With a population of more than 135 crores, India is one of the most populated countries in the world. The more the number of people, more will be the number of consumers. But with a lot of consumers, the issue of the privacy of these consumers comes into the picture. We are living in the world of technology and technical advancements with all the advanced features, there is higher chance of our personal information getting affected and hampering our privacy. The paper starts with explaining what privacy with respect to consumers is and analyses the different laws that govern the present issue and the paper concludes with giving suggestions for a specific legislation for stricter compliance.
According to the recently implemented Consumer Protection Act of 2019, a consumer is broadly defined as a person who buys a good or avails a service for a consideration. But the issue of privacy does not relate to the consumer purchasing a pack of biscuits and it is only in situations where in order to be a part of the transaction the consumer has to give certain information and personal details. For example, the information that the hospitals, telecom companies and even the government collect includes personal and sensitive information. The information is generally stored in a database and is used for research purposes.
The problem does not lie with the companies using the data for their own use and with strict privacy standards. The issue begins when the customer data is used for illegal purposes like data mining and putting up the entire database for sale on the black market. Therefore, from the perspective of the individual, consumer privacy is concerned with the safe storage of the personal and sensitive details and making use of the information for legitimate uses. India presently does not have any express legislation dealing with data privacy but at the same time we have a variety of legislations dealing with the issue in hand.
Consumer Protection Act, 2019
The Act was passed with the objective to protect the interests of the consumer and to ensure that their rights are not violated in the hands of sellers. The act gives a very wide definition to ‘unfair trade practices’ and provides sufficient safeguard to the consumer. Though the issue of Consumer Privacy has not been expressly dealt by the Act, experts are of the opinion that as the act makes it an ‘unfair practice’ if the good sold to the consumer turns out to be different to what was promised by the seller/manufacturer. On the similar lines, if the company has agreed to keep the data that is collected safe and fails to do, the same can be brought under the ambit and action can be taken accordingly. Another group is of the opinion that the Consumer Protection Act does not deal with privacy and only deals with the any deficiency or defects with regards to the goods and services purchased and that a complaint made regarding consumer privacy shall not be maintainable.
The courts have time and again recognized the tort of confidentiality, that there might exist situations where the confidentiality shall be maintained with respect to the information provided under the contract. These relationships include professional relations, matrimonial relations and relationship arising out of a certain contract. But at the same time, the tort of confidentiality can be overridden by a higher legal duty which includes to inform the conferenced authorities if the information given mentions of a legal violation.
In the case of Diljeet Titus v. Mr. Alfred Adebare, the law firm filed a lawsuit against one of the lawyers accusing him of taking important confidential business information along with client lists and drafts of various contracts. It was argued by the Advocate that he was the owner of the drafts as they were prepared by him at the time he was employed in the firm. The Delhi High court opined against the lawyer and held that the law firm had the right on the information and further prevented the lawyer to use the information. In this way the privacy of the clients of the law firm was upheld by the Hon’ble Court.
Indian Contract Act, 1872
The legislation regulates the formal contracts in India. The Act gives the essential elements of a valid contract, the rights and duties of the parties along with the penalties if a party fails to perform its obligation under the contract.
The Indian Contract Act does not expressly provide for an agreement through which the rights of the parties involved have to protected. If the company has agreed to protect the information of the individual and the same is in writing in the form of a contract and if the information is found to be not protected by the company, it makes the company liable under breach of contract. If the mistake of the company is established and the promise to protect the data was explicit the company shall be liable for damages.
Certain professions require certain confidential information being shared by the consumer which shall not be shared to any third party without the consent of the consumer.
For Advocates, rules have been framed under the Advocates Act, 1961 which set out the code of conduct to be followed by the Advocates. The information received by the Advocate is protected by the Attorney-Client Privilege and the obligation of confidentiality continues even after the relationship has ended. Any complaint of professional misconduct is heard by the disciplinary committee constituted under Section 36B of the act and the committee has the authority to even suspend the license of the advocate in case the misconduct is proved.
For Doctors and Medical Practitioners, the Indian Medical (Professional Conduct, Etiquette and Ethics) Regulations, 2002 contains the ethical injunctions and the calls for disciplinary action in case of any breach. Several rules revolve around medical privacy where the doctor shall not be allowed to share the information regarding the patient and medical ailments.
The Banking & Telecom Industry also takes proper care to maintain their consumer data. The concerned authorities, Reserve Bank of India (RBI) and the Telephone Regulatory Authority of India (TRAI) have issued regulations to ensure the data of the consumers is safe and that no information is divulged to any third parties.
Information Technology Act, 2000
The IT Act of 2000 deals with the issues that relate to the payment of damages as compensation and punishment in case there is wrongful disclosure leading to a violation of the contractual terms in respect of personal data.
Under Section 43A of the Act, if a body corporate who is possessing, dealing or handling any sensitive information or personal data and if it is found that the body was negligent in maintaining reasonable security mechanism resulting in wrongful loss or wrongful gain to any person, the corporate body shall be liable to pay damages to the person affected.
Section 72A of the Act mandates that if the information is released without the consent of the person, the offence shall be punishable with imprisonment for a term which may extend upto 3 years and a fine extending to Rs. 5,00,000.
In the case of Rajinder Nagar Post Office v. Ashok Kriplani, the postmaster was accused of not delivering a letter, opening the letter and reading the contents and then returning it in torn condition. It was established that the act of opening the letter without due permission was a deficiency of service and a violation of the privacy and the same was charged under the Consumer Protection Act and a Rs 1000 compensation was awarded towards mental agony and harassment.
In the case of K Puttaswamy (Retd.) & Anr. v. Union of India and Ors., the landmark judgment was delivered by the constitutional bench which held that Right to Privacy was a fundamental right, subject to reasonable restrictions.
Consumer Privacy is an issue which is not discussed enough. The importance of the personal and sensitive information being safe and protected is underrated and India has not been paying the required attention to this very important issue. Though with Personal Data Protection Bill of 2019 and with the judicial decisions importance of privacy in one’s life has been realized and the risks involved if the sensitive information falls into the wrong hands. Therefore, extra efforts need to be made by everyone. The consumer first of all has to make sure that the person does share his/her data with only the right person or corporate body. Next, the corporate body collecting the information also needs to ensure that the collected data is kept safe and protected. Towards the end, the government needs to come up with ways to ensure privacy and to punish the violators in the right way.
Frequently Asked Questions (FAQs)
- What is meant by Consumer Privacy?
- Who is to ensure Consumer Privacy?
- Which Act mentions and protects Consumer Privacy?
- What is the remedy available for violation of Consumer Privacy?
Diljeet Titus v. Mr. Alfred Adebare, 2006(130) DLT 330.
Rajinder Nagar Post Office v. Ashok Kriplani, 2010(1) C.P.J 310
K Puttaswamy (Retd.) & Anr. v. Union of India and Ors., (2017) 10 SCC 1