The “New Reasonable Security Practice” under Section 43A of ITA 2000 is PDPA 2018 draft bill

Posted on November 19, 2019 by 98410spice

Blood pressure is raising for some activists who have been opposing the present draft of the Personal Data Protection Act 2018 (PDPA 2018)  with the news that the Government has stuck to its commitment by re-presenting the Bill as recommended by the Justice Srikrishna Committee.

This was first presented on July 27, 2018 but since the Parliament was dissolved, it needs to be re-presented again.

In the meantime public comments were obtained by the MeitY and also some select discussions were held with some key stake holders. The revised version could be presented now. It is unlikely that it will be significantly different from the earlier version but officially, it will be a new version which will go into debate in the Parliament.

The main opposition was from the industry which opposed the Data Localization provisions. But the Government has re-iterated its “Data Sovereignty” principle and may not deviate much from the original draft. Without waiting for the next move of the Government, some activists are already raising their voices in opposition of the Bill which is grossly unfair.

We urge all professionals to wait for the final bill to be placed before the parliament before making any further comments.

However,

Where as, we already have Information Technology Act 2000 (ITA 2000/8) in place

Where as ITA 2000 has defined  the concept of “Due Diligence” and “Reasonable Security Practices”

Whereas the intention of the Government to replace Section 43A with PDPA 2018 (or a modified version) has already  been indicated

it may be considered that the current draft bill will be a “Due Diligence” requirement under Section 43A as part of the Reasonable Security Practice.

Hence PDPA 2018  may be considered as being already in place and responsible companies cannot deny the fact that PDPA 2018 is the “New Reasonable Security Practice under Section 43A of ITA 2000).

Naavi

Analysis of the draft bill by PRSindia

 

 

A Brief introduction on PDPA:

https://www.facebook.com/groups/1004611326222954/permalink/3039087706108629/

Posted in Cyber Law | Leave a comment

Cyber Appeals with TDSAT not affected by the Supreme Court judgement

Posted on November 14, 2019 by 98410spice

The recent judgement of the Supreme Court Rojer Mathew Vs South Indian Bank Ltd & ors Civil Appeal No 8588 of 2019 dated November 13, 2019 has raised a doubt in some circles as to whether TDSAT continues to be the Cyber Appellate Authority.

Initial views expressed in this regard that “TDSAT is no longer Appellate Body to Adjudication Officer instead of CyAT” appears to be not supported by the judgement.

Copy of the judgement

The judgement requires a deeper analysis and contains discussion of many issues. It actually highlights the importance of Tribunals and their role in good justice delivery.

Parts of the judgement cover discussion on Section 184 of the Finance Act 2017 insofar as it delegates the powers to lay down the qualifications of Chairperson etc of Tribunals mentioned in the eight schedule. This schedule covered 19 tribunals but not the Cyber Appellate Tribunal.

It was under the Ninth Schedule of the Finance Act 2018 that the Cyber Appellate Tribunal was merged with the TDSAT which had already been formed and regulated under the TRAI Act.

The striking down of the “The Tribunal, Appellate Tribunal and other Authorities (Qualifications, Experience and other Conditions of Service of Members) Rules, 2017 ” does not affect CyAT or TDSAT.

Hence at present I hold the view that this judgement does not affect the functioning of TDSAT regarding Appeals arising from the Adjudicating officers.

The judgement is being studied in detail and if necessary, further clarifications will be posted here.

Counter views are welcome.

Naavi

Posted in Cyber Law | Leave a comment

An online Discussion on PDPA

Posted on November 13, 2019 by 98410spice

Here is a copy of an online discussion on PDPA held at the office of Dakshlegal on 12th instant. It was an impromptu discussion.

A link to the entire discussion is available here:

https://www.facebook.com/groups/1004611326222954/permalink/3039087706108629/

Naavi

Posted in Cyber Law | Leave a comment

Twitter poses a question to the Advertising Industry

Posted on November 10, 2019 by 98410spice

Article in India Legal: Nov 18 issue

Naavi

Posted in Cyber Law | Leave a comment

ICICI Bank ordered to pay Ra 43 lakhs to a victim of fraud

Posted on November 8, 2019 by 98410spice

The Adjudicating officer of Telengana on 30th September 2019 awarded compensation to a victim of a fraud in ICICI Bank. The total amount which the customer (an NRI) had lost was Rs 43,07,525/-. The Bank had alleged that this was a Phishing case and hence the Bank is not liable.

However, the adjudicator considered that the Bank was negligent under Section 43 and 43A of ITA 2000 and hence liable to pay back the amount lost along with a further compensation of Rs 5,00,000/- towards mental agony, Rs 50000/- towards expenses and 9% interest from the date of loss.

The Copy of the judgement is available here

Along with other cases from TDSAT, this is yet another case where the Bank was being held liable for the fraud.

Naavi

 

Posted in Cyber Law | 2 Comments

Ramdev Case…A Balancing Act

Posted on November 3, 2019 by 98410spice

Published in India Legal dated 12th November 2019. PDF version of the article is available here:

 

Naavi

Posted in Cyber Law | Leave a comment