
-
0

Written by Nisha Paul, pursuing a Diploma in Cyber Law, Fintech Regulations and Technology Contracts from Lawsikho.

This article has been edited and published by Shashwat Kaushik.

What is data privacy

Data privacy involves handling personal information carefully to keep it private and secure. It includes following rules and practices to prevent unauthorised access and giving people control over how their information is used. For instance, data privacy is when a company encrypts its customers’ personal information, such as credit card details, to prevent unauthorised access in the event of a data breach. This ensures that the data is kept private and secure, in line with data privacy regulations and the expectations of the customers regarding the use of their personal information. 

Why is data privacy important to us

Data privacy is a significant concern in today’s digital world due to two primary reasons.

Firstly, data has become a vital asset for companies, contributing to the rise of the data economy. Major corporations like Google, Facebook, and Amazon have successfully leveraged data to build their businesses. As a result, there is immense value in collecting, sharing, and utilising data. However, businesses must be transparent about how they obtain consent, adhere to privacy policies, and manage the data they collect. This transparency is essential for establishing trust and accountability with customers and partners who expect their privacy to be respected.

Secondly, privacy is a fundamental right that should be enjoyed, enabling them to be free from unwarranted surveillance. The ability to exist safely in one’s personal space and express opinions without fear of intrusion is crucial for upholding democratic principles in society. Upholding data privacy is not just a matter of business ethics but also a critical aspect of safeguarding individual rights and liberties.

 In essence, data privacy is a complex and crucial issue that impacts both businesses and individuals. It encompasses the responsible handling of data by companies and the protection of individual privacy rights, both of which are essential for sustaining trust, accountability, and democratic values in a rapidly evolving digital landscape. 

“Privacy forms the basis of our freedom. You have to have moments of reserve, reflection, intimacy, and solitude,” says Dr. Ann Cavoukian, former Information  Privacy Commissioner of Ontario, Canada. Dr. Cavoukian knows a thing or two about data privacy. She is best known for her leadership in the development of Privacy by Design (PbD), which now serves as a cornerstone for many pieces of contemporary data privacy legislation.

Data privacy laws

Recently, laws have been made to protect people’s personal information. This means that companies need to be careful with the data they collect from users. They have to know where the data comes from, what kind of personal information it has, and how they use it. Here are the four main laws that are important for data privacy.

Data privacy in healthcare

In the US, there’s a law called the  Health Insurance Portability and Accountability Act of 1996 that protects people’s personal health information. It’s meant to keep patients’ data safe.

Data privacy and how it works—let’s explain with subpoints. They are-

  • User consent: Companies must ask users if they’re okay with collecting their data.
  • Data requests: Users can ask companies to show them the data they have.
  • Data deletion: Users can ask companies to delete their data.
  • Security responsibilities: Companies have to make sure they keep user data safe.

Since Congress passed HIPAA in 1996, calls for even greater data privacy protection have increased, with data breaches at an all-time high and the rate at which companies use and sell the data they collect on their patients rising fast.

In December 2000, the United States Department of Health and Human Services (HHS) took a significant step towards safeguarding the privacy of individually identifiable health information by issuing the Privacy Rule. This rule was developed to carry out the mandate of the Health Insurance Portability and Accountability Act (HIPAA), which was enacted in 1996.

The Privacy Rule establishes national standards to protect the privacy of health information, including medical records and other protected health information (PHI). It applies to healthcare providers, health plans, healthcare clearinghouses, and business associates who handle PHI.

The Privacy Rule includes a number of key provisions, including:

  • Patient rights: Patients have the right to access their PHI, request corrections to their PHI, and restrict the use and disclosure of their PHI.
  • Provider responsibilities: Healthcare providers must take steps to protect the privacy of PHI, including implementing physical, technical, and administrative safeguards.
  • Business associate responsibilities: Business associates who handle PHI must also take steps to protect the privacy of PHI, including entering into business associate agreements with healthcare providers.

The Privacy Rule has been instrumental in protecting the privacy of health information. It has also helped to promote the electronic exchange of health information, which can improve the quality and efficiency of healthcare.

However, the Privacy Rule has also been criticised for being too complex and burdensome. In 2020, HHS issued a proposed rule that would make a number of changes to the Privacy Rule, including simplifying the language and reducing the regulatory burden on healthcare providers. The proposed rule is currently under review.

Data Privacy for Financial Institutions

The Gramm-Leach-Bliley Act (GLBA) rules for banks and other financial companies to protect people’s financial information. It helps prevent fines and damage to a company’s reputation if sensitive financial data is shared or lost by mistake. It’s not exactly like the GDPR in Europe, but the US could have similar rules soon.

Achieving GLBA compliance has multiple benefits. Firstly, it reduces the risk of potential fines and protects the company’s reputation by preventing the unauthorised sharing or loss of sensitive financial data. This means that the company avoids costly penalties and maintains trust with its customers.

Additionally, by safeguarding consumer financial data, the company demonstrates a commitment to protecting its clients’ privacy and security, which can enhance customer loyalty and confidence in the business. Overall, GLBA compliance helps the company ensure the safety and privacy of its customers’ financial information while also preserving its financial stability and reputation. 

Innovative US private laws

In the US, data privacy is regulated by both federal and state laws. One prominent federal law is the Health Insurance Portability and Accountability Act (HIPAA), which safeguards the personal health information of patients. At the state level, California has established the California Consumer Privacy Act (CCPA) to extend data privacy protections within the state. The CCPA grants consumers in California greater control over the collection and utilisation of their data, necessitating businesses to effectively manage and protect sensitive data to adhere to its stipulations.

Similarly, the Children’s Online Privacy Protection Act (COPPA) is another significant regulation that focuses on protecting the privacy of children under 13. Originally adopted in 1998, COPPA dictates that companies must obtain parental consent before collecting data on children and outlines specific requirements for the storage and processing of such data.

COPPA mandates that websites and online services directed at children or knowingly collecting their data must obtain verifiable parental consent before doing so. This consent must be informed, meaning parents must be provided with detailed information about the types of data being collected, how it will be used, and with whom it will be shared. Additionally, businesses must take reasonable steps to protect children’s data from unauthorised access, use, or disclosure.

To ensure compliance with COPPA, businesses must develop and implement comprehensive privacy policies that outline their practices regarding children’s data. These policies must be easily accessible and written in a manner that is understandable to both parents and children. COPPA also grants parents the right to review their children’s personal information collected by websites and online services and request its deletion or modification.

COPPA’s significance lies in its pioneering approach to protecting children’s privacy in the digital age. It sets a precedent for other countries and jurisdictions to introduce similar legislation aimed at safeguarding the privacy of children online. Furthermore, COPPA has raised awareness among parents and educators about the importance of children’s privacy and has encouraged businesses to adopt more responsible data collection and handling practices.

Despite its strengths, COPPA has also faced criticism for its limitations. Some argue that it does not provide sufficient protection for children’s privacy in the ever-evolving digital landscape. Others point out that COPPA’s enforcement mechanisms are not robust enough to deter companies from violating its requirements.

Nevertheless, COPPA remains a crucial piece of legislation that has laid the groundwork for protecting children’s privacy online. It has served as a model for other jurisdictions and has contributed to raising awareness about the importance of safeguarding children’s personal information in the digital age.

It is noteworthy that several states are contemplating enacting laws akin to California’s, reflecting an overarching legislative inclination towards enhancing data security and privacy across diverse sectors. This growing trend has sparked discussions regarding the potential establishment of a Federal Department of Cybersecurity to standardise data privacy laws nationwide. However, the current regulatory landscape remains a diverse patchwork of separate regulations.

Personal Data Protection Bill, 2018

India’s first-ever data privacy law was created in 2017 after the Supreme Court determined that personal information and privacy are fundamental human rights. This legislation introduced mandatory data audits every year and set data protection and privacy standards.

This Act applies to the following key points:

  • The Act pertains to the processing of personal data within India and by entities or individuals under Indian jurisdiction, encompassing collection, disclosure, sharing, or other forms of processing of personal data.
  • It also extends to the processing of personal data by data fiduciaries or processors located outside India if it is related to business conducted in India, offers goods or services within India, or involves profiling individuals within India.
  • However, the Act does not apply to the processing of anonymized data. In essence, this framework seeks to regulate the processing of personal data within India and by Indian entities, as well as extend its scope to certain activities of non-Indian entities that have connections to India, while excluding anonymized data from its provisions.  

Other data privacy laws

The significance of understanding data privacy laws that are pertinent to specific types of companies and data storage and processing methods. It highlights the importance of considering compliance with ISO 27001, FISMA, and SOX regulations, while recommending Varonis as a provider of comprehensive data protection solutions to facilitate compliance with these frameworks. The paragraph concludes by encouraging businesses to engage with Varonis to address their data privacy requirements.

Data privacy : how to protect your data

In response to the increasing demands of compliance laws like GDPR, there’s a growing need for stringent data security measures. Individuals and industries can contribute to this process by utilising various personal data security solutions. These measures underscore the significance of data privacy and security for both consumers and service providers, ultimately enhancing their security and compliance standing.

Anti-virus software

Anti-virus software plays a critical role in detecting and removing malicious codes, heuristics, and signatures, protecting against rootkits, trojans, and other harmful viruses that can compromise sensitive data. It stands as one of the most widely used security tools for safeguarding consumer and personal information against privacy breaches.

Firewalls

Firewalls act as the initial line of defence, preventing unwanted traffic from infiltrating a network and serving as a shield against malware. By segregating networks and regulating port access, firewalls provide a robust layer of protection. Organisations can customise firewall policies to block or verify specific traffic, offering enhanced control and security.

Backup and recovery systems

In the event of accidental or deliberate data deletion or destruction, a reliable backup and recovery system is indispensable. It enables swift data restoration, ensuring minimal disruption in the face of data loss resulting from cyber threats or system malfunctions.

Access control

Access control mechanisms empower remote data manipulation, limiting the capability of users to copy or store sensitive information locally on portable devices. Through mandatory logins and predefined conditions to detect unusual or suspicious access attempts, access control ensures heightened security across all systems.

Additionally, most industries implement specialised systems to strictly regulate access to personal data, typically employing an Access Control List (ACL). This list precisely outlines authorised individuals and the specific levels of access they are granted. ACLs are commonly based on whitelist and blacklist parameters to control the accessibility of information, bolstering data security within organisations.

Data privacy news and resources

Data privacy has gained widespread attention in the past year, making headlines in major newspapers and media outlets. For the latest developments and breaking news in the data privacy domain, it is essential to also consider specialised sources such as WIRED, HackerNoon, and InfoSecurity Magazine, as they frequently cover pertinent stories in this field.

Here are some of the biggest stories in data privacy at the moment:

California’s CCPA

The California Consumer Protection Act (CCPA), slated to take effect on January 1, 2023, will usher in the most comprehensive data privacy protections in the United States. Enacted in 2018, the CCPA grants consumers sweeping rights to control and protect their personal information, including the right to know what data is being collected, the right to opt-out of the sale of their data, and the right to request that their data be deleted.

In anticipation of the CCPA’s implementation, companies have been scrambling to bring their data practices into compliance. This has sparked discussions about the potential nationwide applicability of the CCPA, as other states consider adopting similar laws.

Several factors contribute to the CCPA’s significance in the landscape of data privacy law. First, its broad scope encompasses a wide range of personal information, including not only traditional identifiers like names and addresses but also online identifiers like IP addresses and cookies. Second, the CCPA’s opt-out provision gives consumers a powerful tool to prevent companies from selling their data without their consent. Third, the CCPA’s private right of action allows consumers to seek damages from companies that violate the law.

The CCPA’s potential nationwide applicability is also a matter of significant interest. While the CCPA is a California law, it has extraterritorial reach, meaning that it applies to businesses that collect the personal information of California residents, regardless of where those businesses are located. This has led some experts to believe that the CCPA could serve as a model for a federal data privacy law.

The CCPA’s potential impact on businesses is significant. Companies that are not in compliance with the CCPA may face hefty fines and penalties. Additionally, the CCPA’s private right of action could lead to a wave of lawsuits against businesses that violate the law.

As the CCPA’s effective date approaches, businesses must take steps to ensure that they are in compliance. This includes developing and implementing a comprehensive data privacy programme, training employees on the CCPA’s requirements, and providing consumers with clear and concise privacy notices.

Google’s Project Nightingale

Recent attention has been focused on “Project Nightingale,” a data-sharing collaboration between Google and Ascension, the USA’s second-largest healthcare provider. Although the data exchange was lawful, it has reignited public concerns regarding the extent of personal data sharing and its processing.

References

Download Now

Internet privacy and its effects on the internet

By
Vanshika Kapoor
-
0

This article has been written by Gopal Podhade pursuing a Test Prep Course for Cracking Certified Information Privacy Manager (CIPM) from Skill Arbitrage.

 This article has been edited and published by Shashwat Kaushik.

Introduction

Privacy and the internet have various aspects to discuss; nowadays, privacy has become more important to every individual.

As the internet becomes an essential part of your daily life simultaneously, privacy also follows.

If we refer to the Indian constitution, then we can find that privacy is a fundamental right protected by the Indian constitution. We have freedom of speech in the same way we have the right to privacy, which is protected by our constitution.

As the internet started growing and developing every day, the various aspects related to the internet also started rising, such as online fraud, cyberattacks, online extortion, and online attacks on someone’s computer.

What is privacy

A perfect definition of privacy is not available; however, many experts try to define it. Privacy is a human right enjoyed by every human being in his/her existence.

It has international recognition as privacy is recognised in the Universal Declaration of Human Rights-

Article 12 of the Universal Declaration of Human Rights, 1948 and Article 17 of the International Covenant on Civil and Political Rights (ICCPR), 1966 protect a person legally from arbitrary powers. In the context of India, the right to privacy is defined under Part III of the Constitution and the Indian judiciary has the biggest role to play in recognising and establishing the real regime of privacy in India from the very beginning, with various presidents given by the apex court in India.

What is internet

The Internet is a global network that connects computers all around the world. It is a medium for exchanging and transferring data at any time and anywhere in the world.

We use the internet to exchange data and transfer data from one source to another. It becomes cost-effective and takes less time. Sharing information is the most important aspect of the internet and information contains all kinds of information, whether it is private or public. Private information contains personal information that is being processed and stored.

Internet and privacy

As we all know, the digital evolution has incredibly enhanced people’s ability to explore anything and enjoy their fundamental rights through the digital medium. Though we have many benefits from digital media simultaneously, some non-useful ways may cause harm to these rights that we have as human beings. Many things are not good or unwelcoming for us if we are using this digital platform carelessly. We have witnessed much news or stories of harassment through the misuse of data.

Though we are familiar with these mediums, there are still many things that can trigger us, and we might not have that much technical understanding when getting into them.

Most people would agree that the internet has made life far easier in many different ways, as I mentioned above.

We can perform multiple tasks with a single click, which include everything from ordering toothpaste in the morning to having dessert after dinner.

We have various choices to watch as many entertainment programmes as we want from any of the countries in the world and from anywhere at any time.

There is no restriction on it; even if I can have my dinner with just a click of a smartphone, within a small-time interval, my food will be ready, and I can have dinner or lunch at the place where I was sitting.

I can book my hotel, train or plane ticket wherever I want to go just by clicking.

See how innovative this is  and how interesting it is.

Despite all the benefits we are getting from the internet and modern, developed technology, all our business and personal information is on the internet because of the multiple available services.

Still, there is another side that we have to consider. Nowadays, many people are concerned about their privacy and how their data is being used and stored.

Some of the ways in which our privacy has been affected

As we know, there is so much information available online that there are several ways that can affect the privacy of common people. Several activities are being performed, which include online fraud, online extortion, and the threat or defamation of doing some illegal activity, which includes monetary loss or any kind of mental instability.

Social media

As we know, many people nowadays are very used to social media, and they are using it continuously. They are sending all their activities online on their social media platforms, including their location, which also includes some personal information that we are not supposed to share. We spend lots of time on social media, and even we give all the information that is so personal to us that where we are going, what our plans are, and what activities we are going to perform in next few days

By performing such things and by doing such acts, we can face different situations that are very unwelcoming and may lead us into trouble.

Hackers can watch our activities, and they can use our information for any kind of malpractice, so we should be more careful while doing or sharing such things.

Eye on our activities

Whenever we perform any activity online, we have to be very careful because someone can put a check on our activity. For example, whenever we use an online payment method, we should use an authentic way to perform that operation.

We should not use any insecure way to perform any translation that can lead us to any financial loss or that can use our data or the password we use for more fraud. Such fraud can be committed by performing any illegal activity that can lead to criminal consequences.

Cyber activity

There are various activities that can be done by the person who has our data. The person can use that to defraud us by seeking any illegal ways. Mainly nowadays, there is a trend going on in which hackers can hack our social media accounts, and they demand money from us, any of our near relatives or any member of our family with whom we are connected on social media. There are some commonly connected examples, which I would like to elaborate on here :

Firstly, one of my friends took a loan from an online app, and he gave all related documents to that app After the money became due, he paid the amount through that app only, and one day he called me and told me that I was scammed by some scammer.

I asked him what exactly had happened, and he told me someone had created a WhatsApp group from his one contact list, which he did not provide to the app and that person was asking him for money and in fear, he gave him the money that was asked for.

The created WhatsApp group has some banners and news articles that were supposed to defame him or make him a criminal in other people’s eyes.

As I am a lawyer, I just told him not to worry and filed a complaint with the cyber cell of a nearby district, and he did the same, and it was almost sorted out after filing the complaint.

The point to be noted here is how those people came to know his contact list.

How did those people find the people who were added to that WhatsApp group to be his near relatives?

And here is one more point to be noted, he did not even explain or tell about this loan that he took from that app. Based on this real-life experience, I can say our privacy is being compromised and our data is being used for some illegal purpose, which can be very harmful to us.

This is above, and there are many other examples that we have seen, read, or heard. The important thing is to remember that in any way, our privacy is being affected, and it will have some serious effect on our human rights, which are given to us by the constitution of that particular country. These effects of the so-called internet, which make the world closer and are rapidly growing, affect the privacy of individuals.

Laws governing internet privacy in India

The legal framework governing internet privacy in India is complex and evolving. Several laws and regulations address different aspects of internet privacy, including the collection, use, and disclosure of personal data.

The Information Technology Act of 2000 (IT Act)

The IT Act is the primary law governing internet privacy in India. It includes several provisions that protect the privacy of individuals in the digital age, including:

  • The right to informed consent: Individuals must be informed about the collection, use, and disclosure of their personal data before it is collected.
  • The right to access and correct personal data: Individuals have the right to access their personal data held by organisations. They can also correct any inaccurate or incomplete data.
  • The right to be forgotten: Individuals can request organisations to delete their personal data if it is no longer necessary for the purpose for which it was collected.

The Right to Information Act of 2005 (RTI Act)

The RTI Act gives individuals the right to access information held by public bodies. This law can be used to obtain information about how government agencies are using personal data.

The Indian Telegraph Act of 1885

This Act governs the interception of communications. It requires government agencies to obtain a warrant before they can intercept communications and prohibits the interception of communications for commercial purposes.

The Personal Data Protection Bill of 2019

The Personal Data Protection Bill is a proposed law that would comprehensively regulate the processing of personal data in India. The bill includes several provisions that would strengthen the protection of individual privacy, such as:

  • The requirement for organisations to obtain consent before collecting, using, or disclosing personal data.
  • The right of individuals to access, correct, and delete their personal data.
  • The creation of a Data Protection Authority to enforce the law.

The Personal Data Protection Bill is still under consideration by the Indian Parliament, but it is expected to be passed in the near future.

Conclusion

There are various studies that have shown that the internet is causing data breaches and some serious concerns are arising from these mediums, which we are using for entertainment and to save our time, but things should be done in the right manner so that it won’t cause any difficulty to any individuals.

Many countries in the world have started working on it and finding the solution to these digital problems so that people can smoothly enjoy their fundamental rights without any hesitation. It is also the responsibility of individuals to protect their data and use these mediums with proper care and due diligence so that we can minimise this threat. People should use authentic sources of information and certified and secure websites for their own use, with the utmost priority given to our privacy.

References

Download Now

BALCO Employees Union (Regd..) v. Union of India & Ors. AIR 2002 SC 350

By
Vanshika Kapoor
-
0

This article is written by Tisha Agrawal. The article deals with the case of BALCO employees Union vs. Union of India, with reference to its facts, issues raised, arguments made, judgement, precedents referred, and the judgements which relied on this case as well as the concerned Articles of the Constitution of India. 

Introduction

The case of BALCO Employees Union v. Union of India (2002) is a landmark judgement in the realm of Constitutional Law and Labour Rights. The case revolves around the decision of the Government of India to disinvest in M/S Bharat Aluminium Company Limited. This disinvestment led to an unrest amongst the workers of the company, following which they challenged this decision in the following case. It was the issue of the case that the decision of the Government of India will cause harm and hamper the legal and social interests of the employees of the company. 

The judgement focused on the implementation of administrative policies and the intervention of courts in such decisions. The decision of the Supreme Court throws light upon the discretion and power of the Government, along with the broader perspective of natural rights and their applicability. The need to discourage frivolous Public Interest Litigation (PIL) was also emphasised. The decision was delivered in favour of the Government, but it paved a way for many litigious issues which arose ahead on similar factual lines. 

Details of the case

  • Case name: BALCO employees Union v. Union of India
  • Equivalent Citation: AIR 2002 SC 350 
  • Important provisions: Articles 14 and 15 of the Constitution of India
  • Bench: B.N. Kirpal, Shivaraj V. Patil, P. Venkatrama Reddi, JJ. 
  • Petitioner/Appellant: BALCO Employees Union
  • Respondents: Union of India
  • Judgement date: 10th December, 2001

Facts of the case 

The Company in question, M/S Bharat Aluminium Company Ltd. (BALCO) was incorporated in 1965 under the Companies Act, 1956, as a Government of India undertaking. The company was engaged in manufacturing aluminium and had plants at Korba (Chattisgarh) and Bidhanbag (West Bengal). During the 1990s, Central Government had planned to disinvest in some of the Public Sector Undertakings. Subsequently, in 1996, the Ministry of Industry (Department of Public Enterprises) Government of India constituted a commission to look after the disinvestments in Public Sector. This commission was formed for three years. The commission was an independent, non-statutory advisory body. 

The commission was constituted with an objective of reviewing Government’s investments and plan the future initiatives, which is viable for the economy. It was established with the view that the commission will also consider the interests of the stakeholders, workers, and consumers while advising any disinvestment. The commission was merely an advisory body, and the final decision-making power was still vested with the Government of India. 

In 1997, the commission advised that BALCO needed to be privatised and categorised as non-core group industry. The commission recommended that the Government shall immediately disinvest its holding in the company by offering a significant share of 40% of the equity to a strategic partner. It was further recommended by the chairman of the commission that offer 51% or more to the strategic partner along with the transfer of management. Consequently, the whole strategic sale was arranged, and the highest bidder was approved. 

The decision of the Government of India for the strategic sale was challenged by the employees Union of BALCO by a writ petition in the High Court of Delhi which was disposed off. Consequently, when the process of transferring of shares was initiated, a number of other writ petitions were filed in the Chhattisgarh and Delhi high Courts. All these petitions were then transferred to the Hon’ble Apex Court upon an application made by the Union of India. Hence, the present case was decided by the Supreme Court. 

Issues raised 

The following were the core issues in the present case before the Court : – 

  1. Whether the decision of the Government of India to disinvest in BALCO was valid?
  2. Whether such a decision is amenable to judicial review, and if so, then to what extent? 

Arguments of the parties

Arguments on behalf of the petitioners

It was argued by the petitioners that the workmen are seriously affected by the decision of the Government of India to disinvest 51% of the shares in BALCO and turn it into a private corporation. Before the disinvestment, BALCO was a state within the meaning of Article 12 of the Constitution of India. The workmen have lost their rights and protection as guaranteed by Article 14 and 16 of the Constitution of India. Before making such decision, the workers ought have been heard. A consultation with the workers was necessary. The Petitioners placed reliance on Ajay Hasia v. Khalid Mujin Sehravardi (1980) and Central Inland Water Transportation Ltd v. Brojo Ganguly (1986). In these cases, rights of the workers were emphasised and discussed by the Court. It was observed that the corporation has to necessarily consult with the workers if any is action is against their interests and social justice. 

It was further contended that taking away the protection under Article 14 and 16 has civil consequence, therefore the workmen had a right to be heard. The rights and benefits were both procedural and substantive. It would also take away the right to pension of the workers, including the principle that there can be no discrimination in granting or withholding pension. Reliance was placed on Bharat Petroleum Management Staff Pensioners v. Bharat Petroleum Corp. Ltd. (1988). 

It was also submitted before the court that the implementation of the disinvestments has failed to achieve a comprehensive package of socio-political reforms. The decision making process has not been fair, just, and reasonable.  The Government shall not have taken such a crucial decision without consulting with the workers and giving them a fair opportunity to put forth their contentions. The Government of India has not considered the repercussions of its decision accurately. 

Arguments on behalf of the respondents

It was submitted by the respondents that, since 1990s, Government has done disinvestments in various companies. There are majorly three reasons behind the disinvestment decisions and these are: – 

  • The rate of returns of government enterprises have been low despite multiple efforts.
  • The centre, or the states, has no resources to sustain enterprises that are not capable of standing on their own. There is an environment of intense competition.
  • Despite efforts, the government has not been able to change the working culture of government enterprises. 

Because of the above-mentioned reasons, the strongest of the enterprises are sinking, and it has become more difficult for the government to retain them. The technological change has also become faster and the government cannot keep up with it anymore. The challenge for the petitioners is untenable. 

It was further submitted that the advisability of the economic policies of the government are not subject to judicial review. The courts cannot consider the relative merits of the various economic policies. Reliance was placed on Rustom Cavasjee Cooper v. Union of India (1970) wherein the court said that it is not for the courts to consider the relative merits of the different political theories or economic policies. The court cannot take action on an appeal over the policy of the parliament in enacting a law. Similarly, it was argued that the courts cannot examine the policy of disinvestment and its desirability. Judicial interference with the administrative authority is not meticulous. The process of disinvestment is a policy decision and complex economic factors are at stake. The courts have consistently refrained from interfering with such economic decisions. The same shall be followed in the present case. 

There is no principle of Natural Justice that requires prior notice to be given to the workers who are affected by an economic policy. The government has a right to transfer its shares as a shareholder when an industry is registered under the Companies Act, 1956. The persons joining any such company also accept the right of the directors and the shareholders to conduct the affairs of the company as per law. 

Judgement of the case

The Hon’ble Apex Court held that the disinvestments by the Government were not invalid. In a democratic setup, it is the discretion of each government to follow its own policies. Such policies might affect and cause some adverse changes in the system, but until and unless any illegality is being committed or if it is contrary to law or mala fide in nature, a decision per se cannot be interfered with the court. It does not fall within the ambit of judicial review. 

It can only be reviewed if it is demonstrated that the policy is contrary to any statutory provisions or the Constitution of India. It is not up to the courts to consider the relative merits of the policies. For analysing the correctness of any policy, there is the Parliament. There is no substance in the arguments of the petitioner that the decision to disinvest was arbitrary or capricious. It is a part of the service of an employee to accept the decisions of the employer. The principles of Natural Justice have no role to play here. However, while taking such decisions, an employer is expected to keep in mind the interests of the employees of the company. But this does not entitle the employees to demand a right of hearing or consultation prior to any such decision. The policies cannot remain static; they ought to change with changing times. 

The Court also rejected the contentions about the lack of transparency by the Government. It was stated that transparency does not mean conducting government business while sitting on the crossroads in public. It simply means that the manner in which a decision is being taken shall be made known, and the persons who decide are not arbitrary. In the present case, it is evident that the decision has been taken in a fair and just manner. The offer of the highest bidder was accepted. All the allegations made by the petitioners lack any kind of foundation or reasoning. 

Another contention before the court was whether the financial or economic decisions taken by the Government could be challenged through a Public Interest Litigation. The Hon’ble Court, while rejecting this claim observed that PIL was brought into the judicial process for litigation in the interest of the public and nothing more than that. Whenever the courts have interfered while entertaining PIL, the reason has mainly been the violation of Article 21 or of human rights. A PIL is entertained only when the litigation is initiated for the benefit of the poor and in societal interests. It is not a weapon to challenge the financial or economic decisions that are taken by the Government. The decision of the government to disinvest is purely an administrative decision that relates to the economic policy of the State. Any challenge to such action cannot fall within the parameters of Public Interest Litigation. 

Judicial interference is available when there is an injury to the public because of the actions of the Government. In the present case, it is not applicable. Court will interfere only when there is a clear violation of constitutional or statutory provisions. 

State Government had also claimed that they were not consulted in the entire process of disinvestment. The court observed that it is not possible that the State Government was oblivious to this fact during the entire proceedings. The facts of the case clearly show that wide publicity was given at various stages of this disinvestment. It was after wide publicity that the Global Advisor was appointed. Therefore, all the contentions of the Workers Union and the State Government are rejected, and the disinvestment is held valid. 

Precedents referred

While analysing the arguments put forth by the Union and the State Government, the Hon’ble Supreme Court referred to many significant judgements.  

The Hon’ble Court was reluctant to decide the matter of economic policy. In the case of Bhavesh Parish and Ors. v. Union of India and Ors. (2000), it was stated that the services rendered by certain sectors of the Indian economy could not be belittled by the courts. It is an accepted principle that the courts shall not interfere in matters of the legislature. It shall be best left to the expertise and wisdom of the people dealing with the subject. 

In Narmada Bachao Andolan v. Union of India and Ors. (2000), it was held that the courts, in exercise of their jurisdiction, will not transgress into the field of policy decisions. The court has the duty to see that, in the making of such decision, no law is violated but only to the extent permissible under the Constitution.

In M.P. Oil extraction v. State of M.P. and ors. (1997), it was stated that unless the policy in question is absolutely capricious, is not supported by any reason and is arbitrary in nature, then only courts can intervene. Otherwise, the courts cannot step in or come into conflict with the statutory provisions. 

In R.K. Garg v. Union of India (1981), it was held that courts cannot express their opinion as to whether, at a certain juncture, a national policy should have been adopted or not. There may be views and opinions shared by the citizens of the country, but that has to be sorted out in Parliament only. The courts cannot review and examine whether the said policy should have been adopted. When there is a prima facie constitutional bar on such a policy, then courts can, of course, decide. 

In Premium Granites and Anr. v. State of Tamil Nadu (1994), it was observed that it is not the domain of the court to embark upon an unchartered ocean of public policy. Such power is with the executive and legislative authorities, as the case may be. The only function of the court is to see that any lawful authority is not being abused. A public body must not exceed or abuse its powers and shall remain within the limits of the authority committed to it, as held in Peerless General Finance and Investment and Co. v. Reserve Bank of India (1992). 

Further, in the case of State of Haryana v. Shri Des Raj Sanagar and Anr. (1975), it was held that there is no principle of natural justice that grants the workers a right to prior notice. The existence of rights under Articles 14 and 16 does not have the effect of vetoing the Government’s right to disinvest. Employees cannot claim any right to continuous consultation at each stage of disinvestment. 

In the case of National Textile Workers Union v. P.R. Ramakrishnan (1983), it was held by Justice Bhagwati that it is fair and sensible to consult the labours when the change of management is happening; however, in law there is no such obligation. As a result, the employees continue to be under the employment of the company; only the management has changed, but it does not amount to a change in employment. 

Analysis of the judgement in BALCO case

After two decades of judgement, the case still stands as a significant milestone in the judicial process. Besides the issue that arose between the Employees Union and the Government of India, the major controversy revolved around the Union’s decision to disinvest in the company, BALCO. The decision was also challenged by the state government on the grounds of a lack of transparency. Therefore, the case had both political and legal challenges. The case primarily revolved around the rights of the employees and their protection under Articles 14 and 16 of the Constitution of India. 

The Court declined all the contentions and very categorically clarified that policy decisions are purely administrative actions and courts cannot interfere in such decisions. If the court started interfering in every matter of the Government, then it would hinder the smooth functioning of the different institutions in a democracy. Therefore, the court actually did not indulge into deciding the merits of the disinvestment policy. The court evaded deciding the correctness of the policy by addressing it as an administrative policy. 

After the judgement of BALCO, disinvestments of HPCL and BPCL were also approved based on BALCO, whereas the merits of disinvestments were never assessed in the BALCO case. We can say that it set up the wrong precedent for the following cases. The Court also narrowed down the extent and ambit of courts while assessing matters of economic or financial policy. The Court stated that it is not within the domain of the courts or the scope of judicial review. The courts are not inclined to strike down a particular policy at the behest of the petitioners. It was also held that courts cannot grant relief by way of injunction or stay with respect to public projects and schemes. It can only happen when the Court is fully satisfied without any reasonable doubt that such a policy might hamper public interests. The court seems to have followed the case of Narmada Bachao Andolan, wherein interim reliefs caused great hindrances in the completion of the project and thus millions of rupees were lost. The court also directed that PILs should not be used for frivolous petitions. It is important that PILs are kept sacrosanct by not abusing them. 

It is important that the workers and the union understand the contours of labour rights when a policy decision is made. A labourer cannot claim a right on the basis of natural rights or justice. Even a government servant having protection under Articles 14 and 16 of the Constitution does not entitle him to an absolute right to remain in service. Therefore, the decision to change the control and management of the company from Government to a private entity is the sole prerogative of the Government. It might come as a strong judgement by the Court, but it was a remarkable step towards reducing PILs in the Court on every dispute. 

Judgements for which this case was relied on

There are a catena of judicial pronouncements that have relied upon the BALCO decision for its tremendous views. Some of them are as follows: – 

In 2005, Hon’ble Supreme Court, while deciding the case of R and M Trust v. Koramangala Residents Vigilance Group and Ors. (2005), relied upon the BALCO judgement and held that Public Interest Litigation is no doubt a very useful handle for redressing the grievances of the people, but it has also been abused by some interested persons and has brought a bad name. The courts should not exercise their jurisdiction lightly but should exercise it in very light and rare cases. PIL is not a pill or a panacea for all wrongs. 

In 2006, in the case of All India ITDC Workers Union and Ors. v. ITDC and Ors. (2006), regarding disinvestment, the Court referred to the case of BALCO and held that the apprehension of the employees of IDTC is baseless and is liable to be rejected as the safeguards regarding the service conditions of the employees have been duly provided in the transfer document. It was the contention of the workers that the decision of disinvestment hampered their interests and rights. The employees of the company registered under the Companies Act do not have any right to continue to enjoy the status of an employee of an instrumentality of the state. 

In National South Indian River Interlinking Agriculturist Association v. The Government of Tamil Nadu and Ors. (2017), Madras High Court relied on BALCO case and held that the fact that fair, just and equitable procedure has not been followed in formulating the policy is a matter falling within the purview of judicial review under the writ jurisdiction. Wisdom and advisability of economic policies are ordinarily not amenable to judicial review. 

In the case of the Kerala Bar Hotels Association and Ors. v. State of Kerala and Ors. (2015), the Hon’ble Supreme Court held that the policy in question does not suffer from any arbitrariness. In a democracy, it is the prerogative of the elected government to implement and follow its own policy, even if it somehow affects the vested interests of the people. Reliance was placed on the BALCO case. 

In the case of Parisons Agrotech Ltd. and Ors. v. Union of India (2015),  it was observed that unless any illegality is committed in the execution of a certain policy or if the same is contrary to law or mala fide, then such a decision cannot be inferred as violation of Articles 12, 14 and 18 of the Indian Constitution. 

In Shivam v. State of U.P. (2021), the Hon’ble Allahabad High Court observed that whenever the courts have interfered or given directions while entertaining a PIL, it has only been when there were violations of Article 21, or when the case is filed for the benefit of the poor sections of society. Public Interest Litigation is not meant to be used as a weapon. 

Conclusion

The case of BALCO Employees Union v. Union of India remains a pivotal juncture in Indian jurisprudence. It particularly concerns managing the delicate balance between administrative decisions, labour rights and judicial review. The judgement significantly sheds light upon the nature of judicial review and Public Interest Litigations. The case underscores the judiciary’s reluctance to intervene in matters of policy, which shall be taken by experts. The principle is yet again affirmed that the policy decisions shall primarily fall within the purview of the executive and legislative branches rather than the courts. The decision upholds the discretion of the Government in taking policy decisions and deciding what is right and what is wrong for the economic growth of the nation. Such actions would not be under the purview of the judiciary until and unless they were completely arbitrary or mala fide

Along with this, the judgement also elucidates the importance of the principles of natural justice but clarifies that they do not apply to a case like this. Prior consultation with the workers is not a mandate created by law; therefore, the workers cannot claim the right to be heard or consulted. The government has the prerogative to transfer its shares in public sector undertakings. The judgement might be criticised for the limiting nature of the judicial scope, but it has streamlined the legal process by discouraging such frivolous petitions. 

Ultimately, the case highlights the intricacies between law and policy making decisions. In a democratic set-up it is necessary that each institution be allowed to function independently without any intervention from other institutions.

Frequently Asked Questions (FAQs)

What are Public Sector Undertakings? 

Public Sector undertakings are government owned companies in India. At least 51% of the share capital is owned by the Government. There are many public sector undertakings even today after the government undertook many disinvestments. 

What are disinvestments? 

Disinvestment is the process by which the government sells or liquidates any assets or subsidiaries. It also means reducing capital expenditures. Disinvestment is carried out for a number of reasons, either political, economical or social. 

What are the principles of natural Justice? 

The two principles of natural justice are the right to be heard and the right to a fair trial. These principles aim to provide a fair, just and reasonable verdict to all. 

What is judicial review? 

Judicial review in India is a process by which the Supreme Court and the High Courts can examine executive or legislative actions that are inconsistent with the Indian Constitution. 

References

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/lawyerscommunity

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

Download Now

Vodafone Idea arbitration case

By
Sneha Mahawar
-
0
Image source: https://blog.ipleaders.in/india-challenges-vodafone-arbitration-award-singapore-everything-need-know/

This article is written by S A Rishikesh and further updated by Gargi Lad. This article provides an insight into the infamous case of  Vodafone International BV v. Govt. of India also known as ‘ the retrospective taxation case.’ It presents an overview of the background of the case with rulings of the High Court up till the Permanent Court of Arbitration. The article emphasises on the analysis of the idea of retrospective taxation and sheds light on how the case affected the development of taxation laws in India with respect to the indirect transfer of shares.

Table of Contents

Introduction 

The issue paved its way back into 2007, when the deal between Vodafone and Hutchison Telecommunications International Limited (HTIL) raised questions in India, based on the notion that Hutchison Essar’s non resident parent company was liable for capital gains tax due to a “transfer” of capital assets of telecommunication businesses located in India. This interpretation of the income tax law and levy of capital gains tax was unusual for any company.

The entire issue revolves around the decision of the Ministry of Finance of India, applying a tax law retrospectively to circumvent the decision of the Supreme Court demanding INR 22,500 crores from Vodafone as capital gains and withholding tax. Immediately after this, Vodafone took this case to the Permanent Court of Arbitration in the Hague. The Court unanimously ruled in  the favour of Vodafone holding the tax demand of the Indian government unfair and ‘in breach of the guarantee of fair and equitable treatment.’ The Court even asked the government to pay compensation to Vodafone.

Background of Vodafone Idea arbitration case

The facts of the case of Vodafone International Holdings B.V vs Union Of India & Anr(2012) are as follows:

Vodafone Group Plc is a company based in the United Kingdom, the business that Vodafone does in India is taken care of by its subsidiary Vodafone International Holding BV. The subsidiary is based in the Netherlands. Similarly, Hutchison Telecommunications International Limited (HTIL) company is based in Hong Kong. It provides telecommunication services to countries like Indonesia, Sri Lanka and India but does not operate directly. It also operates through its subsidiaries like CGP Investments Holdings Ltd. based in Cayman Island. CGP investment is fully owned by HTIL. 

The dispute began when Hutchison Telecommunication International Limited (HTIL) decided to exit the Indian markets. They owned 67% stakes in the Hutchison Essar Limited based in India. Vodafone offered to buy a 67% stake in HTIL for US dollars 11.1 billion. Just to sum up, the deal took place between the companies based in the Netherlands and the Cayman Islands. The deal took place on Cayman Island and the assets that were transferred were of an Indian company. Hutchison Essar Limited (an Indian Company) became Vodafone Essar Limited.

The deal was completed in May 2007, the Income Tax Department of India was not very happy with the deal and initiated an investigation against Vodafone in September 2007. On October 30, 2009, the Income Tax Department served notice to Vodafone International Holdings BV asking for INR 7,900 crores as capital gains and withholding tax under Sections 201 and 201(1A) of the Income Tax Act,1961.  

Laws involved in Vodafone Idea arbitration case

Income Tax Act, 1961

Section 9

The Income Tax Act governs and collects capital gains tax on any transaction that takes place or accrues from an Indian asset. Any income that accrues out of such a transfer of shares can be taxed under the Income Tax Act calling it the capital gains tax. Section 9 of the IT Act talks about any such income that is a gain under Indian jurisdiction should be charged as per the Act as it is chargeable income for tax purposes in the country. Section 9 of the Income Tax Act, 1961 majorly deals with the implications of tax in case of any income that has been earned by a foreign entity or a non-resident in India.

Section 9(1)(i) also states that in case the operations of a business are not present in India or only a part of their business is being done in India then only a small part of the income earned will be taxed under the Income Tax Act. Section 9 also talks about the “permanent establishment rule” wherein if a foreign entity or resident has a fixed establishment like an office or factory that is used to carry out business in India, any income that may accrue or arise out of such business transactions will be taxable in Indian jurisdiction.

However, following the verdict passed by the Supreme Court the government amended Section 9 of the IT Act to apply it retrospectively to all such taxations.

The scope of Section 9 is wide and covers all kinds of incomes, like, an income from a business or property or asset that is situated in India, income from dividends paid by Indian companies or capital gains arising from the transfer of an asset situated in India.

Three major rules make Section 9 a crucial provision for non resident Indians or foreign entities.

The territorial nexus or The formal source rule

The rule is clear and simple that any income that arises in India is taxable in India, the definition for such an income includes income from business, any accrued interest or capital gains that are gained over the transfer of an asset situated in India.

The residence rule

Any income that is deemed to accrue outside of India will not be taxable in India if the recipient of that deemed income is a non-resident of India. The rule is based on the residence of the individual and taxation laws and rules will apply on the basis of his or her residency.

The inclusions rule

There are certain types of income that do not fall into the above categories and hence a special inclusion has been made for those kinds. Royalties are one of those, if an individual receives royalties from an asset or business situated in India, he is liable to pay tax on those royalties under Section 9 of the IT Act.

Section 201 

Section 201 of the Income Tax Act talks about failure to pay TDS (Tax Deducted at Source). TDS is a deduction made to any income which goes to the government as the tax on that accrued income. TDS is cut from salaries by the employer himself and handed over to the government on your behalf, when the employer fails to do so he is deemed as an assessee in default. A specific time frame is provided by the government to pay TDS, after which if the payer defaults he will be liable to penalties. The assessee in default is now liable to pay the TDS as charged along with a penalty. 

Section 201 (1A)

When the principal officer of the company defaults in payment of TDS he shall be liable to pay simple interest at the rate of 1% every month on such tax from the date the tax was deductible to the date on which such tax is deducted. And, 1.5% every month from the date that the tax is pending to be paid off until the entire tax amount is paid off. 

The interest here is on the remaining TDS that is charged as a penalty for default. In the Vodafone case, the company was served with a notice to pay a hefty sum of INR 7900 crores as capital gains tax and withholding tax, which was the accruing interest due to default in payment of the capital gains tax.

Bilateral Investment Treaty

Article 4(1)

This article provides for fair and equitable treatment to all foreign investors who are investing in companies in the country. As per the provision, any unfair rules made by the country are violative of their rights and this provision is a protection to their rights as investors. In this case, the act by the government to apply the provision of taxation retrospectively turned out to be a violation of their rights as investors and hence Vodafone approached for arbitration in The Permanent Court of Arbitration in the Hague.

Issues raised in Vodafone Idea arbitration case 

  • Does the transfer of shares between two foreign companies result in the extinguishment of the majority stake in the Indian company held by a foreign company?
  • Can the transfer of shares between two foreign companies be considered as a transfer of capital assets?
  • Is such a transaction taxable under Indian jurisdiction?

Arguments of the parties 

Petitioners 

The petitioner was firm and contended that Hutchinson gain was not chargeable on tax at all under Indian jurisdiction, and hence Vodafone BV is not liable for deductions under the Act. The company was situated in the Cayman Islands and not in India. The petitioners relied on the formal source rule and contended that it was incorrect for the Hutchinson gain to be counted as a valid gain under Indian jurisdiction and to be taxed upon.

Section 9 of the Income Tax Act sets a formal source rule or the rule that means that income received from any source in India is taxable under the Indian jurisdiction, it also includes any income that is accruing or arising out of Indian assets. Here the petitioners were clearly pointing towards the company being situated in the Cayman Islands and not India and so the gains were accruing or the income that they received was not under Indian Jurisdiction. They used this rule to avoid the tax deduction or the tax liability that was arising.

Respondent 

The government of India was determined on the stance that the asset was Indian, hence the gain is taxable in India and there is no question regarding the jurisdiction or applicability of the Income Tax Act. 

Ruling of the Indian Courts in Vodafone Idea arbitration case

arbitration

The Bombay High Court

The Income Tax Department continuously sent recovery notices to the Vodafone group and then the Vodafone group decided to seek refuge in the Bombay High Court. Vodafone approached the Bombay High Court with a writ questioning the validity of all prior notices that were being sent to Vodafone along with questioning the jurisdiction of the Income Tax Department.

The Bombay High Court on September 8, 2010, ruled in favour of the Income Tax Department of India and held, “the very purpose of entering into agreements between the two foreigners is to acquire the controlling interest which one foreign company held in the Indian Company, by another foreign company. This being the dominant purpose of the transaction, the transaction would certainly be subject to the municipal law of India, including the Indian Income-tax Act.” Bombay High Court even went further to term this case as a case of tax evasion and not a case of tax avoidance. 

The Supreme Court of India

Vodafone, not happy with the view taken by the High Court, knocked on the doors of the Supreme Court of India. The company moved to the Supreme Court via the relief of a Special Leave Petition. The issue in front was- whether the Indian Revenue Authority could levy tax on a sale of shares between two foreign companies, where a controlling or majority stake of the Indian company is purchased in that transaction.

The Supreme Court, on the other hand, took a totally different view from the Bombay High Court and ruled in the favour of Vodafone. The Supreme Court in its January 20, 2012, ruling held that the transaction took place between the two non-resident entities and the contract was executed outside India. It was taken into account that the consideration was also passed outside India. This transaction was in no way under the jurisdiction of the Indian tax authorities and therefore the order of asking tax was quashed. 

The court did look into the principle of the “corporate veil” and the idea of piercing or lifting the corporate veil. It was held that the company is independent of its shareholders and the management, and the holding company is not held liable for the acts of the subsidiary. It looked into the idea of whether the transaction was done merely to avoid taxation by piercing the corporate veil. The court also dwelled into the nature of the entire transaction and not bits and pieces of it, they further were aware of how various companies would avoid registration fees and charges levied upon them via companies situated in Mauritius or the Caymans Islands. This case was then classified under strategic tax planning and not tax evasion.  

The court opined that this was a “share sale” and not an “asset sale” and there might be some variation in the taxation principles for a “share sale” and for an “asset sale”. The court also mentioned that the word “control” of the company was a question of fact and of law altogether. Further, the court was quick in interpreting that a control is not always necessarily deemed by the number of shares one holds but also by the voting rights or the voting power of the shareholders. Hence, control of power and control of the management is one of the many aspects or benefits of holding the shares of a particular quantity. The court concluded that this was a “share sale” and should be interpreted in this manner for any tax liabilities that are to be imposed.

Review Petition

The Government of India filed a review petition against the judgement on February 17, 2012, but on March 20, 2012, the Supreme Court dismissed the review petition. This was a big setback for the Indian government and many believed that things would end there.

However, there was more to come to this up and coming dispute. The dispute did not contain itself to the limits of the Indian courts and authorities but sought justice through the path of a case in the Permanent Court of Arbitration. 

An unprecedented move

The decision did not go well with the Indian government in the same year, the then Finance Minister Mr Pranab Mukherjee, the late ex-President of India did something quite unpredictable. To circumvent the judgement of the Supreme Court, he introduced a retrospective amendment in the Income Tax Act, 1961. This move was first announced in the budget speech of 2012-13. 

The retrospective change became effective from the year 1962 itself. This Finance Bill 2012 amended Section 9(1)(i) of the Income Tax Act,1961 and validated the tax that was imposed on Vodafone. The government said that the amendment was only a clarification to remove ambiguity that was already present and provide certainty on the other hand the move damaged the image of India as an investment destination.  

Section 9 (1)(i) of the IT Act which was amended, now had explanations 4 and 5 as new additions to the provision. Explanation 5 holds immense value and importance to the Vodafone case; it reads: “An asset or a capital asset being any share or interest in a company or entity registered or incorporated outside India shall be deemed to be and shall always be deemed to have been situated in India, if the share or interest derives, directly or indirectly, its value substantially from the assets located in India”. 

It cleared the air for any upcoming contentions that may arise after the Vodafone verdict, as Vodafone was adamant on the part wherein it contended that the company was not an Indian company and hence did not fall under the jurisdiction of Indian courts. Vodafone’s contentions were supported by the Supreme Court in their verdict wherein they asked the government to not demand any capital gains tax from Vodafone. The government knew this judgement would turn up against them as a precedent in various upcoming disputes and to avoid that, they came up with this amendment to Section 9.

The amendment was made to act retrospectively till the year 1961, by adding the phrase ”and shall always be deemed”. The legislative intent behind bringing in a law that acts retrospectively on taxation was to bring in clarity since the previous version of this provision led to ambiguity as to what fell under the category of capital asset taxable under the Indian jurisdiction.

What is retrospective taxation

As the name suggests, retrospective means dealing with past events. In simple words, a retrospective law can criminalise an action that was legal when committed.  No law is perfect in itself and it contains its own flaws, retrospective taxation is a method to correct the same. It allows countries to pass a law on taxation from a time behind the date on which the law was passed. It is mostly used to correct anomalies in the policies that have in the past allowed the companies to take advantage of the loopholes present in that law.

India was not the first country to do something like this; the US, the UK, the Netherlands, Canada, Belgium, Australia, and Italy have also retrospectively taxed the companies that took advantage of the loopholes present in their previous law. 

Reasons for passing the retrospective taxation

Usually, the use of this power, to make amendments that act in a retrospective nature, is conferred upon the legislature. This power is put to use and in effect in two circumstances; either to undo or to nullify a judicial decision that wasn’t in their favour, or sometimes to avoid the citizens from taking advantage of this loophole. In this case, the Supreme Court had decided in the favour of the taxpayer and against the government of India. When the amendment was made to the Income Tax Act that was put into action in retrospective nature as well, it clearly meant that this was done to get Vodafone within the ambit of the provision and compel the company to pay tax. This move was one of the most unusual ones since this was of an overriding nature. This amendment was a disagreement between the legislature and the judiciary, and a soft power or supremacy act that was shown by the legislature over the independent judiciary.

After the passing of the retrospective taxation law

After the passing of the new Act, the onus to settle the taxes was again on Vodafone. India faced very heavy backlash from investors abroad and in India itself. “The retrospective amendment that overturned the decision of the highest court of the land was badly drafted in its wide generalities and carried a perverse sense of vindictiveness,” said Nigam Nuggehalli, Dean of the School of Law at BML Munjal University. 

In January 2013, the Income Tax Department issued a fresh demand to the Vodafone group for INR 11,280 in crores. Retrospective taxes are not favoured globally and the international pressure forced the Indian government to settle the matter with Vodafone. The Tax Administration Reforms Commission (TARC) headed by Dr. Parthasarathi Shome was formed to look into the matter afresh. The commission report also suggested retrospective legislation should be avoided. But by 2014, with the next general elections being announced, all the efforts between the telecommunication and the finance ministry failed. 

The dispute being unsettled Vodafone looked for other legal methods and in the same order, it reached the Permanent Court of Arbitration in Hague, where it invoked Article 9 of the Bilateral Investment Treaty (BIT) signed between India and the Netherlands in the year 1995. 

Article 9 talks about “Investment disputes” that may arise between the two investors. As per the article, they should first opt for negotiation amicably, then if, after a period of 3 months, the dispute cannot be settled by way of negotiations then they may undergo conciliation as per the United Nations Commission on International Trade Law Rules of Conciliation 1980. After conciliation proceedings are initiated and they fail, the parties may proceed with arbitration proceedings as per this article. The provision also mentions the appointment of the arbitrators and the cost of the proceedings.

Ruling of Permanent Court of Arbitration (PCA) in Vodafone Idea arbitration case

The Permanent Court of Arbitration is an intergovernmental organisation that was established in the year 1899 it is located in Hague, Netherlands. It is the oldest universal mechanism to settle inter-state disputes. It should not be misled by the name, it is not a Court at least not in the same sense as the International Court of Justice. It is a permanent and administrative framework. There are no permanent judges and ad hoc administrative tribunals are set up for each dispute that comes to the Permanent Court of Arbitration. 

Vodafone International Holdings BV (The Netherlands) v. Government of India, (2016)

It was an investor-state dispute where the Court ruled in favour of the investor. The arbitration panel consisted of three members one of which was neutral and one each nominated by the party to the case. The decision was unanimously against India which means all three members voted in favour of Vodafone. Even the panellist nominated by India Rodrigo Oreamuno voted against India and found no merit in India’s case.

Mr. Rodrigo, along with the other two arbitrators on the panel, found it to be a breach of the clause of fair and equitable treatment mentioned in the BIT. Since fair treatment was guaranteed under the BIT it was the duty of the respondent, in this case India to uphold that duty and to provide equitable treatment.

The reason why the decision went in the favour of Vodafone was the violation of the bilateral investment treaty and the United Nations Commission on International Trade Law (UNCITRAL). Article 9(1) of the BIT says that “any dispute between an investor of one contracting party and the other contracting party in connection with an investment in the territory of the other contracting party shall as far as possible be settled amicably through negotiations between the parties to the dispute”. Article 3(5) of the Arbitration Rules of UNCITRAL, says that the “constitution of the arbitral tribunal shall not be hindered by any controversy with respect to the sufficiency of the notice of arbitration, which shall be finally resolved by the arbitral tribunal.

The Award

The award was as follows:

  1. Claimant’s claim that the breach of a bilateral investment treaty between the Kingdom of the Netherlands and the Republic of India for promotion and protection of investments done at The Hague on November 6, 1995, is considered and the Tribunal has jurisdiction over it.
  2. There is a breach of Article 4(1) of the Bilateral Investment Treaty, by the Indian Government “the protection of the guarantee of fair and equitable treatment” is also violated.
  3. The Government of India is not entitled to claim any tax from Vodafone and should stop any effort to recover the same.
  4. The 60% cost of arbitration has to be paid by the government of India to the petitioners.

Reasoning for the award

The court relied upon Article 4(1) of the Treaty, which said “protection of the guarantee of fair and equitable treatment”. This meant that the court was of the belief that the treaty was a guarantee or an umbrella protection for the foreign investors that there would be a fair and equitable treatment, that included a proper reliable legal framework and no unnecessary disputes. It also guaranteed that the due process of law would be followed between both parties and there shall be no concealing or fraudulent activities between the two.

The court saw the intent of the Indian Govt. where there were amendments that were brought into to make Vodafone liable retrospectively. The decision of the Indian Govt to introduce such provisions in the Income Tax Act seemed to be made in haste and targeted towards Vodafone entirely. This was considered as unfair treatment towards Vodafone and was not considered to be of an equitable nature at all and hence the arbitral award that was passed was against the Indian Govt.

Impact of the award

The award reinforces the trust that investors may have lost due to a breach of fair and equitable treatment. Since retrospective taxation was applied, it created a stir among investors and there was quite a fair amount of withdrawals. This award was a landmark one in showing that there still is scope left for justice. The arbitrator appointed by India himself found no merit in this case as he also knew it was a breach of the clause and protection guaranteed under the BIT. 

Latest development

The Ministry of Finance on August 5, 2021, introduced the Taxation Laws Amendment Bill, 2021 in Lok Sabha. This bill removes the contentious retrospective tax demands. According to this new bill any tax demanded for the indirect transfer of Indian assets before May 2012, would be nullified on fulfilment of specific conditions. The conditions include withdrawal of pending litigation by such taxpayers and also a promise that no demand for damages will be made in future. The amendment also proposes to refund the taxes already paid by the concerned taxpayer but without any interest. This move of the central government will benefit both Vodafone and Cairn Energy who were having a legal battle with the Government of India. 

The Indian govt. has sought an appeal in Singapore and the case has been referred to a senior court in Singapore. The appeal was filed to set aside the award on the grounds of issue in jurisdiction. India believes that the right to levy tax is the predominant and ultimate right of the country, and hence cannot be challenged under any BIT. BITs are majorly brought in to protect the investors and are not in any way related to taxation. The tax being levied by the Indian government in these cases is on the returns that are gained by the companies based on these investments or transfers of shares. These transactions are protected under the Act but not the taxation that follows.

Cairn case

The Cairn case is very similar to the Vodafone case. Cairn India Holding company in India is an oil exploration company, they are the ones who found oil in Rajasthan, India’s biggest onshore find. It is a fully owned subsidiary of Cairn UK Holding which in turn is a subsidiary of Cairn Energy. 

In the Cairn case, Indian assets were transferred by Cairn Energy, the parent company to Cairn India Holding. In 2006, it acquired the entire share capital of Cairn India holding from Cairn UK Holdings. The UK Holdings held 69% of Cairn India Holding. All are part of the same group. This transfer took place because Cairn India Holdings had to go for IPO in India. 

In 2011 Cairn Energy sold its shares to Vedanta Group. Again the income tax department intervened and levied taxes upon Cairn Energy based on retrospective taxation.

Arguments by Cairn in the following case were based on the idea of negating retrospective taxation. They contended that prior to the retrospective application of this taxation provision, there was no tax imposed upon the incidental transfer of shares. This exceptional levy of taxes was said to breach the Bilateral Investment Treaty between the UK and India.

This case also went to the Permanent Court of Arbitration and the decision came against India. The court ruled that India had violated the UK- India Bilateral Investment Treaty and it also directed India to pay compensation with interest alongside the arbitration costs to Cairn. 

Conclusion

With the decision of two arbitration cases against India. The government needs to accept the truth and rectify its mistakes. When you are already in a pit there is no point in digging it further. The amendment of 2012, has seen three finance ministers from then but none of them tried to change it. 

A bad idea only gets worse with time. The amendment brought for Vodafone was used against Cairn. India lost both cases in the Permanent Court of Arbitration and faced embarrassment. The current government has made public statements that India will not use this retrospective law but as long as the law is there, there will be a temptation to use it. With Nirmala Sitaraman introducing the new amendment bill in the retrospective taxation law, there is a hope that the image of India will improve in the international business community.

Frequently Asked Questions (FAQs)

What is retrospective taxation?

This means a levy of tax on goods or services sold in the past. This can happen due to a new law that was imposed that was not in action when the goods were actually sold, however, it is now applicable and hence you are liable to pay for that tax. Retrospective taxation involves including or introducing a newer provision in an existing law or statute, this provision takes a retrospective effect and will apply to transactions that took place even before the introduction of this provision.  

Why is retrospective taxation needed?

To reduce any abnormality in the taxation laws or to prevent the taxpayers from taking advantage of the loopholes present in the taxation system. It is done to demote tax evasion and increase the government’s tax revenue.

What is the Bilateral Investment Treaty?

A bilateral investment treaty is an agreement between the governments of two or more states that contains terms and conditions for private investments by nationals and companies of one state into another state.

Usually, a BIT remains in force for approximately 10 to 15 years or as per the agreement between both countries. If any treaty is to be terminated prior to the expiry period, the terms and conditions for the same are provided in the treaty itself. 

What is the relation between BIT and Foreign Direct Investment?

Bilateral Investment Treaties act as a stimulating force for any foreign direct investment. They are the bible and safeguarding source for any foreign investors. Bilateral treaties signed between two countries safeguard their investors from any fraud or malicious activities keeping the investors secure, this encourages foreign direct investment and more investors to invest in businesses overseas. Once any investor feels that the transaction is secured he would likely be more involved in making more such transactions, directly increasing the number of foreign direct investments. 

Where were the arbitration proceedings held?

The proceedings took place at the Permanent Court of Arbitration in Hague.

Who was on the arbitration panel for the proceedings?

Canadian trial lawyer- Yves Fortier appointed by Vodafone. Costa Rican lawyer- Rodrigo Oreamuno appointed by India. Sir Franklin Berman as the presiding arbitrator amongst them.

What was the tax levied upon Vodafone?

The tax was called “the capital gains tax”. This is usually levied when there is a transfer of any asset and if there is a gain on that asset, then there is a tax levied upon that gain.

How is capital gains tax calculated? 

The calculation of the tax is on the basis of the capital asset and the gain. It also depends on whether the gain was short term in nature or long term.

What is the formal source rule?

The rule means that income received from any source in India is taxable under the Indian jurisdiction, it also includes any income that is accruing or arising out of Indian assets. In simpler terms, the source of the income shall be within the jurisdiction of Indian Courts.

What are Investor- State Dispute Settlements (ISDS)?

This acts like a public international law wherein a private individual (the foreign investor) gets to sue a state or a country for enforcing their rights. In most circumstances, investors who have foreign direct investments in the state have problems with current laws and might find them to be violative of their rights. The investor gains this right to sue the state by way of investment agreements usually known as Bilateral Investment Treaties, as they have clauses and provisions that protect the investor from any actions of the State. These disputes often are solved by way of arbitration under varied international authorities, amongst one is the Permanent Court of Arbitration.

References

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/lawyerscommunity

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

Download Now

Career opportunities in data protection and privacy laws

By
Vanshika Kapoor
-
0
data protection

This article is written by Advocate Navya Prathipati and edited by Vanshika Kapoor (Senior Managing Editor, Blog iPleaders). This article will cover all the details regarding data protection and privacy, career opportunities in the area, skills required, certification courses, and many FAQs that every law enthusiast must know about data protection and privacy.   

Table of Contents

Introduction

The importance of data protection cannot be emphasised enough in this era of digitisation. ‘Data’, ‘Privacy’, and ‘Security’ continue to be the buzzwords of today’s decade, and their significance continues to grow. As per the research report of the University of Maryland, the rate of computer hacks is once in every 39 seconds. Businesses that function without data are considered to be handicapped. Businesses that thrive on information seek ways to protect and secure the data as today’s customers are conscious of securing their personal and sensitive information during every transaction. According to the research data available, 63% of internet users believe that most companies are not transparent, and 48% stopped shopping due to privacy concerns. All these situations display the growing significance of data protection and privacy. The majority of businesses today make decisions and prepare business models that revolve around and are based on ‘data’. Similarly, almost every individual relies on electronic devices to complete their daily chores, from online yoga to online doctor appointments, grocery shopping, shopping, paying bills, etc. Everything is performed online. In the process, a huge amount of individuals’ personal and sensitive information is stored online. In this way, the increase of digital footprints in both personal and professional spheres demands the infrastructure to protect the data through cyber security and privacy measures. 

When it comes to the market, almost every industry is technologically driven, from shipping, retail and wholesale markets, health and pharmaceutical industries to government schemes and facilities. Everything is being digitised, and every transaction and activity that takes place physically is becoming online. All the data is recorded, stored and restored in artificial form. New forms of technological innovations are invented such as Artificial Intelligence (AI), blockchain technology and other amazing by-products which are fascinating and productive. However, there is an increasing suspicion and criticism towards technologies like AI due to the apprehension that it might replace human manpower in employment. While many argue that the latest technologies will replace humans by decreasing employment opportunities, others believe that the total replacement of humans is impossible. It is believed that human element and humans are required to regulate the technologies. Hence, there are career opportunities in the regulation of technologies which follow technological advancement. Continue reading to know what is in store for you on the topic of data protection and privacy. In this article, we will not only dwell on discussions or debates about AI or blockchain but also talk about one positive aspect,i.e., the career opportunities in law and other similar roles related to the technological side. Read the article completely to get the right understanding. 

About data protection and privacy – a brief overview 

‘Data Protection’ and ‘Data Privacy’ are two different terms often used interchangeably. It is important for readers to understand the difference between the terms and recognise the meaning and purposes of each term. 

What is data protection 

The term ‘Data protection’ can be defined as the process of safeguarding significant information against loss, corruption, and compromise. It refers to the legal control over access to data. The main purpose is to protect the data from any kind of security breach or unauthorised access to data to gain an undue advantage. It also includes protection against the loss of data. There is a growing importance of data protection as vast amounts of data has accumulated over the years. A data protection strategy must be formulated without compromising privacy rights for data protection purposes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          

What is data privacy 

The term ‘Data privacy’ can be defined as the ability of an individual to protect or control their own personal information. In addition to personal data, it also includes confidential data such as intellectual property data and financial data. Data privacy is also called information security. Data privacy relates to the access of information to personnel. Data privacy rights determine who has access to the data and how to regulate it. The protection of the privacy of individuals is the main task of the current technology industry. Both the personal and sensitive data of the users being stored online should also be protected. The personal identifiable data such as date of birth, passport number which identifies or traces back to an individual should be monitored and controlled carefully. 

Importance of data protection and privacy 

In the 21st century, some of the biggest reported data breaches occurred at some renowned companies such as Facebook, Yahoo, LinkedIn, My Fitness Pal and Marriott International. Due to the unfortunate incidents of cyberattacks, the reputation of all these companies was at stake. Today, notwithstanding the size and type of organisation, there is a rampant increase in cyber-attacks whose cost is expected to be $10 trillion by 2025. As a result, there is an increasing need for cyber security. 

Without data, the majority of businesses could not work appropriately. Only with the help of data can the business strategy be prepared for various aspects such as marketing strategies, productivity rate, revenue sources, and others. While the significance of data for businesses cannot be emphasised enough, the management of such data is equally important. Because the cost of misuse or breach of data is higher than its benefits. As per the research data, around 500,000 online platforms were hacked in the year 2020 alone, and 30,000 websites were breached across the globe. This way, the cost of breaches is ever-increasing. As a result, data privacy laws are being enacted by countries worldwide to promote cybersecurity and reduce data breaches and misuse of data. In addition to that, to protect the individual’s privacy, and the data of employees, customers, and all the stakeholders, certain frameworks are also being introduced. This way, data privacy and protection have become crucial aspects of discussion across the globe. It has been given priority by all companies, governments, markets and individuals. This also led to an increase in job opportunities in the areas of data protection and privacy law.  

In this way, data protection and privacy would help resolve the issues of cyber threats and crimes in both business, professional and personal spheres. 

Regulatory framework 

It is challenging to draft an accurate law for a dynamic discipline like data protection and privacy  which correlates to the digital sphere and technology and evolves or gets updated every year. The European Union (EU) is one of the first few countries to formulate a comprehensive law on data privacy and protection. GDPR (General Data Protection Regulation), 2016 is the European data protection law. It became effective from the year 2018. GDPR is known as the “toughest security and privacy law in the world” due to its strict provisions on data processing and privacy regulations. There are also strict penalties imposed for violations of the law. The Digital Personal Data Protection Act of 2023, passed in India, follows the model of GDPR. 

The United States follows a laissez-faire approach in which privacy by the intrusion of the state is emphasised. Initially, there were no strict regulations imposed on the private sector in the country to facilitate commercial and business transactions. Though there is no common federal law, each state has its own data privacy laws.  Incidents such as the Cambridge Analytica scandal and Equifax Data breach raised serious concerns about data privacy, which later led to imposition of strict laws to punish companies. Nonetheless, the state is still reluctant to adopt the GDPR and work on its framework. Recently, California came up with a Consumer Privacy Law which was based on the core principles of GDPR, and stringent punishments were imposed for non-compliance by companies. It is the first state in the US that follows EU law with stringent punishments. The European Union’s GDPR that came into effect in the year 2018 gives priority to the protection of individual rights against both the state and private sector, which is applicable to all states of the EU and followed by many countries, including India. China considers data protection for national security and has many stringent laws on cybersecurity. It tops the list of  surveillance by the states. In China, the state has control over the data of all agencies and companies. The recent ban on TikTok in India is a response to China’s stringent surveillance.

In Australia, data privacy and protection are regulated through the Federal Privacy Act, 1988, Australian Privacy Principles (APP) and state & federal laws. The provisions which can be highlighted are: The Act applies to all entities including the Commonwealth Government. For the collection & processing of data, there are clear criteria laid down to utilise the collected data for reasonable purposes. A provision for security measures which must be taken care of by the data fiduciaries is also included. The law covers all aspects, from online privacy , and electronic marketing to cybersecurity, in addition to the data protection measures as per data privacy principles formulated by the state. The act also defines terms such as ‘significant harm’ and ‘carry on trade or businesses on which DPB was ambiguous. Greece ranked first in the Privacy Index and gave an exemption to the government for purposes of criminal investigations.

In Iceland, the Privacy and Processing of Personal Data Act and GDPR are implemented for purposes of data protection and privacy. The DPA is responsible for creating awareness and knowledge about data protection, the risks associated with it, and their safeguards, which aid in the implementation of the Act. These kinds of steps must be taken in India. Similarly, countries across the globe are legislating data protection and privacy. 

Skills required for a career in data protection and privacy laws  

Skills are the backbone of any profession. To achieve success in a particular field, industry, or profession, it is crucial to identify and nurture the skills required for that particular profession. In this section of the article, an attempt is made to mention the skills required in the data privacy and protection field. They are as follows: 

Analytical skills 

This is the foremost and an essential skill. Analytical skills help to bifurcate a large amount of information into smaller groups to arrive at an informed conclusion. Similarly, a data privacy professional needs to observe the patterns and trends of data with the help of analytical skills. With the help of analytical skills, the necessary insights concerning data can be obtained. Analytical thinking in relation to decision-making skills, problem-solving or logical reasoning will result in drawing solutions for data security and protection. It also helps to understand the data lifecycle, storage, sources, risks, and measures. 

Communication skills 

This is a basic skill required for all professions. Communication skills help to convey things appropriately. A proper communication can prevent problems, whereas a gap in communication leads to critical problems. Data privacy and protection is a dynamic subject which contains a lot of technical stuff in addition to theoretical knowledge. Hence, data privacy or protection professionals should be able to absorb diverse information and communicate effectively. All the rules and regulations should be explained thoroughly to a diverse set of people( both stakeholders and non-stakeholders). 

Data governance 

Data governance means framing and implementing the standards, policies, and procedures for a company concerning data security and privacy. All the set standards should be in line with the prevalent legal rules and regulations and should be updated whenever there are amendments. Hence, data governance is another skill that one should be equipped with. It is an important skill to ensure data confidentiality. Through data governance, audits and compliance with the laws can be maintained. 

Data ethics

It is similar to that of professional ethics prevalent in all industries. Today, data has become more vulnerable and exploited. Any innovation or use of data should be made in compliance with the principles and standards. It is one of the critical skills. Data collection, processing and utilisation must comply with data ethics. Following ethics increases trust, responsibility and reputation. The privacy rights and consent provisions of the stakeholders involved should be taken into consideration. 

Legal and regulatory knowledge 

This is a necessity to excel in any particular field. Data privacy and protection is common for all industries and fields. Hence, a data privacy professional needs to deal with different categories of companies such as pharmaceuticals, IT companies, etc. Therefore, having sound knowledge of the privacy laws, such as GDPR, California Consumer Privacy Act (CCPA), etc. of different countries, their history and the future trajectory of the field is crucial. Knowledge of evolving privacy standards and compliance requirements is must. A good understanding of these laws promotes clarity of thought, which further leads to effective actions and decisions. In addition to the theoretical knowledge of principles, rules and regulations, basic skills in data security would benefit in numerous ways. For example: Data Anonymization – Anonymization is one of the techniques used to protect the identity of individuals for the protection of privacy. Other techniques, such as hashing and masking, can be used to reduce the sensitivity of data. The main aim is to protect the identity of individuals for data privacy, liability and appropriate usage of data with the help of legal and regulatory framework. 

Project management 

Project management is another important skill that should be possessed by data privacy professionals. Project management is a trait and a competency that a professional requires in order to effectively coordinate, start, and finish a project. Hence, project management skills are essential to initiate, plan, execute and finish a project. With the help of these skills, a project manager leads the team members in working towards a common objective.  Some of the project management skills include leadership,  time management, communication, risk management, problem solving and others. Prior experience in project management and working with cross-sectional teams improves management skills. The hidden talent of a good project manager lies in getting things done within the given time frame. Therefore, in addition to data governance skills, as explained above, management skills would be an added advantage. 

Cybersecurity awareness

Individuals who aspire to become data privacy professionals are expected to have knowledge on cybersecurity principles and best practices. Data privacy and protection is a technical subject as it is related to technology. Professionals from non-technical fields should take note of these skills of cyber awareness. Without the technical knowledge, the work becomes tough. Therefore,  understanding the system and process of encryption, firewalls, and other security measures is crucial.  

These are some of the skills that must be mastered by data privacy and protection professionals over time. In addition to the above, there are many other skills on the list; to read more, proceed to the FAQs attached at the end of the article. 

Data protection and privacy in India 

Data protection and privacy have been a cause of concern in India. Today’s businesses thrive on data to improve the customer experience and understand customers’ behaviour. It is also used to influence buyers’ thoughts and purchase experiences. In this ecosystem, the protection of data against corruption, breaches or loss has become a top priority and is a crucial task. After the launch of GDPR (General Data Protection Regulation) in 2018 and other data privacy laws, it became mandatory for companies across the globe to abide by the same. Companies must comply with privacy and data protection laws on a priority basis. All this led to the creation of job opportunities in the field of data privacy and protection. Today, it is a specialised field focusing on growth and development.  The roles in this area are equally challenging and rewarding. 

In India, the Digital Personal Data Protection (DPDP) Act, 2023, was passed recently after years of deliberation. The law’s main purpose is to entrust and implement privacy rights, along with the appropriate use of data. The enactment is a gateway to the fields of information technology and data privacy in India. Lawyers who have been hanging around the Information & Technology Act, 2000, its rules and circulars for the protection of privacy, and cybersecurity can tap into this field to encash the opportunities. Lawyers have an ample chance to get into this field and become advisors of the DPDP 2023 Act by guiding businesses and organisations on the compliance of the enactment. The DPDP 2023 will boost data protection and privacy in India. 

How to become a data privacy professional 

This is the first question that ponders the minds of the students and graduates after going through the article. In this section, the query will be answered briefly. Data privacy and profession is a niche field, and hence the path to becoming a data privacy professional requires a lot of effort. One can become a data privacy professional by following the steps as follows: 

  • A basic degree from a recognised college or university in the field of law, computer science or any information technology-related area is a must. Degree is essential because only through the degree can one gain a strong foundation on the legal and technical aspects of data privacy.
  • After completing the degree, one can apply for job opportunities in the fields related to data privacy and protection to gain hands-on- experience. As the field is evolving, one should try to gain experience through various means, like internships, volunteering or taking on projects concerning privacy. One can also try for entry-level jobs to gain experience. To learn more about entry-level jobs, refer to the FAQs. 
  • Doing certificate courses, diplomas or any courses on privacy and data protection will demonstrate the candidates’ interest in the field and would aid in the job market. It will also enhance the knowledge of the subject. We at Lawsikho have designed courses considering the demands of the specialisation. To learn more about the relevant courses, click here. 
  • One should stay updated on the recent developments and news on privacy-related aspects. One can attend conferences, seminars and workshops on privacy and data protection to improve the understanding of the subject’s concepts. Staying up-to-date on the issues and latest developments in the area would make one stand out in the job market. Hence, focusing on this aspect is equally crucial. 
  • Last but not least, is networking. Networking helps to learn, identify opportunities and build professional relationships. One should start networking by attending events or joining professional organisations to explore and learn. Networking opens doors for numerous opportunities. Hence, networking is the key. 

Certifications available on the subject of data privacy and protection 

Certification increases knowledge and adds an advantage in the job market. To build a career in data security and privacy, several internationally accredited certifications are available for both students and professionals. It helps to specialise in the field and to understand how businesses can ensure compliance with data privacy laws and solutions concerning data privacy. Both businesses and individual data privacy professionals can obtain the certifications. Some of the well-known certifications are given in this section for reference. 

Certified Information Privacy Technologist (CIPT) 

Certified Information Privacy Technologist (CIPT) is offered by the International Association of Privacy Professionals (AIPP). The certification is designed to focus on technologists, IT professionals,  information security professionals and profiles responsible for the implementation of privacy with the assistance of technology systems. This course is useful for IT professionals who want to specialise in privacy as well as privacy professionals with a technical background. CIPT covers all aspects related to data privacy and protection. A test will be conducted to test the knowledge and skills concerning privacy technology.  

Certified Information Privacy Professional (CIPP) 

CIPP certification is also offered by IAPP. The course is designed for data privacy professionals and those who work in the area of data protection. The course contains the privacy laws and practices adopted globally, which help individuals navigate through the bundle of privacy regulations. All the crucial aspects related to the subject are covered comprehensively. There are in total four versions of the CIPP course, i.e., CIPP for Asia, Europe, the United States, and Canada. The specific compliance requirements for each of these countries are included in the courses. 

Certified Information Privacy Management (CIPM) 

CIPM is also offered by IAPP. Professionals who are responsible for the management and implementation of data privacy policies can benefit from the CIPM Course. The course is designed to focus on the skills of effective privacy management, and privacy programme governance with the help of knowledge. The professionals or officers who are designated as privacy managers, privacy officers, legal experts and all others in charge of the management of data undertake the CIPM Course. Similar to other courses, one needs to pass the examination on privacy management principles to get the certificate. CIPM is one of the courses in other IAPP courses. 

PECB Certified Data Protection Officer (CDPO) 

As the name says, the PECB Certified Data Protection Officer course is specifically designed for data protection officers. All the necessary skills, knowledge, and competencies required for a data protection officer are included in the course. Individuals who are interested in becoming a data protection officer or are already working in the field are best suited for the course, as there is a mandatory five years of experience required to join the course. 

In order to get the certificate, candidates need to pass a test. The course also includes practical training. 

Certified in Data Protection (CDP) 

The CDP certification involves in-depth training on data protection. It includes all international standards and privacy laws concerning data protection measures. The entire data cycle is taught meticulously during the course. The CDP certification is provided by the Identity Management Institute, which focuses on international security standards and data protection laws. One can pursue the course by joining the Identity Management Institute (IMI). 

Similarly, there are and will be courses on data protection and security regimes. These courses offer in-depth knowledge on the subject, along with the added advantage in the job market.

Why should one choose a career in data protection and privacy laws 

The enactment of the data privacy laws and regulations makes it mandatory for companies and businesses to manage or regulate the information available (both personal and sensitive data) as per the rules and regulations. The growing trend of digitisation and the invention of new technologies have transformed a specialised career landscape. Today, data privacy and protection have emerged as a specialised field of study in all industries. Hence, it offers a promising career with stability, security and growth in the coming years. Some of the perks or benefits that the field offers are as follows: 

  • Career opportunity- It offers exciting career opportunities as there is constant growth with changing or evolving rules and regulations. Adding new elements to the field promises an exciting learning opportunity for professionals and growth. 
  • The job profile- The main task of the data professional is to secure and protect an organisation’s data. If done properly, the job makes a difference and leads to the welfare of the organisation and its beneficiaries, customers, etc. It will have a positive impact on society at large. 
  • Payscale– Today, data privacy and protection have emerged as a niche. Hence, in a specialised field, professionals are paid more in comparison to other fields. The earning potential is higher. 
  • Job security- After the advent of Artificial Intelligence (AI), many need to be more confident about their jobs, especially IT employees. However, data privacy is an emerging field that will flourish in the upcoming years. Currently, there is a demand for experts in the field. All these offer job security and stability. 

In addition to the above-mentioned benefits, it can be said that a career in this niche would provide a lot of job satisfaction. Imagine that today everyone is insecure about their personal information and sensitive information that has been stored online against cyber threats and breaches. Being a data privacy professional, the concerned officer assists the organisation in handling the data in a secure way against any breaches. It is quite a promising and satisfactory role, isn’t it? 

Challenges and opportunities 

As explained above, data privacy and protection are crucial. Some of the benefits of specialising in the field are also explained. Equally, there are certain challenges faced by professionals in this sector across the globe. Some of the challenges are as follows: 

  • Growth of data- There is an exponential increase in the growth of data due to the use of technology. The organisation or businesses collect both personal and sensitive information daily. As per the statistics, every second, 1.7 megabytes of data are being generated. Hence, it becomes difficult for organisations to manage such information. This is leading to the growth of data breaches where data has been lost or stolen. One of the reasons for such breaches is poor privacy and data protection measures. It becomes challenging to adopt robust data security practices to manage such huge amounts of data. However, an appropriate data strategy would help to deal with this challenge. 
  • Data privacy maintenance- Even though the costs of data breaches are higher than those of data protection or privacy maintenance, increasing costs of maintenance are a cause for concern and challenge. Digital infrastructure, data backup, archiving and other technologies are required to safeguard the data. 
  • Regulation and documentation- Almost every country enacted their own domestic legislations and several rules and regulations concerning data privacy and protection. Applying and complying with these new regulations is a challenge for data professionals. Staff training and collaboration of departments will help tackle the complexities easily within an organisation.

What kind of work is expected of a data privacy professional 

Data privacy professionals play a key role in any organisation. Despite the organisation in which one works, the role and kind of work undertaken by data professionals remain the same. The work of a data professional will be as follows and include the following: 

Policy development and implementation

Policy formulation is the first and foremost step. Though policies themselves do not solve the problems, they are pathways to an organisation’s efforts and also solutions. A good policy not only protects the system; it also protects the organisation as a whole and individual employees. A data privacy professional based in the organisation needs to formulate privacy policies and regulations. He/she must also make sure that they are implemented appropriately for the management of data.  

Data mapping and classification

Data mapping and classification provide a roadmap for the organisation’s data. Privacy and data management practices are required for every organisation to protect the privacy and personal information of consumers and other organisations. All these require a structured approach and data mapping provides a roadmap for data processing, collection, storage, and transfers. Data mapping and classification also help management make an informed decision. Data professionals play a key role in the mapping and classification of the data. A data professional is also responsible for the implementation of data mapping. 

Risk assessments and mitigation

A data privacy professional in an organisation has to conduct risk assessments and formulate mitigation safeguards. A checklist that is followed while conducting risk assessments is: 

  • A list of different types of personal information that organisations possess needs to be prepared. 
  • The data collection events for all kinds of data followed by the organisation need to be evaluated. 
  • Training the staff on data protection practices and procedures 
  • Identifying the regulatory frameworks concerning data protection and privacy
  • Documentation of all the data protection steps undertaken by the organisation. 

The data protection assessments would reduce the risk of data protection and privacy breaches of the sensitive data of an organisation. It is a kind of precautionary measure. 

Mitigation is part of the risk assessment process. During the risk assessment, if any potential risks for the rights of data subjects are identified, then the measures and mechanisms to protect the privacy of the data subjects should be outlined. Risk assessments and mitigation strategies are part and parcel of the data privacy and protection process. 

Compliance monitoring and reporting

This is a crucial part for all data privacy professionals. Enactments, rules, and regulations are framed to protect data and ensure the safety of privacy. Hence, there is an obligation on businesses and organisations to comply with the policies. A data privacy professional needs to identify the applicable framework and monitor compliance.  Compliance audits are conducted to better understand and evaluate the situation in compliance and reporting. The step-by-step process of a compliance audit is as follows: 

  • Formation of audit team: All expert professionals in the legal, privacy, and technical domains need to form a team to handle the planning, execution, and reporting of a compliance audit. 
  • Audit scope: Audit scope should be pre-determined. It helps to understand the programmes, activities, and departments that need to be assessed. 
  • Documentation: This is the first step towards the audit process. All data privacy policies, data protection practices, data retention policies, data flow maps and vendor contracts should be documented. Documentation helps to understand the organisation’s data handling procedure. 
  • Evaluation: All the company’s prevalent policies should be evaluated. 

Incident response and data breach management

This is a task that is not required daily but should be compulsorily learned by all data privacy professionals. A strategic and organised approach that was adopted to detect and manage cyber attacks with minimum costs, time and damage is known as incident response. Incident response is  part of data breach management. Data privacy professionals should be equipped with incident response plans and data breach management techniques to combat and prevent any kind of cyberattack or breach. Depending on the application, incident response and data breach management can be a preventive measure or a cure for cyber attacks. 

Employee training and awareness

Employees of an organisation or business play a key role in the management and safeguarding of data. It is the responsibility of a data privacy professional to conduct employee training and raise awareness concerning data protection and privacy. Before implementing employee training, a data privacy professional needs to analyse the situation of the organisation concerning compliance rules and regulations, risks and gaps. Reports from privacy audits should also be studied. All the privacy policies need to be verified within the legal framework. Employees’ knowledge of data protection and privacy should be evaluated to identify training needs. After the analysis, the goals and objectives of the training programme should be written down. Content and materials should be prepared for the training and awareness programme. The content should be prepared, taking into consideration the accessibility of the stakeholders. After all these steps, employee training and awareness programmes should be conducted. An outcome and evaluation of the programme should be conducted to improve the training programme. 

Privacy Impact Assessments (PIA)

The main purpose of PIA is to conform to the legal regulatory framework and policy requirements, identify potential threats, evaluate the effects and formulate mitigation strategies. PIA is a valuable tool to understand the ways data is used within an organisation. It also helps to understand how a new project would affect the organisation. Through PIA, gaps in the privacy department concerning data security, risk management and compliance are identified. Privacy professionals need to conduct PIA to effectively monitor the data security and privacy of an organisation. 

Vendor management 

In businesses, every day, a large amount of data flows to and from third-party vendors. The third-party vendors’ privacy and the information security policies concerning the access to and control of personal information should also be assessed. Keeping track of all vendors and assessing information is one of the challenges facing the organisation. Data protection laws such as GDPR mandate businesses to effectively monitor the data flowing in and out of the organisation, including third-party vendors. Data privacy professionals must keep track of all the vendors and points of information access. 

Documentation and record-keeping

Documentation and record-keeping help to identify the transactions easily. It creates, organises, and manages the organisation’s policies, practices, and procedures. The requirement for documentation and record keeping can be imposed by law, regulatory bodies, industry standards, or policy by the organisation itself. Whatever the cause or reason, the process would positively affect the organisation. A data privacy professional is involved in every crucial aspect of the business and has the responsibility of record-keeping and documenting every activity conducted within the organisation. 

Legal and regulatory liaison

The growth of technology led to the enactment of laws concerning data protection and privacy. As part of the DPDP and privacy legislations, regulatory compliance became a mandatory thing, and organisations,  businesses are held liable for any kind of violation. Data privacy professionals, especially data protection officers, need to monitor regulatory and legal compliance. These professionals need to conduct legal and regulatory liaisons to make sure everything is complied with and followed by the organisation.

Career opportunities in data protection and privacy laws  

The prospects of career opportunities in data privacy and data protection are progressing day by day. The future of this field is quite compromising. In this section, the employment options in this new field will be covered exhaustively. The main aim is to provide the readers with exhaustive information about the data privacy and data protection field and employment opportunities, which can be useful in making informed decisions for those who want to venture into new areas of employment. 

In-house role in data privacy 

Every company or business requires professionals to handle the data and advise on the latest trends on the subject. Therefore, data privacy professionals are hired in areas of data privacy and protection. 

Data privacy professionals

Data privacy professionals are those who gain expertise in or specialise in the area of data privacy. The main role of the data privacy professional is to protect the data( both personal and sensitive data) from illegal access and security breaches. Data privacy professionals assist companies or businesses in compliance with data privacy laws and ensure security by conducting risk assessments. Equipping data privacy professionals in an organisation contributes to the adoption of best practices in the data security regime. The job profile of these professionals is similar to that of in-house lawyers, where he/she advises and manages contracts. A data professional focuses only on privacy, policies and the management of available data against security breaches. 

When we say ‘Data Privacy Professional’ it is an umbrella term used to represent an entire sect of officers or positions included in the field. Some of the roles or positions in data privacy are given below.  

Chief Privacy Officer/Chief Compliance Officer 

The Chief Privacy Officer (CPO) is a senior executive designation in a company or organisation. Another designation for a chief privacy officer is Chief Compliance Officer. The responsibility of a CPO is to manage compliance with the prevailing data security and privacy rules and regulations.

According to Glassdoor,  the average salary of a chief privacy/compliance officer in India is 12 lakhs per annum. For the Vice President and Senior Vice President of Compliance, the salary ranges from Rs. 42 Lakhs per annum to Rs. 45 lakhs per annum. For example, a company called GSK pays around Rs. 40 thousand per month. 

Data protection officer   

A data protection officer’s main task is to ensure that the company or organisation follows privacy, data protection, and other applicable prevalent rules and regulations while managing the data. The officer is responsible for the security of the company’s data and information. Officers should advise, guide and educate the staff on data security and compliance. Data protection should also be conducted. The main goal is to secure the organisations/companies from breaches or any kind of illegal use. 

According to Glassdoor, the salary of a data protection officer ranges from Rs. 5 lakhs per annum to Rs. 29 lakhs per annum, depending on role and designation. For example, Vodafone pays Rs. 2 lakh per month to its data protection officer. 

Privacy counsel 

Businesses hire a dedicated privacy counsel for the organisation. The main task of the privacy counsel is to advise the organisation on its responsibilities and look after compliance with privacy, cyber security and data protection laws. This is an excellent opportunity for young law graduates who want to specialise in a niche field. Data privacy and protection is one of the dynamic fields that one can specialise in. 

According to Glassdoor, the salary of a privacy counsel ranges between Rs. 6 lakhs per annum to Rs. 18 lakhs per annum. 

Data privacy specialist 

A specialist is a person who specialises in a particular field. A data privacy specialist specialises in protecting sensitive data against unauthorised or illegal access. The implementation of all the privacy laws and compliance with rules and regulations are the responsibilities of the data privacy specialist.  

According to Indeed, the average base salary of a data privacy specialist is around Rs. 5 lakhs per annum. IBM pays Rs. 8.5 lakhs per annum to its data privacy specialist. Similarly, Uber pays around Rs. 13 lakhs per annum to the data privacy specialist. 

Data privacy manager 

A data privacy manager needs to implement the privacy rules and regulations in the business or organisation. The main purpose is to maintain confidentiality and protect sensitive data. Data privacy managers should lead initiatives related to privacy and advise the management of a business or an organisation on the best practices of data protection and privacy. 

According to Glassdoors, the reported salaries of a Data privacy manager ranges between Rs.5 lakhs per annum to Rs. 28 lakhs per annum. Jio pays Rs. 5 lakhs per annum for the privacy manager role. 

Data privacy analyst 

An organisation’s sensitive and personal data has to be protected confidentially by the data privacy analyst, who must maintain integrity, security and availability. An analyst analyses and monitors the available data and implements measures to protect the data from breaches or any illegal access. Privacy laws, rules and regulations are implemented. A data privacy analyst also assesses the existing rules and regulations of a business or organisation to verify that they meet the privacy requirements as per the standards. 

Today, data has become an asset for companies to run their businesses effectively. At this juncture, data analysts are hired to observe the business operations. Data analysts look into the legal and operational risks surrounding the information and modify, adapt or change the policies and programmes as per the requirements. This exercise is conducted continuously. All the steps taken by a data privacy analyst have to be within the realm of the organisation’s data agreements. Privacy analysts oversee the business operations along with specific privacy projects.

According to Glassdoors, the base salary of a privacy analyst ranges from Rs. 4 lakhs per annum to Rs. 10 lakhs per annum. The average salary is around Rs. 6 and half lakhs per annum. 

Data privacy and security consultant 

This is another job profile that one can pursue in the data privacy and protection field. The role is advisory. Through the advisory services, the consultant must provide strategies and measures to the organisations to maintain cyber security. Within the consultant profile, one can become a compliance consultant to provide services to the organisation in complying with the prevalent laws, rules and regulations relating to data protection and privacy. As a data privacy consultant, one can provide consultancy services to multiple organisations or businesses focusing on data protection and privacy issues.

These days, every company and organisation is hiring data privacy or data protection professionals. Hence, it became common practice to have a data privacy professional on the rolls of employees. Especially for large entities, it became best practice to recruit a data privacy professional into the team. Both private and government organisations hire data professionals. 

Companies like KPMG, EY, Deloitte, and others invest huge sums in these roles. According to Glassdoor, the salary of a security and privacy consultant ranges between Rs. 8 lakhs to 13 lakhs per annum. The Tata Consultancy Services (TCS) pays around Rs. 12 lakhs per annum to a data privacy consultant. 

Note: The designation of the posts varies from one organisation to another or from one country to another. Variations might happen for flexibility or suitability purposes. 

Research and academic roles 

Research and academic roles are another enriching opportunity. The main idea behind academic roles is to bring into light new perspectives, ideas, and arguments.  The researcher collects all the information from various sources and forms an informed opinion or point of view on any ongoing issue or conversation. The research contributes to the advancement of the research field, i.e., data privacy and protection, in terms of the adoption of best practices and the advancement of data privacy technologies. AI startups and other technologies, such as blockchain, extensively rely on research data when forming or innovating products.  Hence, the research roles are no less important. One can find research roles in sponsored think tanks of government organisations, private institutions or universities. One such organisation is the National Critical Information Infrastructure Protection Centre (NCIIPC), a government agency that works on cyber security. Similarly, one can find opportunities in both government and private fields. 

Academia is a part of research. However, in addition to the research roles, one can find amazing opportunities in the part-time and full-time academic roles. Academia also plays a key role in research. For example: IIT (Indian Institute of Technology) developed, through research, an algorithm named NTRU-Prime. Apart from research, the main responsibility of academic roles is to teach and spread knowledge on the subject. The data privacy and protection field is an emerging subject. Hence, there will be an increasing demand in the coming years. The academic roles seek candidates with specialisations in the field. These positions would be suitable for individuals who are keen on learning. 

According to Ambition Box, the average salary of a data research associate is Rs. 3.5 lakhs per annum. For academic roles, the salary is similar to that of general academic roles, which ranges between Rs. 60,000 and Rs. 2 lakhs per annum, according to Glassdoors

Data protection and privacy lawyers 

The opportunities that will be mentioned in this section are for law students, young law graduates, and legal professionals. A degree in law from a recognized university or college is a must. Data protection and privacy is an emerging area of specialisation in the legal landscape as well. The intersection of technology and law is a fascinating subject to indulge in. Lawyers who have a keen interest in technology and privacy laws can opt for a career in this field. 

Independent practitioners 

One can start their independent practice in the field of data protection and privacy law, similar to other areas of law. The difference is in the clientele and the types of problems that one should deal with. The data protection and privacy area is a new and emerging area of practice. Hence, it is challenging yet rewarding. Companies and businesses seek advice and guidance for the implementation of privacy and data protection laws. 

Law firm associates 

Every business will need data protection services in the upcoming years. Hence, law firms are specialising in privacy laws. In India, top-tier firms have already created special departments that focus on data protection and privacy. This is a golden opportunity for all law students and graduates. One can choose to join a team of data privacy and protection lawyers at a law firm as a career choice. This is a good career option for law students and young law graduates. There are few law firms, both in India and abroad, that provide legal services under data privacy and protection laws. They have separate legal teams that focus on data protection and privacy. Law students or young professionals who are interested in technology law can specialise in data privacy and protection. Law students can start interning with firms which specialise in the area, and write articles and research papers on the topics to build their CVs  The leading law firms in India, such as Khaitan & Co., Fox Mandal, Indus Law and other top tier 1, tier-2 and tier-3 law firms,  have separate departments or teams for data protection. For more specialised experience, Spice Route Legal is one such firm that has specialised expertise in media, communications and technology laws. 

Data privacy lawyers fall under the category of cyber lawyers. Depending on the expertise and efficiency of the organisations, they pay enormous amounts to the lawyers. On an average a lawyer working in tier-1 and tier-2 firms earns between Rs. 10-18 lakhs per annum. 

International opportunities

Western countries, for example, California, came up with the California Consumer Privacy Act (CCPA) much before India. The GDPR came into force in 2018. All these lead to the creation of opportunities in privacy laws globally. Today, privacy and data security are not just domestic affairs but global issues. Among 194 countries, 137 have a legal framework for data protection and privacy. Recently, India has also joined the league. One can find opportunities in international markets which are battling with the issue of data security and privacy. For the one who wants to work abroad, data privacy is one of the dynamic fields.

Multinational Companies (MNCs) 

Apart from domestic work on privacy and data protection, one can enter the global market by availing of job opportunities in the MNCs. These companies have already started working on complying with the rules and regulations of data privacy and protection. MNCs are actively hiring individuals who would assist them in compliance with several rules and regulations in different jurisdictions without any impediment to business operations across the countries. One can find opportunities as in-house officers in MNCs such as Google, Netflix, and several other organisations. 

The salaries in different foreign jurisdictions for data privacy professionals are as follows: In Europe, it is € 71,584, in the United States, the approximate salary is $150,000, in the United Kingdom, the basic pay for entry level jobs is £28,000 and for experienced individuals, it is around £74,489.

International data privacy consultant

One should grasp and become an expert in the multi-jurisdictional data protection landscape in order to become an international data privacy consultant. To become a go-to person, one must master all the relevant laws at the multi-jurisdictional level. Once certain expertise is gained, one can place themselves in the international market for the skills that are in high demand globally. The MNCs also hire these individuals for their data protection and privacy departments. 

The average salary of a data privacy consultant in the United Arab Emirates is AED 277,936. According to salary.com, the average salary of a data privacy consultant is $101,681. 

International data privacy lawyers 

These lawyers are in high demand globally. For corporations, expertise on the subject will be an asset. They hire lawyers who have understanding and knowledge at the multijurisdictional level. In addition to specialising in data privacy laws, an international lawyer should have a good grasp on subjects of international law, trade laws, and others. 

According to talent.com,  in the United States, data privacy lawyers earn $164,000 per annum. The entry level jobs begin with $ 131,250 and go up to $225,000 for experienced professionals. Similarly, in the United Kingdom a data privacy lawyer earns £75,000 per annum. The entry level jobs range between £65,000 to £85,000 for experienced professionals. 

Conclusion 

Currently, data privacy and protection is an evolving field with high demand and low supply. The pandemic further boosted the technology industry, especially for e-commerce companies. Everything and every work is transformed into an online or digital atmosphere, which is still currently prevailing through Work from Home (WFH) policies. Data becomes crucial for all businesses, depending on which business models and strategies are prepared.  This, in turn, required protection and security for information with the implementation of privacy laws. The increase in data breaches and leaks further highlighted the significance of protecting sensitive and personal information. All these elements make the field more challenging and rewarding. Whatever role one chooses, either as a data consultant or a researcher, any career in the data privacy and protection field brings a change and a notable impact on technology and privacy.  The data privacy and protection domain is a new and flourishing career field, especially for Gen Z folks. Do not hesitate to contact us to learn more about the opportunities and available courses on the subject at www.lawsikho.com

Frequently Asked Questions (FAQs) 

Is prior technical knowledge required or mandatory?  

No, it is not mandatory, though an overview of the technical details would be an added advantage to the candidate. There are real-time situations where a person with no technical background is recruited as a privacy manager in the company. Taking up a course focusing on Data privacy and protection would cover all your doubts. To know more about courses, click here. 

What are the skills required to become a data privacy and protection professional? 

In addition to the communication skills, analytical skills and other skills mentioned above, the additional practical skills required are as follows: 

  • Technical Proficiency: Data privacy and protection belong to a technical field of information technology. Hence, basic technical expertise in the subject is crucial. Knowledge of certain technologies, such as firewalls, encryption, and data processing techniques, is important. Familiarity with IT systems, databases, and network security. Ability to assess and implement technical solutions for data protection. 
  • Critical analysis skill: Attention to detail is the main component of critical analysis skills. Every element of the data and privacy regulations must be meticulously examined.  
  • Risk Assessment and Management: One of the tasks of a data privacy professional is risk assessment. The privacy risks should be identified, and necessary strategies should be formulated.
  • Flexibility and adaptability: Technology is one of the fastest-evolving sectors. Hence, data professionals should be flexible in the adoption of new technologies in data security and privacy regulations for improved results. 

Where can you find and apply for job opportunities in the field of data privacy and protection?

One can find a list of opportunities or vacancies through a job search platform. One such example is naukri.com. 

How much does a data privacy analyst earn? 

The salary range differs depending on the organisation and the country that one works for. As per statistics, the average salary of a data privacy analyst is $110,000. 

What are the responsibilities of a data privacy analyst? 

 Some of the key responsibilities of a Data Privacy Analyst are 

  • As per laws such as GDPR, data privacy analysts must ensure compliance with all prevailing rules and regulations. 
  • Preparation of compliance reports.
  • To resolve doubts of all the internal stakeholders concerning data processing, privacy laws and protection requirements. 
  • Conducting investigation and the preparation of reports on any breaches or unauthorised access to data. 

How to specialise in the data protection and privacy field?

Specialisation is the key, especially for subjects like data privacy and protection, which are specialised by themselves. The direct way is to pursue a Postgraduate (P.G) Degree in data protection and privacy. In addition to it doing diploma or certification courses would also be helpful. Any kind of professional opportunities and certifications that would help in the development of skills and knowledge. 

What are the uses of data privacy certifications? 

The first and foremost use of data privacy certification is that it indicates or acts as a signal of the knowledge of the data privacy laws, rules and regulations. It demonstrates one’s theoretical and practical knowledge of data compliance for an organisation. Certifications also display one’s interest in the subject and help in specialisation on the subject. To explain simply, certifications offer two benefits: first, they provide a great learning experience, and second, they meet job requirements because employers often look for certifications to hire. Hence, it is advisable to get certifications on the subject to excel in this specialised field of data privacy and protection. 

From where can one do certifications? Are there any specific organisations? 

No ‘special’ or ‘official’ status is granted to one particular course or organisation. Various organisations provide different courses on the subjects. The value of the certificate depends on a lot of factors such as the reputation of the organisation, course credits, etc. Hence, candidates need to look after the course and the organisation’s suitability and credibility before obtaining the course. Some of the renowned courses are already mentioned above in the article. 

What is the purpose of compliance audits? 

There is a need for a compliance audit for the following reasons: 

  1. Mitigation of legal risks-Noncompliance with data protection laws leads to severe penalties. 
  2. Compliance- The audits help to verify whether the organisation follows regulatory and legal compliance appropriately. 
  3. Prevention of data breaches-Compliance audits help to identify the gaps and vulnerabilities in security practices. 

What are the benefits of conducting Privacy Impact Assessments (PIA)? 

PIA is a cybersecurity practice that aids in providing information and security technology benefits. Some of the benefits of PIA are as follows: 

  • Risk Management: With the help of PIA, any gaps in the system can be identified. It will also help to take steps towards mitigating the risks, like threats and internal controls. Risk management can be done easily with the PIA. 
  • Compliance: PIA plays a significant role in compliance with laws such as GDPR, HIPPA or any law that needs to be followed by the organisation. Violations and breaches of legal frameworks can be prevented if PIA is conducted. 
  • Analytics: PIA provides data analytics for cybersecurity decision-making. It highlights the gaps and showcases model scenarios which helps the team to make decisions on the allocation of resources. 

What are entry-level jobs in the data protection and privacy field?

Entry-level jobs are the starting positions in any particular field of data protection and privacy. One can find entry-level jobs in law firms as a trainee or apprenticeship, in consulting firms as a junior advocate, as a volunteer in NGOs or industry organisations, and as an in-house lawyer in private companies and government departments. 

Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.

LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/lawyerscommunity

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

Download Now

Maintenance of children and aged parents under Hindu Adoption and Maintenance Act, 1956

By
Vanshika Kapoor
-
0

This article has been written by Gunjan Saini pursuing a Lord of the courses (judiciary test prep) from LawSikho.

This article has been edited and published by Shashwat Kaushik.

Introduction

We must have heard that when a person ages, he behaves like a child. They both are unable to maintain themselves because of their age, as some parents do not have the proper resources to do so. At that point in time, it is the duty of their children to maintain them. In the case of children, it is the duty of parents to provide financial support to meet the needs of the child. The Hindu Adoption and Maintenance Act, 1956 came into existence to regulate adoptions and provide for the maintenance of family members among Hindus.

This Act enumerates specific provisions for adoption and maintenance, which specify who can adopt, the eligibility criteria and the legal process involved. The Act also enumerates the obligations of maintenance within a Hindu family. The Hindu Adoption and Maintenance Act of 1956 is an important piece of legislation that reflects the cultural and legal intricacies of adoption and maintenance within the Hindu community in India. 

What is maintenance

Maintenance refers to financial support given to a spouse, children, and parents in order to meet their basic necessities, such as food, clothing, shelter, education and medical expenses, when they are unable to maintain themselves. Maintenance under this Act specifically involves the provision of financial support to dependents who are unable to support themselves. The amount and conditions for maintenance are determined by various factors, including the financial capacity of the person providing maintenance and the needs of the dependents.

Hindu Adoption and Maintenance Act, 1956

The Hindu Adoption and Maintenance Act came into existence to amend and codify the law relating to adoptions and maintenance among Hindus. The Act extends to the whole of India and applies to any person who is a Hindu by religion and it specifically applies to Hindus, including Buddhists, Jains and Sikhs, but in other religions like Muslims, Christians, Jews and Parsis, no separate laws are given, so they approach the court for adoption under the Guardians and Wards Act, 1890. The Supreme Court of India, in M/S Shabnam Hashmi vs. Union of India (2014), held that the Juvenile Justice (Care and Protection of Children) Act of 2000 is a secular law. Under this Act, any person, irrespective of their religion, can adopt a child.

Historical background

The concept of adoption and maintenance  is the historical background of maintenance and adoption is intricate, encompassing legal, social, and cultural aspects. The concept of maintenance is often related to child support, and has deep roots in various societies.

Adoption, in contrast, has evolved over time. Ancient cultures, such as the Greeks and Romans, had informal adoption practices. In mediaeval Europe, adoption served strategic purposes, like securing heirs. In mediaeval India, adoption was a practice with both cultural and legal dimensions. The Manusmriti, an ancient Hindu legal text, provided guidelines for adoption, emphasising the importance of a male heir to continue the family lineage. The purpose of adoption during this period was often to ensure the continuation of the family name and have a successor to perform ancestral rites.

Adoption in mediaeval India was typically within the same caste or social group, maintaining social and cultural continuity. The adopted child would assume the rights and responsibilities of a biological child, including inheritance rights.

Maintenance and adoption have intertwined histories, reflecting changing societal norms, legal frameworks, and a growing emphasis on the best interests of the child.

Maintenance of children and aged parents

In the Hindu Adoption and Maintenance Act, the maintenance of children and elderly parents is specifically mentioned under Section 20.

  • Section 20 emphasises the duty of a person to provide, in the case of children, maintenance for their education, marriage expenses, and support. In the case of elderly parents, maintenance includes providing for their basic needs.
  • The provision empowers a magistrate to order the person responsible for maintenance to make a regular allowance for the financial support of the child or elderly parent.
  • It is to be noted under this section that ‘parent’ includes a childless step-mother.

It has been held by the Allahabad High Court in Raj Kishore Mishra vs. Smt. Meena Mishra (1994)  that if a father-in-law has no sufficient means from any coparcenary property in his obsession, out of which his daughter-in-law has not obtained any share. to maintain his daughter-in-law, he shall not be obliged to do so.

Are illegitimate children entitled to maintenance

Yes, illegitimate children can also claim maintenance under this Act, as this act does not differentiate between legitimate and illegitimate children in the context of maintenance, because it is the duty of the parents to maintain their children, whether legitimate or illegitimate. This act protects the innocence of children and ensures that they get all the necessities from their parents.

When can aged parents claim maintenance

Under this Act, it is mentioned that the aged parents can claim  maintenance from their children when they are unable to support themselves due to some reasons such as illness, old age, lack of resources or financial constraints.

Factors under which maintenance can be claimed:

  • Voluntariness- If children voluntarily want to give maintenance to their parents for their survival, they can give an amount as maintenance.
  • Financial need- The parent must state their genuine needs and demonstrate an inability to support themselves financially.
  • Children’s Financial Capacity- The court may assess the financial capabilities of the children to determine if they can provide support.
  • Health and Age of Parents- The physical condition and age of the parents can be relevant in determining their ability to earn a living.
  • Existence of Other means of support- The court may consider if the parents have other sources of support, such as pensions or government assistance.

Amount of maintenance

Under Section 23, the amount of maintenance is not fixed at a certain amount; it may vary from party to party.

Section 23 (2) states that while determining the amount for maintenance, several factors are kept in mind, such as:-

  • Status of parties and their current position;
  • The reasonable wants and claims of the claimant;
  • The number of people that are entitled to be maintained;
  • All sources of income for the claimant and value of their property;
  • If the claimant living separately has justified grounds for doing so.

Section 23(3) states that while determining the amount of maintenance to be awarded to a dependent under this act, they have to keep various factors in mind, such as:

  • Count the net value of the estate of deceased after providing for the payment of the debts of the dependent;
  • If any provision is made under the will of the deceased in respect of the dependant;
  • The degree of relationship between the two parties;
  • The reasonable wants of the dependant;
  • The past relationship between the dependent and the deceased;
  • Any property of the dependent, its value, income derived from such property, from his earning and other sources;
  • The  total number of dependents who are entitled to get maintenance under this Act.

Amount of maintenance may be altered by change of circumstances-

Section 25 states that the amount of maintenance that is fixed by the court on any order or decree either before or after the commencement of the Act may be altered by the court if there is any material change in the circumstances. Whenever the alteration is made , there must be justifying reasons for doing so. This provision aims to ensure that maintenance obligations remain fair and equitable, accommodating changes in the financial situation or needs of either party over time.

To determine if a material change has occurred, the court considers various factors, such as:

  1. Change in income: Increase or decrease in the earning capacity or income of either party.
  2. Change in expenses: Changes in living expenses, medical costs, or other financial obligations.
  3. Change in needs: Changes in the health or dependency of the recipient of maintenance.
  4. Change in standard of living: Changes in the standard of living of either party since the initial maintenance order.
  5. Change in marital status: Remarriage or cohabitation of the paying spouse.
  6. Change in parental responsibilities: Additional maintenance obligations due to new children or dependents.
  7. Change in assets and liabilities: Changes in the financial assets or liabilities of either party.
  8. Change in employment status: Loss of employment, retirement, or change in job position.

The burden of proof lies on the party seeking the alteration of the maintenance amount to demonstrate the material change in circumstances. The court may consider evidence such as financial statements, pay stubs, medical records, or witness testimonies to assess the validity of the claim.

Landmark case laws

H.H. Hiralalji Maharaj vs. Shri Ramlalji Maharaj

Facts of the case

In this case, the petitioner, H.H. Hiralalji Maharaj, filed a petition under Section 125 of the CrPC, seeking maintenance from his father, Shri Ramlalji Maharaj. The petitioner claimed that he was above the age of 18 but had not yet attained the age of 25 and was pursuing higher education. He contended that he was unable to maintain himself and, therefore, was entitled to maintenance from his father. Shri Ramlalji Maharaj, the respondent, opposed the petition, arguing that the obligation to maintain a child extends only up to the age of 18 years, and that he was not liable to provide maintenance to his son beyond that age.

Judgement of the Supreme Court

The Supreme Court, in its judgement, held that the obligation to maintain a child extends beyond the period of minority and continues until the child attains the age of 25 years, or until the child becomes self-sufficient, whichever is earlier. The court observed that the term “child” in Section 125 of the CrPC should be interpreted liberally and that the purpose of the provision is to ensure that children receive adequate financial support from their parents until they are able to support themselves. The court took into consideration the increasing cost of education and the need for children to pursue higher studies in order to secure employment opportunities.

R.D. Shetty vs. Mangaladevi Shetty

Another important case is R.D. Shetty vs. Mangaladevi Shetty, decided by the Supreme Court of India in 1982. In this case, the court held that the obligation to maintain aged parents is a moral and legal duty of the children. The court further held that the amount of maintenance to be paid to the parents should be determined based on the income and earning capacity of the children, as well as the financial needs of the parents.

Bai Tahira vs. Ali Hussain Fissalli Chothia And Anr. (1978)

In this case, the Court held that the term “maintenance” under the Act includes not only food, clothing, and shelter but also education, medical care, and other necessities of life. This decision was crucial in ensuring that children receive comprehensive support and care from their families.

In the landmark case of Bai Tahira v. Ali Hussain, the Court interpreted the term “maintenance” under the relevant Act and expanded its scope to include not only the basic necessities of food, clothing, and shelter but also education, medical care, and other essential needs for a child’s well-being. This decision is significant in several ways:

  1. Comprehensive support: The Court’s interpretation recognises that children’s well-being extends beyond basic necessities and encompasses their educational, medical, and other essential requirements. This broader definition ensures that children receive holistic support and care from their families.
  2. Child’s right to education: By including education as part of maintenance, the Court emphasises the importance of education for children’s development and future prospects. This decision aligns with international conventions and national laws that recognise education as a fundamental right for all children.
  3. Healthcare access: The inclusion of medical care as a component of maintenance underscores the critical role of healthcare in safeguarding children’s health and well-being. It ensures that children have access to necessary medical services, which can have a significant impact on their overall development and quality of life.
  4. Equitable treatment: The Court’s decision promotes equitable treatment of children by ensuring that all children, regardless of their socioeconomic background, have access to essential resources for their well-being. This interpretation helps bridge disparities and creates a more level playing field for children.
  5. Legal precedent: The Bai Tahira v. Ali Hussain case sets a precedent for future legal interpretations and establishes a broader understanding of the term “maintenance” in the context of child support. It provides guidance to lower courts and legal practitioners in handling similar cases, ensuring consistency and fairness in the application of the law.

The Court’s decision in this case is a crucial step towards ensuring that children receive comprehensive support and care from their families. It recognises the evolving needs of children in today’s society and emphasises the importance of holistic well-being for their healthy development and future success.

Dastane vs. Dastane (1988)

Another prominent case is the 1988 Supreme Court judgement in the case of Dastane v. Dastane. In this case, the Court held that the Act imposes an obligation on both spouses to maintain their aged parents, irrespective of their financial status. This decision recognised the importance of familial support for senior citizens and ensured that they were not left destitute in their old age.

Conclusion

We had a brief study on the Hindu Adoption and Maintenance Act of 1956, in which we learned about the various provisions related to adoption and maintenance among Hindus. The provisions of this act have given relief to almost every generation, whether they are children or elderly parents. In recent cases, it has been seen that seeking maintenance is not a tough task. There are a number of cases in court daily that deal with maintenance. Under this Act, maintenance is not limited to only the wife but to all, whether she is daughter in law or a widow. Under this Act, special concern is given to the maintenance of children and elderly parents, the maintenance of dependents or the maintenance of family members. Although this act includes all the provisions related to the adoption of a child among Hindus.

References

Download Now

Role of AI in virtual assistance : opportunities and challenges for startups

By
Vanshika Kapoor
-
0

This article has been written by Barnali Ghosh pursuing a Diploma in Business English Communication for International Professionals and Remote Workers from Skill Arbitrage.

This article has been edited and published by Shashwat Kaushik.

Introduction

In this modern high-octane and flamboyant panorama of AI and related technology, AI is playing a very pivotal role. It offers both opportunities and challenges for the users. With the all-embracing attitude to VA in businesses, startups are the most benefited. They are at the forefront of innovation by integrating it into the existing system so effortlessly. This throws them into a crossroads where they can delve deep into the transformative potentials of AI. It has become a rapidly evolving domain that is coming up with newer developments with each passing day.

What is virtual assistance

The term “virtual assistant” today is a very common term that is widely heard. But do you actually know what it is? In simple terms, it is just the application of a programme capable of comprehending a natural human voice and the commands that it makes so that a task is completed or made easier for the user. They come in handy for companies of all sizes and types. They can handle innumerable tasks like administrative work, bookkeeping, functioning as a PA, customer service, data entry, social media production, content management, research and a multitude of other tasks.

AI in virtual assistance

In the initial days, these tasks were completed by secretaries and personal assistants of higher-up officials. It included a variety of work that was required in everyday life. To name some tasks, they included the likes of making schedules, arranging meetings & conferences, looking up phone numbers in directories & placing calls, taking dictations, reminders for appointments and even taking dictations from superiors. 

These were the mundane tasks of everyday office life performed by low-paying secretaries and personal assistants. All of that was in the past. The present is “virtual assistants,” which might be the likes of Amazon Alexa, Google Assistant, Apple Siri and Microsoft Cortana. The list goes on in this regard. This is the future of virtual assistance. The implementation of virtual assistants in startups can be a game-changing strategy for enhancing customer experience, streamlining operations, and gaining a competitive advantage. Virtual assistants, powered by artificial intelligence (AI) and natural language processing (NLP) technologies, can perform a wide range of tasks, from answering customer queries to scheduling appointments, providing product recommendations, and offering personalised support. Here’s a closer look at the benefits and considerations for implementing virtual assistants in a startup environment:

Benefits of virtual assistants in startups:

  1. Enhanced customer experience: Virtual assistants offer 24/7 availability, ensuring that customers can get assistance whenever they need it. They can handle routine inquiries, provide quick and accurate information, and escalate complex issues to human agents, resulting in a seamless and satisfactory customer experience.
  2. Streamlined operations: Virtual assistants can automate repetitive and time-consuming tasks, freeing up human employees to focus on more strategic and value-added activities. This can improve efficiency, reduce operational costs, and allow startups to scale their operations more effectively.
  3. Personalised support: Virtual assistants can leverage AI algorithms to analyse customer data, such as previous interactions, purchase history, and preferences. This enables them to provide personalised recommendations, tailored responses, and proactive assistance, enhancing customer engagement and satisfaction.
  4. Competitive advantage: In a rapidly evolving startup landscape, implementing virtual assistants can set a company apart from its competitors. By offering innovative and convenient customer support, startups can attract and retain customers, build brand loyalty, and gain a competitive edge.

Considerations for implementing virtual assistants in startups:

  1. Data privacy and security: Virtual assistants require access to customer data, so startups need to prioritise data privacy and security. They should implement robust security measures, comply with relevant regulations, and ensure transparency about data usage to build trust with customers.
  2. Alignment with business objectives: The implementation of virtual assistants should be aligned with the overall business objectives and goals. Startups should clearly define the tasks that virtual assistants will handle, evaluate the impact on customer experience and employee productivity, and track key metrics to measure the success of the initiative.
  3. Employee training and adoption: Successful implementation requires employees to understand the capabilities and limitations of virtual assistants. Startups should provide comprehensive training to employees on how to collaborate effectively with virtual assistants, ensuring a smooth transition and maximising the benefits of the technology.
  4. Continuous improvement: Virtual assistants are continuously evolving, and startups should have a plan for ongoing updates and improvements. This includes monitoring customer feedback, incorporating new features and functionalities, and leveraging advancements in AI and NLP technologies to enhance the capabilities of virtual assistants over time.
  5. Cost-benefit analysis: Startups need to conduct a thorough cost-benefit analysis to determine the feasibility of implementing virtual assistants. Factors to consider include the cost of development, maintenance, and ongoing updates, as well as the potential return on investment in terms of improved customer satisfaction, operational efficiency, and revenue growth.

Types of virtual assistants

When you have heard so much about virtual assistants, will you not like to hear about the distinct variety of them? It is obviously natural that this topic should be holding you intrigued and amazed today, just merely because of the fact that it has brought in technology and immense change with innovation, but at the same time it has snatched the jobs of multitudes. So here we go for the list of the variety of VAs in existence today:

  • AI chatbots: AI chatbots are a common term these days. If you analyse it carefully, you will understand they are simple programmes that aid users in communicating via text-based interfaces on various social media, websites and messaging apps. Here, the chatbots will help customers and take inquiries, wherein a discussion can be started. It uses NLP and ML for this purpose.
  • AI virtual assistants: They are VAs designed to accomplish errands most often over a variety of platforms and devices. The chores are executed employing natural language over voice-based interactions, wherein the users very expeditiously gather access to all the required information, master their calendars and also gain control over their smart appliances.  
  • Conversational agents: All along, you have been hearing about text-based VAs. Now it is time to learn about an assistant that can comprehend language, that is to say, that it can converse humanly. They can interpret complex language patterns, tell apart the requirements of the user and thus come up with the needed responses in any given circumstance. Of the variety of AIs used, this is probably the most complex of the lot. They are capable of carrying out a multitude of tasks that are complex.

Opportunities that VAs offer

There are numerous benefits that VAs offer today. Hiring them means your opportunities at business increase manifold. If you were to list all the opportunities that they offer, you could read through them and never fail to be amazed. So now let us walk through this list and see what is on offer.

Effectively streamlined and productive

VAs are even more effective and productive when it is a small entrepreneurship where it is challenging for the owner to keep pace with the entire operation of the business. Trying to juggle all the work scope along with strategizing the business leaves no time or room for the owner to come up with productivity that could bring in the desired results. Hence, using a VA could be the key to all these problems. He could leave the mundane and less significant matters for the VA while he takes care of the more complex and significant matters. 

Enhanced turnaround in dealing with time-consuming engagements 

There are certain tasks in every company that may be put aside for another time or day. That probably happens when the job is boring or time-consuming. So instead of having to battle with such uphill tasks, why not schedule them for your VA? You know they are important, but at the same time, they are tasks that might pique the interest of the doer. If you can do it effectively without having to add that personal touch to it, then VA is your answer to this problem.

Better chances at scaling operations

Today might be your startup, and tomorrow might become your big dream project. In such circumstances where there are absolutely no chances of predicting the future to enhance business operations on a large-scale, you might consider using a VA. The need to hire full-time employees or even a large number of them, can be eliminated safely. This is an extra and useful resource that comes in handy at all times.

Cost-effective

Having an army of staff, especially for startups, is a huge burden on any owner. So why tax yourself with extra salaries and increased expenses that can actually be done away with when you can easily hire a VA? Along with salaries, you can exempt your business from all the benefits and perks that need to be given to employees. Even office space is a saver, which is another benefit added to the basket. You pay for as many hours as you use them on a contractual basis.

Customer services tweaked

Customer service is the gateway to an increase in business. So you might want to scale up your customer service without scaling up the cost of it. So what better way than to hire a VA? Your business’ social media and emails can effectively be handled without much of a-do and fussing around. Customer service, in one word, becomes more dynamic and enterprising. 

Escalated productivity that is strengthened

The productivity of the entire team has increased, and the business as a whole sees more improvement in business operations. This, in turn, makes tasks easier to do and quicker to achieve. The tasks completed are precise and upgraded, which is the cause of enhanced business. The tasks are more effectively handled because you can hire remote staff that need not waste time commuting and wasting precious energy. This leaves them more focused and attentive.

Reach gets amplified

Gone are those days when making your operation’s online presence felt strongly was an option. Today it is a compulsion because customers rely more on online shopping than ever before. In view of this, it has roughly been estimated that by 2026, global retail sales will touch the 24% mark. Thus, you should not have to experience FOMO and to keep this at bay, you need to make your mark digitally as well as physically. A digital presence is more of a necessity. The best way to achieve all this and more is to try adopting the VA way. 

There are many other opportunities that are provided by VAs these days. Apart from the above-mentioned ones, you can also experience a few more that will be discussed in brief. As has already been mentioned, the owner gets more time and energy to concentrate on the core business areas and strategies that need more of his attention and time. So that is easily reachable once a VA is employed in the business. This also improves the chances of a better work-life balance for the owner, leaving him mentally and emotionally more healthy. Such circumstances lead to better work initiation and, thereby, more opportunities for the organisation as a whole.

Challenges faced by AI in virtual assistance

When it comes to using AI for virtual assistance, there is nothing like it. It gives better outputs and business opportunities that otherwise could not have been conceived and also achieved. However, there are some considerations to navigate and challenges to be overcome. Here is a small walk-through with them.

Ethical considerations

While using AI for virtual assistance, ethical considerations are of prime importance. The user should bear in mind a few ethical principles. These principles can be named as respect for human agency, transparency, justice, privacy & data governance, social, individual & environmental well-being and accountability and oversight. 

AI has the potential to suck up numerous jobs and displace humans. So while using it, it is very important to remember that a large number of humans could lose their jobs and livelihoods, causing massive destruction to societies. Data privacy is also another concern in this area. Data theft and loss are something to ponder. There is huge potential for loss of privacy and being under constant surveillance, combined with the power of it being misused. While using AI, environmental well-being could be hampered, along with that of individuals and society at large. The practice of transparency is another area that needs focus. Malpractices and unfair or incorrect practices should be tucked far away into a remote corner while using AI in virtual assistance. 

Quality of data and its accessibility

AI is only a new kid on the block, though not so very new. However, it cannot be said with conviction that it has an extensive database of superior quality that is at the same time easily accessible. So, this aspect has to be considered carefully before wholly plunging into everything that has to do with AI, especially when it concerns itself with a business organisation.

Carbon footprint issues

In modern times, any technological advancement that can be witnessed in the scenario comes with the problem of leaving behind huge amounts of carbon footprint on Mother Nature. Here too, the same can be seen. AI consumes a lot of energy, which gives rise to the issue of environmental concerns. So there has to be a scope for constant research and evolution so that there might be reduced carbon footprints.

Melding VA into the existing system

After all, this is not rocket science. So it can therefore very easily be melded into the existing system. Once done, they do afford a lot of benefits, which, if accepted in the right way, can help an organisation move further ahead in the market. It can efficiently help manage and handle data seamlessly. 

Technical challenges

As AI is quite a new development, there are still some technicalities to be overcome. Each type of AI has its own set of challenges that have yet to be conquered. It all depends on what type of AI the user chooses. Along with the technical challenges, the price tag for each is quite high. This also adds to the woes of the user, especially if they are startups.

To overcome all the challenges and difficulties that come with this new technology, the user has to have a clear-cut goal in mind when choosing the appropriate AI that will help in carrying out the purpose of its installation.

The overall impact of AI in virtual assistance

AI, cannot be denied as the revolution of the century. It has impacted society in multiple ways. At times it can be said to have a good impact, while at others it has impacted negatively. However, even this negative impact can be conquered by learning how to navigate it and accept its existence in daily life. It becomes fluid and easy to cope with once the users understand that it is multifaceted and a multiservice product that is modifiable. It is not an archetypal kind of thing.

Conclusion

On a closing note, it can easily be understood that AI in virtual assistance is the next big thing to happen to the user. It does come with challenges, which, if overcome, produce beautiful and good results. However, it can also be said that there are numerous opportunities that, if capitalised, can take the user miles ahead in their time. It streamlines and transforms wherever it touches. Its impact can be effortlessly understood when you read the statistics. It is expected that there will be more than 150 million voice assistants in the US alone by 2026. And by 2025, the market size is expected to reach USD 25.63 billion. This is an indicator that, despite all the challenges and hurdles faced by it, it is an exciting opportunity that will grow by leaps and bounds in the future. 

References

Download Now

Union of India v. Alapan Bandyopadhyay (2022) 

By
Vanshika Kapoor
-
0

This article is written by Shweta Singh. This article contains exhaustive details regarding the arguments of the parties, issues raised, and judgement delivered in this case by the Supreme Court. In addition to this, it also provides a critical analysis of the judgement, highlighting various aspects dealt with by the court.

This article has been published by Shashwat Kaushik.

Introduction

The issue regarding the jurisdiction of the High Court with regard to matters concerning administrative actions of the government is often contested, and precisely for this reason, the case of Union of India v. Alapan Bandyopadhyay (2022) (hereinafter referred to as “this case”) grabbed a lot of attention. The Supreme Court, in this case, clarified which High Court shall have jurisdiction in cases where the administrative action is contested to have been undertaken within the jurisdiction of more than one High Court. The Supreme Court, in this case, attempted to resolve the issue of the jurisdiction of the High Court, which sometimes gets complicated in cases where several applicants together, file an original application under Section 19 of the Administrative Tribunals Act, 1985 (hereinafter referred to as “the Act of 1985”) before a particular bench of the Central Administrative Tribunal (hereinafter referred to as “the tribunal”) and then challenge the transfer order, if passed under Section 25 of the Act of 1985, by the chairman of the tribunal before different High Courts based on their place of residence or cause of action.

Details of the case

Name of the case: Union of India v. Alapan Bandyopadhyay, (2022)

Name of the court: Hon’ble Supreme Court of India

Date of the judgement: January 6, 2022

Parties to the case

  • Appellant: Union of India
  • Respondent: Alapan Bandyopadhyay

Equivalent citations: 2022 LawSuit (SC) 14, (2022) 3 SCC 133

Type of the case: Civil Appeal No. 197 of 2022

Bench: Justice A. M. Khanwilkar and Justice C.T. Ravikumar

Statutes referred

  1. The Administrative Tribunals Act, 1985: Section 19(1), Section 19, Section 5(4)(a), Section 5, and Section 25.
  2. Central Administrative Tribunal (Procedure) Rules, 1987: Rule 6(2), Rule 6, Rule 4, Rule 4(5)(a), and Rule 4(5)(b).
  3. The Constitution of India: Article 226.

Facts of Union of India v. Alapan Bandyopadhyay (2022) 

The respondent in this case was an IAS officer serving as the Chief Secretary in West Bengal. His retirement was scheduled for May 31st, 2021. The state government sought an extension of his service by three additional months, which was approved by the central government through an official notification.

However, as a result of certain developments during the meeting held on May 28th, 2021, between the Prime Minister and the Chief Minister, whom the respondent also accompanied, the Central Government informed the State Government that the appointment of the respondent with the Central Government had been approved, and therefore, he was required to be released by May 31st, 2021, to join the office in New Delhi. Nevertheless, the State Government refused to release the respondent as directed by the Central Government and cancelled the notification issued earlier for extending the service period of the respondent beyond his scheduled date of retirement. Consequently, the respondent retired on May 31st, 2021.

On the date of his retirement, the respondent was issued a show cause notice by the Central Government under the National Disaster Management Act, 2005. After a few days, a major penalty was also levied on the respondent concerning the meeting held on 28th May 2021. The Petitioner reacted to these notices by raising objections about the validity and legitimacy of the Union’s actions against him. Following this, an inquiry authority was appointed, and a preliminary hearing was scheduled to take place in October 2021.

The appellant, then, later filed an original application before the Central Administrative Tribunal at Kolkata Bench. By filling out this original application, he challenged the disciplinary actions that were taken against him through the initiation of a charge sheet by the Central Government. The charges were due to his not showing up at a review meeting that was held on 28th May 2021, under the chairmanship of the Prime Minister of the country, which aimed at assessing the consequences of Cyclonic Storm ‘YAAS’. While this case was under consideration, the Union government (the appellant) filed a transfer petition under Section 25 of the Act of 1985 in which it prayed that the case might be transferred from the Kolkata Bench to the Tribunal’s Principal Bench in New Delhi.

The transfer petition was heard on 22nd October 2021, by the Tribunal’s Principal Bench in New Delhi. The respondent raised objections to the transfer petition and requested the bench permit him time to submit detailed objections, which were noted by the principal bench. However, permission was not granted by the principal bench to file objections. Instead, the bench allowed the transfer petition for two reasons. First, the bench noted that the case demanded urgent attention, and the Kolkata bench was on vacation. Second, the disciplinary proceedings against the respondent were conducted in Delhi, where the respondent was required to appear. Consequently, with the issuance of the order, the case was transferred to the principal bench and scheduled for admission on 27th October 2021.

The respondent assailed the said order passed in the transfer petition by filing the Writ petition before the High Court of Calcutta, which led to the passing of the impugned order that was challenged by the appellant in this case. The High Court of Calcutta, through its final order (impugned order), set aside the order passed by the Principal Bench of the Tribunal in New Delhi on the basis of two grounds. First, it believed the petition wasn’t just about the legality of the transfer order; it also touched on the respondent’s basic human rights of having his case heard in Kolkata, where he was living and working when the petition was filed. Secondly, the court held that the incident of the disciplinary proceedings took place in Kolkata. Therefore, most of the relevant events to the case happened in West Bengal, giving jurisdiction to the High Court.

As a result, the appellant, being aggrieved with the impugned order passed by the High Court, challenged it before the Supreme Court by way of a Special Leave Petition under Article 136 of the Constitution of India.

Issues raised

The Supreme Court, while deciding the matter brought forth by the appellant challenging the impugned order passed by the Calcutta High Court, framed the following questions of law in appeal:

  • Whether the remarks made by the High Court against the chairman of the tribunal were unnecessary, unjustified, and therefore liable to be expunged.
  • Whether the High Court of Calcutta has the jurisdiction to review the order of transfer by the chairman of the principal bench seated in New Delhi.

Arguments of the parties

Arguments presented by the appellant

The learned Solicitor General on behalf of the appellant submitted that a challenge against the order in the transfer petition passed by the principal bench of the tribunal in New Delhi could only be filed before the Delhi High Court since this tribunal falls under its jurisdiction. The appellant substantiated the contention by citing a judgement of a Constitutional Bench in the case of L. Chandra Kumar v. Union of India (1997), wherein it was stated that the power of the High Court to review the orders and judgements passed by all the courts and tribunals that come within its jurisdiction is an essential part of the basic structure of the Constitution. It was also highlighted in this case that the decisions made by the tribunals are subject to the writ jurisdiction of the High Court under Articles 226 and 227 of the Constitution of India. According to the provisions outlined under these Articles, the decisions delivered by the tribunals had to be reviewed by a division bench of the High Court within whose territorial jurisdiction the respective tribunal falls. Furthermore, the appellant contended that Section 5(7) of the Act of 1985 provides that the benches of the tribunal generally sit in New Delhi, which is considered as the principal bench along with other specified places notified by the Central Government. The reference to such a Section was used to argue that the Calcutta High Court did not have any authority to review the order passed in the transfer petition.

The learned Solicitor General, in his arguments, referred to the precedent set by the Supreme Court in the case of JK Industries Ltd. & Anr. vs. Union of India & Ors. (2007). It was strongly argued that Rule 6 of the Central Administrative Tribunal (Procedure) Rules, 1987, had been misinterpreted by the High Court in a manner that undermined the Chairman’s authority to transfer a case, which is provided in Section 25 of the Act. The foundation of this argument lies in the legal interpretation principle, which provides that the rules made under the statute cannot be inconsistent with or override the provisions of the statute itself. Thus, it was argued that, as per this interpretation, provisions contained in Rule 6 could not be interpreted as limiting the power of the chairman to transfer cases under Section 25 of the Act of 1985, as the Act of 1985 itself grants such authority.

The appellant, in addition to the above arguments, raised concerns regarding certain statements made by the High Court towards the Chairman of the Tribunal, which were considered harsh and derogatory. Consequently, the learned Solicitor General argued that these comments were uncalled for and by citing many legal precedents, emphasised the need to remove or expunge the records completely. In other words, the Solicitor General viewed these remarks as being inappropriate and therefore unsuitable to be recorded as part of an official court record, a view that complies with legal principles and previous rulings that uphold fairness and decorum in court proceedings.

Arguments presented by the respondent

Several arguments were presented by the respondents in order to contest the maintainability of the writ petition filed before the Calcutta High Court. One of the main arguments presented by the respondent was that the High Court was justified in reviewing the order passed in the transfer petition because such an authority fell within its jurisdiction. It was also contended by the respondent that the sole reliance on Rule 6 of the Procedural Rules cannot take away the power granted under Section 25 of the Act of 1985 to the chairman of the tribunal.

After assessing the facts related to the case, the respondent put forth an argument that the High Court, while reviewing the order, was well within its authority and therefore had the jurisdiction to pass an order regarding the correctness of the transfer order passed by the chairman of the tribunal. This argument was primarily based on Article 226(2) of the Constitution of India, which grants the High Court jurisdiction over territories where the cause of action arises.

Important laws discussed

Article 226 of the Constitution of India

Every individual has been provided with some basic human rights under the Constitution of India, known as fundamental rights. The state is entrusted with the duty to protect the fundamental rights of an individual. Whenever such a fundamental right is violated by the state, every individual is granted the right to apply before the Supreme Court and the High Court under Articles 32 and 226 respectively to get those rights enforced in the form of issuance of writs, orders, or any such directions. Article 226 is provided under Part V of the Constitution of India, which authorises the High Court to issue writs. The main objective behind this Article is to provide a quick and effective remedy to the aggrieved person. The authority of the High Court under Article 226 cannot be curtailed by the legislature through the enactment of legislation. The scope of authority of the High Court under Article 226 is wider than the authority of the Supreme Court under Article 32 in cases relating to administration. While the administrative action is declared final by the legislation, it can still be challenged before the High Court under Article 226 of the Constitution of India.

The High Court, under Article 226, can issue several types of writs, depending on the nature of the case. A writ can be defined as a formal written order passed by the High Court having jurisdiction on the matter directing to do or not to do the performance of a specific act. The authority to issue a writ is a discretionary power of the High Court, which means that the court may refuse to issue writs on grounds like delay, availability of another remedy, or when the issuing of the writ serves no benefit to the parties. Article 226(1) provides that the High Court has the power to issue orders or writs in the nature of habeas corpus, mandamus, prohibition, quo warranto, and certiorari against any individual or the government for the purpose of enforcing the fundamental right. As per this Article, such authority can also be exercised for enforcing other legal rights in addition to enforcing fundamental rights. Article 226(2) provides the territorial jurisdiction of the High Court for exercising such authority. As per Article 226(2), the High Court can issue writs to any person or government authority who is located within its jurisdiction. The High Court can also issue writs to any person or any public authority outside its territorial jurisdiction if the facts show that the circumstance forming part of the cause of action wholly or partially arises within its jurisdiction.

Section 25 of the Act of 1985

The provision of Section 25 of the Act of 1985 authorises the chairman of the tribunal to transfer the case from one bench to another. According to the provisions of Section 25, any party to the original application filed before any bench of the tribunal can make an independent application before the chairman of the tribunal to transfer the case pending before a bench where the original application has been filed to another bench. The chairman, after notifying the other party and hearing both sides, has the authority to pass an order for transferring the case from one bench to another. 

From the reading of this provision, it is clear that the chairman has the authority to transfer the cases from one bench to another, and such an order of transfer can also be made by the chairman in his suo moto capacity, having regard to the circumstances related to the case. Such circumstances may include the urgent disposal of the case and the availability of the parties. One of the fundamental principles enshrined in this Section is fairness and natural justice. The chairman under this Section cannot pass an order transferring the case from one bench to another without notifying the other party and affording it a fair chance of presenting its arguments against such a transfer.

Judgement in Union of India v. Alapan Bandyopadhyay (2022)

The Supreme Court arrived at the conclusion that the Calcutta High Court did not have the jurisdiction to pass the impugned judgement and final order in the writ petition filed by the respondent. Consequently, the Supreme Court held the judgement to be invalid from the beginning and nullified it. Accordingly, the writ petition filed before the Calcutta High Court was rejected by the Apex Court. However, the Supreme Court clarified that the respondent had the freedom to challenge the impugned judgement before the High Court, having jurisdiction, if they were advised to do so.

The Supreme Court further clarified that it did not make any comment with regard to the correctness or legality of the decision passed in the transfer petition by the chairman of the principal bench of the tribunal in New Delhi. The court reiterated that the writ petition filed subsequently in relation to this matter would be considered independently, on its merits, and in full compliance with the law.

Issue-wise judgement of the case

Whether the remarks made by the High Court against the chairman of the tribunal were unnecessary, unjustified, and therefore liable to be expunged?

The Supreme Court, while considering the claims of the appellant regarding the harsh and derogatory statements against the chairman of the tribunal, recognised the findings of the High Court that the transfer petition was handled with undue urgency, thereby leading to the making of strict observations and remarks by the High Court towards the principal bench of the tribunal. However, the Apex Court further pointed out that, upon reviewing the documents on record, the impugned judgement in the writ petition filed before the Calcutta High Court was also passed at nearly the same pace. While deciding the matter, the Supreme Court referred to the case of Kashi Nath Roy v. State of Bihar (1996). In this case, it has been highlighted that the courts having appellate and revisional jurisdiction are established with the presupposition that the lower courts may commit an error in deciding a case, both on facts and also on law, and they are tasked with correcting a lower court on such errors. The Supreme Court highlighted that the judicial process is undertaken by humans and not by mechanics, and therefore committing errors is sometimes inevitable even if the utmost efforts have been made to adhere to precedent and exercise discretion judiciously.

The Supreme Court in this case further emphasised that whenever a High Court points out or detects any intolerable error in the order passed by the lower court, it becomes the duty of that High Court to resolve such error. However, the rectification of such an error should be done while maintaining the dignity of the court and the independence of the judiciary, and the court should never resort to the practice of delivering rebukes and harsh criticism while rectifying the errors. The Apex Court further noted that the High Court, in exercising its appellate and revisional functions, must convey its message in a persuasive, reasonable, and just manner targeted at rectifying the error and fulfilling the desired result. The bench, in this case, highlighted that criticising the subordinate judge for making a mistake should not be a general practice except if there are certain exceptional circumstances or situations that permit such condemnation by the higher court of the lower court.

The Supreme Court, after relying on the observations made in the aforementioned case and accessing the facts and circumstances surrounding this case, concluded that there was no existence of exceptional grounds to justify the harsh and derogatory remarks and observations made by the High Court against the principal bench of the tribunal. The Apex Court pointed out that the order in the transfer petition had, in fact, been passed by the chairman of the tribunal in response to the formal application filed by the applicant and after hearing both parties to the case. According to the law, as contained under Section 25 of the Act of 1985, the chairman also has the authority to pass a transfer order in its suo moto capacity. Therefore, all the remarks and observations directed at the chairman of the Tribunal were without any basis. The court, in the interest of maintaining the integrity of the judicial process, held that the statements made against the chairman of the tribunal by the Calcutta High Court were unreasonable, unjustified, and could have been avoided as they were based on unfounded assumptions. As a result, the court strongly held that these statements were unwarranted in considering the correctness of the transfer order, and for this reason, they are liable to be removed from the court’s record.

Whether the Calcutta High Court had the jurisdiction to review the order of transfer by the chairman of the principal bench seated in New Delhi?

The Supreme Court decided upon this issue by taking reference to the observation made in the case of L. Chandra Kumar. In this case, the court observed that a division bench of the High Court has the authority to review the decisions made by the tribunal, which are located within the jurisdiction of the respective High Court. By referring to this observation, the Supreme Court clarified that tribunals also include those that pass an order in the case of a transfer petition, and therefore, only that High Court within whose jurisdiction the tribunal that has passed a transfer order would be legally entitled to review such an order by way of a writ petition.

In view of the aforementioned observation and explanation, the Supreme Court concluded that where it was found out by the High Court that the impugned order had been passed by the principal bench in New Delhi, the Calcutta High Court lost its authority, and hence its interference with the transfer order passed by the principal bench was unnecessary.

The court, in its decision, further emphasised that the bench hearing the matter in this present case, being of lower strength, was bound by the decision of the Constitution bench in the case of L. Chandra Kumar case. It stated that the benches of lower strength in the Supreme Court and the High Court did not have the authority to decide upon the territorial jurisdiction under Article 226(2) of the Constitution of India when it had already been decided by the larger bench because doing so would require reviewing the law established by a Constitution bench. The court opinionated that adopting a different view would lead to indefinite and multiple filings of the cases relating to the issue of jurisdiction whenever a decision passed under Section 25 of the 1985 Act would be challenged.

The court further stated that different interpretations would lead to a complex situation wherein several parties aggrieved by a single order of the tribunal may challenge such a decision before different High Courts on the basis of their residence. Therefore, given the above-mentioned observations, the Supreme Court held that a different interpretation would result in great difficulties with regard to cases that involve several parties who are aggrieved by the transfer order passed by the principal bench in New Delhi. All these aggrieved parties would challenge the validity of the transfer order in different High Courts, thereby giving rise to multiple cases being filed for the same order.

Critical analysis of the judgement

The judgement in this case has been passed by the Supreme Court, relying extensively on the L. Chandra Kumar case. However, the observation upon which the court has made its decision regarding the issue at hand cannot be considered a ratio decidendi in the present case. In addition to this, the facts and the question of law that were present for the consideration of the court in the L. Chandra Kumar case were also completely different from the present case. In the case of L. Chandra Kumar, the issue before the Supreme Court was to determine the effect of Articles 323-A(2)(d) and 323-B(3)(d) of the Constitution of India on the powers of the High Court under Articles 226 and 227 of the Constitution of India. It is important to note that in the case of Union of India v. Dhanwati Devi (1996), it has been observed that in order to assess the binding authority of a particular judgement, it becomes essential to understand what were the facts upon which the decision was given and what was the question of law that required to be decided. It was emphasised that a judgement can never be interpreted as a statute, and therefore every word or sentence within the judgement cannot be considered a complete explanation of the law. The law cannot be considered static, and therefore, while applying precedent to the current issue at hand, the judges must always employ a thoughtful approach by ascertaining the facts and questions of the law on which the decision was made. It is therefore important to note that, given the above observation, the interpretation of Article 226 of the Constitution of India was not the main issue of consideration for the court in the L. Chandra Kumar case, and for this reason, any interpretation with regard to Article 226(2) can only be considered as obiter dicta. In short, the Supreme Court in the present case had committed a mistake in applying the observation made by the court in the L. Chandra Kumar case and therefore, through its decision, limited the extent of Article 226 of the Constitution of India.

Conclusion

The present case plays a significant role in highlighting the review jurisdiction of the High Court. All the decisions made by the lower courts and tribunals are subject to the review jurisdiction of the High Court under which the respective court or tribunal falls. The judgement in this case might have erred in placing its reliance on the judgement, which was completely different with regard to facts and the question of law from the present case; however, it aptly upheld the authority granted to the High Court under Article 226 of the Constitution of India. 

Frequently Asked Questions (FAQs)

What was the main issue in this case?

The main issue before the Supreme Court in this case was with regard to the jurisdiction of the High Court of Kolkata in reviewing the transfer order passed by the chairman of the principal bench of the tribunal in New Delhi.

What is the scope of Article 226 of the Indian Constitution?

Under Article 226, the High Court is empowered to issue orders or writs for the enforcement of the fundamental rights and other legal rights of an individual. Such power to issue writs is discretionary in nature and can be refused on the grounds of the existence of an alternative and effective remedy.

References

Download Now
1...9899100...1,852Page 99 of 1,852
© Copyright 2016, All Rights Reserved. | Powered by iPleaders
logo
FREE & ONLINE 3-Day Bootcamp (LIVE only) on

How Can Experienced Professionals Become Independent Directors

calender
28th, 29th Mar, 2026, 2 - 5pm (IST) &
30th Mar, 2026, 7 - 10pm (IST).
Bootcamp starting in
Days
HRS
MIN
SEC
Abhyuday AgarwalCOO & CO-Founder, LawSikho

Register now

Abhyuday AgarwalCOO & CO-Founder, LawSikho