Right to Privacy has been declared by the Supreme Court of India as a fundamental right in the case of Puttuswamy v Union of India. Matters of privacy are of utmost significance where even the state can be held liable for its infringement, in such a case it is implied that every person, organization or a corporate body is also expected to respect the privacy of one another. This privacy is not very different from that of the digital environment. Privacy in the digital environment is in terms of the unique identification features of a person and much more. The extensive use of social media platforms, e-commerce platforms, etc. necessitated the emergence of cyber law to govern the activities performed in the digital environment.
Information Technology Act, 2000:
A legislation to govern e-commerce was drafted by the Indian Parliament in order to give effect to the UNCITRAL Model Law on Electronic Commerce adopted by the General Assembly of the United Nations on 30th January 1997. This legislation was termed as the Information Technology Act, 2000. Through various amendments over the years, the Act has become a paramount piece of legislation governing cyber-crimes and regulating the IT Industry.
The Act provides legal recognition to various transactions via electronic communication devices and also lists out the various liabilities, exemptions and duties of the intermediaries, cyber cafes, or any corporate body which has to comply with such provisions. It requires the service providers to upgrade and maintain their services in order to facilitate the efficient delivery of such services. It also requires companies to take necessary measures to protect the privacy of its service users.
Applicability of the Act:
The Act is applicable to persons within India, and persons outside if they are acting in contravention to the Act. This includes Intermediaries, cyber cafes, or companies dealing with providing services on the digital environment. It is largely applicable to the IT industry. According to Section 75 of the Act, a company which is located outside India but has a computer, computer system or computer network located in India can be held liable in case of failure to comply with the provisions of the Act. Even if a company is not based in India, it can be held liable as long as it’s functioning through its systems/networks which are located in India.
Significance of Compliance:
Compliance with the laws of the land in force is extremely important for a company to ensure that they are functioning their day to day activities in a lawful manner. Failure to do so results in unwanted lawsuits, expenses, and consumption of valuable time and energy. It is the duty of every company to stay up to date with the various amendments, regulations, and rules, this is where the need for compliance arises. For companies in the IT industry acting as intermediaries, cyber cafes, service providers, etc. compliance with the Information Technology Act is necessary in order to function. The Act regulates and guides such companies in order to ensure the best delivery of services to the consumers. The Government is empowered to make rules to govern the implementation of the provisions of the Act. The companies have to abide by such rules. They have to take the necessary steps in order to ensure the protection of the privacy of its users, know their liabilities and duties towards the government as well as the consumers. It is their duty to ensure that various privacy policies, terms, and conditions are in place before they deliver such services.
Failure to comply with such requirements will result in various penalties and offenses which are enumerated in the Act. Punishment varies from imprisonment to fines, or both which depends on the discretion of the court. According to Section 85, every person of the company who was in charge of or was responsible to the company during the commission of any offense under this Act shall be held guilty of commission of such offense and punished accordingly, as long as such a person can prove that it was committed without his knowledge or exercised due diligence to prevent it from happening.
Other such compliances are present in the Act which guide the functioning of the IT industry in India as well as outside and continuous amendments as well rules are added to the existing provisions of the Act. It is in such cases that the need for a Compliance Management system arises in order to keep the company running lawfully without unnecessary expenses of time and resources.