After intense drama, India has now introduced a Digital Privacy and Data Protection law after the bill was given the go-ahead by both houses of Parliament. India’s bill is often compared to the European Union’s General Data Protection Regulation (GDPR).
The IT Ministry takes pride in introducing a bill that uses “she” instead of “he” for the first time in an Indian document. This law is set to reshape the landscape for Indian citizens and their data.
Read More: Why health insurance is essential?
PHYSICAL vs DIGITAL DATA
As an Indian citizen, it’s important to understand the distinction between physical data and digital data.
The new law specifically covers digital data, not physical data – any data available in digital form, including photographs of data, falls under this law.
Any digital data related to Indian citizens will now be subject to this rule.
However, if someone exclusively uses paper and avoids digitalization, they are exempt from these rules, regardless of the amount of data they possess.
As an Indian citizen going online, you will observe several changes. Upon being online, you’ll encounter clearer privacy notices, options to decline, alerts for data misuse, and the right to access and rectify data.
For instance, from now on:
1. Online businesses will inform you about your data usage.
2. Websites and apps will seek permission before utilizing your data.
3. Consent will be required before receiving promotional emails or texts.
Read More: 20 Trains Cancelled For A Week in Hyderabad, Secunderabad Divisions
IMPACT ON INDIAN CITIZENS’ DATA
Processing of Indians’ Data
Under the new law, the definition of “processing” has been adjusted to include wholly or partially automated data. Unless you explicitly indicate non-consent, your data can be processed.
Here are scenarios where private entities can use your data:
If you share your phone number at a movie hall, they can use it to inform you about upcoming movies or offers, falling under reasonable use.
Similarly, if you provide your number at a restaurant, they can use it to share information about new dishes, launches, or reservations.
Data can only be processed for the specific purpose it was given for and must be necessary to fulfill that purpose.
Read More: Man loses ?4 lakh in IRCTC ticket scam; Know how to stay safe
Individuals have the right to correct or erase their data. This allows individuals to:
1. Rectify inaccurate personal data, such as correcting their name’s spelling.
2. Complete incomplete personal data, like missing PIN codes.
3. Update personal data, such as changing phone numbers or email addresses.
4. Erase personal data no longer needed, unless retained for legal reasons.
Data for Subsidies, Services, Permits
Companies offering benefits, certificates, licenses, etc., can process your data if you’ve consented or if your data was previously obtained by a state entity.
If your data is available online for these purposes, it can be processed for subsidies, benefits, services, etc.
Government Use of Your Personal Data
Government entities have more flexibility in using citizens’ data, bypassing norms requiring explicit consent in certain cases.
During emergencies, your data can be used without consent, such as in natural disasters.
You can appeal decisions made by the data protection board before the Telecom Disputes Settlement and Appellate Tribunal (TDSAT).
Penalties for Companies
Entities like social media platforms, startups, banks, etc., can face penalties up to ₹250 crore for misusing or failing to protect individuals’ digital data. Repeated offenses lead to increased penalties.
In conclusion, consent and government oversight will guide data handling. While Indians have a say in consent, misuse will result in stricter regulations.
