An ISO 9001:2015 Certified Firm
An ISO 9001:2015 Certified Firm
Privacy law is crucial in the digital age as it safeguards individuals’ personal data, ensuring their right to privacy and autonomy. It sets the legal framework for how personal data is collected, stored, processed, and shared, providing protection against unauthorized access and misuse. Privacy laws help build trust between individuals and entities by promoting transparency and accountability in data handling practices. They also empower individuals by granting them rights over their personal data, such as the right to access, correct, and delete their information. Effective privacy laws are essential for protecting sensitive information, preventing identity theft, and ensuring compliance with international data protection standards, thereby contributing to the overall security and well-being of society.
The evolution of privacy law in India has been marked by significant milestones, beginning with the recognition of privacy as a fundamental right. The landmark Supreme Court judgment in Justice K.S. Puttaswamy (Retd.) v. Union of India in 2017 was a pivotal moment, where the Court unequivocally declared that the right to privacy is intrinsic to the right to life and personal liberty under Article 21 of the Indian Constitution. This judgment set the stage for more robust data protection and privacy regulations in India, highlighting the need for comprehensive legislation to safeguard individuals’ personal data.
Following the Puttaswamy judgment, the Indian government introduced the Personal Data Protection Bill in 2019, which aimed to establish a framework for protecting personal data and regulating its processing. However, this bill faced extensive scrutiny and criticism, leading to its withdrawal in August 2022. In response, the government introduced the Digital Personal Data Protection (DPDP) Act, 2023, which aims to address the gaps identified in the previous bill and align India’s data protection laws with global standards. The DPDP Act, 2023, establishes a comprehensive legal framework for the processing of personal data, ensuring that data fiduciaries adhere to principles of transparency, accountability, and security while processing personal data.
The DPDP Act, 2023, introduces several key provisions, such as requiring explicit consent for data processing, setting limits on data collection and retention, and mandating data breach notifications. It also establishes the Data Protection Board of India (DPB) to oversee compliance and enforce penalties for non-compliance. This law marks a significant step forward in India’s efforts to protect individuals’ privacy and personal data, reflecting the evolving landscape of digital rights and privacy concerns in the country.
The Digital Personal Data Protection (DPDP) Act, 2023, introduces several key features designed to protect personal data and ensure responsible data processing. Here are the main features:
Consent-Based Data Processing: The Act mandates explicit consent from individuals for processing their personal data. Data fiduciaries must obtain clear and informed consent before collecting and using personal data.
Data Principal Rights: The Act grants several rights to data principals (individuals), including the right to access, correct, and erase their personal data. It also provides the right to data portability and the right to withdraw consent.
Purpose Limitation and Data Minimization: Data fiduciaries are required to collect and process personal data only for specified, explicit, and legitimate purposes. They must also ensure that the data collected is adequate, relevant, and limited to what is necessary for the purpose.
Data Protection Board of India (DPB): The Act establishes the DPB to oversee compliance with the law, address grievances, and impose penalties for non-compliance. The DPB will also issue guidelines and conduct audits.
Breach Notification: Data fiduciaries are required to notify the DPB and affected data principals in case of a data breach. This ensures timely action and mitigation of potential harm.
Cross-Border Data Transfers: The Act regulates the transfer of personal data outside India, ensuring that data is transferred only to countries or entities that provide an adequate level of data protection.
Accountability Measures: Data fiduciaries must implement appropriate technical and organizational measures to ensure data security and comply with the principles of data protection. They are also required to conduct regular audits and risk assessments.
Penalties for Non-Compliance: The Act prescribes stringent penalties for non-compliance, including fines based on the nature and severity of the violation. This ensures that data fiduciaries adhere to the regulations and maintain high standards of data protection.
Khurana & Khurana offers expert advice and consultations on data protection issues, ensuring that your business is compliant with the latest regulations and best practices. We provide tailored solutions to help you navigate complex data privacy laws, implement robust security measures, and manage risk effectively. From conducting comprehensive audits to developing and enforcing data protection policies, our goal is to safeguard your organization’s data and minimize potential vulnerabilities. Exemplary services that are offered by Khurana & Khurana in this domain include but are not limited to:
Click here for downloading an exemplary presentation on Legal and Moral Debates Around AI.
For more information on Data Protection Bill, 2018: Click Here