In a world where almost every click, swipe, and tap records personal information, have you ever wondered how safe your data is? Whether it’s your browsing history, contact details, or even your shopping preferences, your data tells a story — it is a peep into your personal life, and can be exploited, leading to identity thefts,
, and financial fraud, to name a few.
India’s Digital Personal Data Protection Act, 2023 (DPDPA) steps in to protect your privacy by regulating how organisations collect, store, and use personal data.
The Act aims to empower Indian citizens, giving them more control over their personal data and , regardless of where the data was collected. There are two main entities involved:
Advertisement
As defined by the Act, personal data is anything that indicates information about a natural person, in terms of their identity, name, contact information, location and the like. Online identifiers — information that can track you when you are online such as IP address, cookies, username and password, etc — are also included under personal data.
However, your data would not be protected under the Act if:
The process of data collection happens in almost every online activity one is involved in. Starting from one’s online search, social media feed, shopping cart details, advertisement suggestions, to your credit card details and UPI transactions, personal data is very valuable. It is important to be aware of certain systems like the DPDPA put forth for the benefit of citizens.
Advertisement
A look at data privacy basics:
The DPDPA enforces strict penalties for organisations that fail to comply with its regulations, particularly regarding the . Here’s a breakdown of the penalties:
Rs 200 crore for failing to .
Advertisement
Rs 250 crore for failure to take security measures to prevent data breaches.
Consent Manager: A tool that lets you manage your data-sharing preferences.
Anonymisation: A process that removes personal identifiers, ensuring data can’t be traced back to a specific individual.
Advertisement
Data Protection Board: The regulatory body ensuring organisations comply with the DPDPA.
The gives you the power to protect your privacy in the digital world. By understanding how your personal data should be handled, you’ll feel confident in your ability to manage and secure it.
Edited by Arunava Banerjee
India’s Digital Personal Data Protection Act, 2023 (DPDPA) steps in to protect your privacy by regulating how organisations collect, store, and use personal data.
The Act aims to empower Indian citizens, giving them more control over their personal data and , regardless of where the data was collected. There are two main entities involved:
Advertisement
- Data Principal: This is you — the individual whose data is collected.
- Data Fiduciary: This is the company or organisation that collects and manages your data.
What constitutes personal data?
As defined by the Act, personal data is anything that indicates information about a natural person, in terms of their identity, name, contact information, location and the like. Online identifiers — information that can track you when you are online such as IP address, cookies, username and password, etc — are also included under personal data.
However, your data would not be protected under the Act if:
- It is being used by law enforcement agencies like police, cybercrime, special and intelligence agencies.
- It is being used for the purpose of journalism or artistic expression.
- It is being used for personal or family purposes.
Basic principles
The process of data collection happens in almost every online activity one is involved in. Starting from one’s online search, social media feed, shopping cart details, advertisement suggestions, to your credit card details and UPI transactions, personal data is very valuable. It is important to be aware of certain systems like the DPDPA put forth for the benefit of citizens.
Advertisement
A look at data privacy basics:
- Consent is king: Ever downloaded a fitness app? Before you could start tracking your steps, you probably had to agree to a long list of terms and conditions. That’s consent in action. Under the DPDPA, companies can only collect your personal data if you’ve given them a clear “yes.”
- Purpose limitation: Let’s say you sign up for a newsletter. The company can only use your email address to send you updates, not to target you with ads or share with other businesses. Your data should always be used for a specific purpose.
- Less is more: When you fill out a form, have you noticed that some fields are marked as optional? That’s data minimisation in action. Companies should only collect the data they absolutely need. For example, a fitness app might need your height and weight to calculate your BMI, but it doesn’t need your Aadhaar card details.
- A time-limit on data: Like old photos in a box, digital data can also become outdated. The DPDPA says that companies can’t hoard your data forever. They must have a system to delete it when it’s no longer needed.
Your data, your rights
- Right to Access: You have the right to know what data an organisation is storing about you. You can contact the organisation or website at any time to ask about the information they hold. Check their privacy policy for details on how they collect, use, and protect your data.
- Right to Correction: If there’s incorrect data about you, you can request corrections. A consumer-compliant redressal forum under the Data Protection Board will help you correct your data from a company.
- Right to Erasure: You can ask organisations to delete your data if it’s no longer needed. As per the Act, you can contact the Data Protection Officer (DPO) directly for data protection concerns.
- Right to Grievance Redressal: A process is in place for complaints, ensuring accountability for data misuse. In case of a data breach, the citizen must inform the Data Protection Board of India.
What are the penalties for non-compliance?
The DPDPA enforces strict penalties for organisations that fail to comply with its regulations, particularly regarding the . Here’s a breakdown of the penalties:
Rs 200 crore for failing to .
Advertisement
Rs 250 crore for failure to take security measures to prevent data breaches.
Key terms you need to know
Consent Manager: A tool that lets you manage your data-sharing preferences.
Anonymisation: A process that removes personal identifiers, ensuring data can’t be traced back to a specific individual.
Advertisement
Data Protection Board: The regulatory body ensuring organisations comply with the DPDPA.
The gives you the power to protect your privacy in the digital world. By understanding how your personal data should be handled, you’ll feel confident in your ability to manage and secure it.
Edited by Arunava Banerjee