Section 43A of ITA 2000 had imposed “Reasonable Security Practices” on any organization handling “Sensitive Personal Data”. Simultaneously Section 43 created a civil liability for unauthorized “Diminishing of the value of information inside a computer resource”, or “Unauthorized access, modification or denial of service” etc. along with invoking Section 66 if there was malicious intention.
With the impending notification of DPDPA, Section 43A will be replaced by the new law with 44 sections. Simultaneously, the Reasonable Security practices under the notification of 11th April 2011 will be replaced by Sections 4-10 of Chapter II read along with rest of the 37 sections.
This means that DPDPA is not a new law. It is an extension of ITA 2000. Currently while we wait for the rules to be notified, DPDPA is the “Legislative Intention” and therefore “Due Diligence” and “Reasonable Security” under ITA 2000.
Any violation of DPDPA therefore can be considered as a violation of ITA 2000 and civil and criminal proceedings can be raised under ITA 2000.
This interpretation applies even to the powers of the Government as per ITA 2000 and DPDPA which is critical to determine the legal and constitutional validity of the Karnataka caste Survey undertaken by the Government which is under the scrutiny of the High Court.
It is not clear if the advocates challenging the survey have raised the deliberate violation of the proposed DPDPA (or Section 43A of ITA 2000) have raised this issue nor the High Court will Suo moto consider this impending law.
The hurry with which the Karnataka Government indicates a malicious design to push through the survey before MeitY releases the notification. However, the DPDPA being an extension of ITA 2000 means that the notification is subject to the “Powers of the State Government” under Section 90 ITA 2000. While I leave it to the eminent advocates representing the casein the Court to develop a detailed argument, I urge the High Court not to rush with its judgement without giving an opportunity to the general public to implead and represent their case.
I therefore request the Court to order a stay on the survey and invite objections to be filed by the public who may not be today represented by the advocates challenging the case now.
If not, High Court should entertain an immediate review petition based on the powers of the Government under the two acts ITA 2000 and DPDPA since the data is meant to be digitized and used.
The powers of the State Government under ITA 2000 are restricted to implementation of the provisions of ITA 2000 and not to initiate processing of sensitive personal data outside the objectives of ITA 2000. Under DPDPA, the State Government or any of the instrumentalities of the Government require a “Notification” to claim exemption of consent. In the absence of appropriate powers, the collection and processing of sensitive personal data that too of those who are not beneficiaries of the schemes of the Backward Class Commission is ultra-vires the two Acts. It amounts to “Unauthorized” “Access” to “Information” and equal to “Hacking”.
The Backward class commission, its executives and the enumerators will be liable under Section 66 of ITA 2000 for forcefully collecting sensitive personal information meant to be digitized and analysed.
This has to be brought to the notice of the High Court before it takes a decision today.
Naavi
