Compliances, Tech Companies would have to incorporate, in the near future in their Global Privacy Practices following the guidelines under the proposed Indian Data Protection Act

The Data Protection Bill, 2021 (“Bill”) was introduced in Lok Sabha by the Minister of Electronics and Information Technology in December, 2019, which was tabled before the Joint Parliamentary Committee.  The Bill seeks to provide for protection of personal data of individuals. The Bill governs the processing of personal data pertaining to characteristics, traits or attributes of identity, which can be used to identify an individual. The Bill provides that processing of data will be subject to certain purpose, collection and storage limitations, and further provides several measures and steps that shall have to be taken by technology companies to ensure protection of personal data of users. The following are few compliances that technology companies would have to incorporate in terms of the Bill as well as the report submitted by the Joint Parliamentary Committee.

Processing and Retention of personal data

a. Protection of data of the employee:

The Bill provides greater protection to employees and their personal data that is processed by their employer. The Bill creates an additional safeguard, requiring the employer to show that the processing is not only necessary but can be reasonably expected by the data principal/employee

b. Consideration before processing personal data for other reasonable purposes:

The non-consent based processing of personal data of the data principal for other reasonable purposes must be proceeded only after giving due consideration to the following factors that includes but is not limited to: (i) the legitimate interest of the data fiduciary in processing for that purpose; (ii) whether it is practicable for the data fiduciary to obtain the consent of the data principal; (iii) the degree of any adverse effect of the processing activity on the rights of the data principal.

Transparency and accountability measures:

The Bill recommends that data fiduciaries in the interest of transparency, (i) provide information in relation to ensuring fairness of the algorithm or method used for processing of personal data and (ii) submit their privacy by design policy to be certified by the Data Protection Authority, as envisaged under the Act.

Disclosure of data quality

Data fiduciary to notify the individual or entity, including a data fiduciary or processor, to whom personal data has been disclosed, if such data disclosed is incomplete, inaccurate, misleading or not updated.

*Data fiduciary is an entity or individual who decides the means and purpose of processing personal data

Storage of data

The Bill recommends that sensitive and critical personal data be stored within India and be transferred outside the country only if it satisfies certain conditions.

Reporting data breaches Data breaches shall have to be reported “as soon as possible” but within 72 hours from when the data fiduciary becomes aware about the breach. The information is to be reported to the Data Protection Authority. Further the data fiduciaries are obligated to take urgent measures, and not just appropriate remedial actions, to remedy the data breach and mitigate the harm caused to data principals because of such an event.

CHATBOTS, PRIVACY AND DATA: INDIAN PERSPECTIVE

It is a widely appreciated and accepted concept that customer is king, and following this concept, solving customers’ problems and queries is an essential part of every business. A customer expects flexible engagement and fast resolution(s), and to resolve this, technology companies are developing AI based powerful chatbots. A chatbot is a software based on artificial intelligence that stimulates a text based online chat conversation, similar to messaging.

With the advent of this flexible and easy engagement software, that uses data provided by the customer, the concern for such data collection, usage, storage and transmission also arises. In the following paragraphs we will analyze, in brief, the rules and regulations that technology companies which provide and/or utilize chatbot services will have to adhere.

1. Incorporate Chatbot data collection, usage, transmission, possession in Privacy Policy

Section 43A of the Information Technology Act, 2000 read with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 requires every body corporate and/or individual in India, which collects, receives, possesses, stores, transmits, processes or can associate pretty much any other verb with ‘personal information’ directly under a contractual obligation with the provider of information, to have a privacy policy clearly displayed on their website or medium of usage. Apart from above several other international laws, such as Australian Privacy Act, 1988, the UK Data Protection Act, 1998, General Data Protection Regulations of the European Union, California Consumer Privacy Act specifically California’s Bot Disclosure Law (California Business and Professions Code § 17940) etc., also provide from similar obligations of displaying privacy policy.

Majority of technology companies, intermediaries, websites etc. (technology companies) in terms of the above mentioned provide a detailed privacy policy, elucidating the kind of data that is collected by them, the wat in which it shall be used and whether or not it shall further be transmitted to third party(ies).

It becomes essential for technology companies to incorporate within their privacy policy, the data that the Chatbot shall collect. Further the privacy policy shall have to incorporate how the data collected shall be utilized, processed, transmitted to a third party and whether or not it shall be stored. If, the Chatbot service it sourced through another third party, then the privacy policy shall include the details in which the third party provider shall process and utilize the data provided by the user and whether cookies shall be stored on the user’s machine.

2. Incorporate safeguards in terms and conditions of use

There could be an instance wherein the Chatbot could provide an incorrect information to the user which would lead to the user making a decision based on the information provided. Such decision made on wrongful information could lead to financial losses and or any other damage(s), which increases the chances of potential litigation. The technology company could thus incorporate clause(s) in its terms and conditions of use that could eventually safeguard its interest in the given circumstances.

3. Ensuring the Chatbot does not infringe or violate any law

The Chatbot, being a software driven by artificial intelligence, must be programmed in such a way that it does not violate any law of the land. Any communication conducted by the Chatbot based on the information fed to it shall be a civil communication and should neither be obscene, invasive of another’s privacy, libelous, harmful to children nor contain software virus or any other computer code designed to cause damage.

4. Compliance of the proposed Personal Data Protection Laws of India

The Personal Data Protection Bill, 2019 was introduced in Lok Sabha by the Minister of Electronics and Information Technology in December, 2019. The Bill seeks to provide for protection of personal data of individuals. The Bill governs the processing of personal data pertaining to characteristics, traits or attributes of identity, which can be used to identify an individual. The Bill provides that processing of data will be subject to certain purpose, collection and storage limitations, and further provides several measures and steps that shall have to be taken by technology companies to ensure protection of personal data of users.

The liability, reputational risk and accountability that is connected with the use of Chatbot(s) should be minimized by technology companies by keeping, amongst others, the above mentioned in mind while engaging with a user through AI.

When the State empowers its women

Justice delayed is justice denied. A minor victim of rape sought termination of pregnancy within time but the matter was unnecessarily delayed due to red-tapism and systemic indifference. This delay frustrated the victims’ right to terminate the pregnancy. The State in its capacity as a protector of the rights of its women endeavored to protect the fundamental rights of possible victims by approaching the High Court and seeking its indulgence in securing the rights of women.

A woman’s right to privacy, dignity and bodily integrity including reproductive choice is a fundamental right enshrined Article 21 of the Constitution. The bench comprising of Justice Mehta and Justice Bhati of the Rajasthan High Court have upheld these rights and have prescribed guidelines to be followed in situations where rape victim seeks medical termination of pregnancy.

The High Court condemning the delays has laid down progressive guidelines that limit police intervention, apprise victim about her rights and make disposal of application for termination time bound.

In order to sensitize the victim about her rights and laws the High Court directs that a Medical Office or station house officer of the concerned police station shall forward a report to the Secretary of the District Legal Service Authority who shall immediately along with a woman counselor approach the victim and sensitize her and her guardians about the MTP Act. Such sensitization shall enable the victim to make an informed decision about her actions or inactions about the termination.

If the woman chooses to opt for termination within the stipulated time of 20 weeks of her pregnancy as provided under the MTP Act, the High Court has directed that the concerned court shall dispose of the application within three dates from such filing. Time bound disposal of the application will ensure that the termination remains uncomplicated, inexpensive and the victims’ health is not at risk.

Lastly the High Court directed that the identity of the victim shall be protected by all those involved in helping the victim and also directed the State to frame suitable guidelines.

The judiciary has been the bastion of hope and has continuously been securing women’s position in the society and their fundamental rights and with these guidelines has once again secured the same.

Interim measure under the Arbitration Act in the time of COVID-19

The year 2020 began with the world economies coming to a standstill vis-à- Coronavirus aka. COVID-19.  With lockdown being put in place the country has come to a standstill. The State borders have been shut, commercial transportation is hit, goods neither moving in nor moving out, unless they are on the essential commodities list. Such abrupt halt in transportation and other crucial ancillary services for businesses to thrive are leading to business contracts being unenforceable on account of frustration.

One of the key elements and a standard clause in a contract is a “Force Majeure” clause. Force Majeure means unforeseeable circumstances that prevent someone from fulfilling a contract. As a clause it is usually a provision in a contract that exempts a party from performing his contractual obligations which have become impossible or impracticable due to an event or effect which the parties could not have foreseen or controlled.

Force Majeure is not defined under the Indian Contract Act, 1872, but Sections 32 and 56 of the Indian Contract Act, 1872 (“the Act”) play an important role when such a situation arises. Section 31 of the Act defines a contingent contract. A contingent contract is a contract to do or not to do something, if some event, collateral to such contract does or does not happen. Section 32 of the Act provides that contingent contracts to do or not to do anything of an uncertain future event happen cannot be enforced by law unless and until that event has happened. For any contingent contract to be contingent, the event has to occur before fulfillment of the conditions of the performance of the contract.

The second relevant provision is Section 56 of the Act. Section 56 provides that any act which was to be performed after the contract is made becomes unlawful or impossible to perform, and which the promisor could not prevent, then such an act which becomes impossible or unlawful will become void, this is also called the doctrine of frustration. In simpler words, the section would apply, either if the object of the contract has become impossible to perform or an event has occurred making the performance of the contract to be impossible beyond the Control of promisor.

Keeping the abovementioned situation and the principles in mind, we will analyses the interim order dated 08.04.2020 passed by the Hon’ble High Court Judicature at Bombay in the matter of Standard Retail Pvt. Ltd. vs M/s G.S. Global Corp & Ors. (COMMERCIAL ARBITRATION PETITION (L) NO. 404 OF 2020).

Petitioner sought directions restraining the Respondent–Bank from negotiating/ encashing the Letters of Credit in a petition filed under section 9 of the Arbitration and Conciliation Act. The Petitioner set out a case that in the tumultuous time of COVID-19 pandemic and the lockdown declared by the Central/State Governments, the Petitioners’ contracts with Respondent were terminated as unenforceable on account of frustration, impossibility and impracticability. The Respondent submitted that it had complied with its obligations and performed its part of the contracts and the goods have been already shipped from South

Korea. The fact that the Petitioner would not be able to perform its obligations so far as its own purchasers are concerned and/or it would suffer damages, is not a factor which can be considered and held against the Respondent.

After hearing both the sides, the Court declined to award any interim relief to the Petitioner. The court observed

  1. that the Letters of Credit are an independent transaction with the Bank and the Bank is not concerned with underlying disputes between buyer and the seller;
  2. that the Government notifications and advisories suggest that the distribution of steel has been declared as an essential service and there are no restrictions on its movement and all ports and port related activities including the movement of vehicles and manpower, operations of Container Freight Station and warehouses and offices of Custom Houses Agents have also been declared as essential services;
  3. lastly and most importantly, that the lockdown would be for a limited period and the lockdown cannot come to the rescue of the Petitioners so as to resile from its contractual obligations with the Respondent No. 1 of making payments.

The Hon’ble Court has efficiently analyzed the facts in hand, have then distinguished it from the land mark judgments on Force Majeure, Energy Watchdog Verus CERC (2017) 14 SCC 80 and Satyabrata Ghose Versus Mugneeram Bangure & Co. (1954) SCR 310, and have clearly held that the Petitioner could not abandon its obligation under the Contract blaming the Covid-19 lockdown, as the subject matter fell within the essential goods list thus not hampering its movement. Further the court did not fritter its effort in realizing that the Petitioner could go back to business as soon as the lockdown, which is for a limited period, is lifted.

Based on aforementioned it can be clearly made out that interim measures in the time of Covid-19 or in any other pandemic would be based on Government notifications and advisories for that period and whether or not the same would frustrate the completion of the contract.

SpicyIP

Advocate

Law and Other Things

A Blog About India's Laws and Legal System, its Courts, and its Constitution

SCC Blog

Bringing you the Best Analytical Legal News

the PRS Blog

The official blogsite of PRS Legislative Research