IMPLICATIONS OF CURRENT DATA PROTECTION LAWS


Author: Bhumi Kamble, Dr D.Y Patil College of Law, Navi Mumbai


INTRODUCTION
In today’s growing economy it is hard to keep pace with the technological advancements. These technological advancements create a hustle for the common people. As a result of which it deprives the privacy rights of the public. Since we welcome the new developments in technological world, we are forced to giveaway our personal and confidential data while dealing with various online platforms and transactions.
To curb such challenges and create awareness The Personal Data Protection Bill led to the enactment of The India Digital Personal Data Protection Act [DPDPA] in the year 2023. This bill provided with all the preventive measures and liabilities of large-scale business organizations in dealing with the consumer data. It provides with wide range of data, their types, and the need to protect them from the enemy sources.
However, even after the enactment of the act, it has certain drawbacks and consequences which poses a threat to the public at large. Even though the act has applicability all over India targeting the companies dealing with individuals’ data it has certainly not created the basic knowledge and understanding towards safeguarding the private information.


IMPORTANCE OF DATA PROTECTION
Prevents Frauds – many fraudulent activities are increasing due to the online and digital interface making common people the victim of such scams. All such information shared or transferred need to be rightfully safeguarded.

Authentic Data handlers – An authentic data handler is defined as a Data processor under the DPDPA act who has roles and responsibilities in storing, handling and dealing with the user information. Such authority prevents any malpractices related to data transfer.

Confidence Building – Many users happen to increase their trust if the source is legitimate and safe from misuse of their sensitive information.

Penalizes the offender- The Act provides for different penalties and punishments to the offender in case of such crimes committed relating to tampering with personal information.

Imposes Restrictions on Companies – All software’s and processors or any other such companies dealing or engaging themselves in handling sensitive or personal data of users are under the obligation of the rules of data protection under the act. Therefore, it has restricted them to store any personal information of their users or customers.

Legal Authorities – The act consists of different bodies and authorities who are professed with the knowledge of preventing illegal methods of using data. These bodies act as a regulatory authority in protection of the confidential matters.

CHALLENGES AND IMPLICATIONS
Strict Compliance Procedure – the act enacted has created a legal obligation to comply with the data protection rules and regularities. This has created a botheration among the private and other public undertakings. Often complying the rules are not so quick to adaption especially for the business organizations who carry out their operations on a large scale.

Over Discretionary Powers – the authorities although may be independent by nature but sometimes it seems too much independency. The act has vested too many discretionary powers which may seem to be complex and less reliable. Such complexity creates room for other legal complications and a hurdle in justice delivery system.

Restrictive scope – The scope of the data protection act is limited to only the digitalize information and data. It does not consider the offline substances and such other information. Therefore, it may cover data of all types but has failed to include the non- digital data.

Exemption Provision- The act to boost economic development and to help the startups in their promotion and development has exempted them from complying with the data protection rules. Such startups are innovative in nature and more technologically advanced, consequently it requires storage of useful and sensitive data during their operations. The exemption provided may lead to data tampering and illegal use of sensitive data. Apart from the startups the exemption is provided to other central and state-owned undertakings which may at times cannot be successful in protecting privacy of user information.

Categories of data not recognized- the data protection bill provided with the clauses classifying the categories of data such as sensitive, private, or personal data but these were not implemented in the act enacted.

Lack Preventive Measures- the data protection act contains provision for the data transfer but it lacks the protection of the personal data at the time the user is transferring such data. If there is a breach then the authorities have limited power which can only restrict it. Following to which it does not grant much prevention of frauds and protection of the individuals’ data.

Public Awareness- the enforceability of the act mainly depends on the public. Many people are still not aware of their rights. Since it does not impose any legislation on the government to make people know about such rules about data protection it provides a advantage for the other party to maltreat your sensitive data.

Exemption of Personal Data from Disclosure – the Right to information act states that any personal or sensitive data should be exempt from disclosure if it is not for concerned with the public. However, the DPDP act prohibits disclosure of all personal information which does not gives access to the right to information under the RTI act


FUTURE PROSPECTS
With the upcoming revisions and changes to the Information Technology (IT) Rules and the Digital Personal Data Protection Act (DPDPA), India’s data protection landscape is expected to undergo major progress in the coming years. These changes are intended to tackle new issues like deepfakes and misinformation powered by AI. By emphasizing cybersecurity and other relevant areas, the revisions will also improve the privacy and artificial intelligence regulations.
Innovation and technology play a crucial part in data protection. Real-time threat identification and response made possible by developments in AI and machine learning are expected to enhance data security. Furthermore, it is anticipated that advanced encoding techniques like AES and Blockchain would be crucial in protecting data transfers and storage, guaranteeing data integrity, and thwarting unauthorized access. These advancements demonstrate India’s proactive approach to modifying its data protection legislation in response to changing technology environments, upholding its position on protecting personal privacy while promoting innovation.


CASE LAWS
Satish Chandra v. M.P. Sharma (1954): It is among the earliest cases involving the right to privacy in India. The nation’s highest court convened an eight-judge panel to consider whether the Code of Criminal Procedure’s search

and seizure provisions were constitutional. The court ruled that the search and seizures were not in violation of the right to privacy and that there is no such right in this case. The right to privacy cannot be infringed upon since it is not covered by any clause in the Indian Constitution.


People’s Union of Civil Liberties v. Union of India (1996)- was another significant ruling. The ruling made in 1997 supported an individual’s right to privacy. The case focused on whether it violated someone is right to privacy when someone’s phone was tapped without their permission. It was a PIL the CBI filed in opposition to widespread phone tapping. The Court ruled that such unconsented phone tapping is prohibited, citing Article 21 as a key component. According to the Court, doing so would constitute a very serious violation of one is right to private. The Court’s declaration of the same was a significant advancement in the defence of the right to privacy.





CONCLUSION
In conclusion, India’s data privacy and protection laws reflect the world at large as data is becoming increasingly important in the sophisticated digital age. The DPDP Act’s implementation is a step in the right direction towards protecting personal data, giving data principals more control over their data, and establishing responsibility for data protection agencies. The Act emphasizes the rights of Data Principals and emphasizes important concepts such purpose limitation, accuracy, responsibility, and data minimization. It monitors the fulfilment of Data Fiduciaries’ responsibilities and levies fines for noncompliance with rules. The DPDP Act accomplishes the goals for which it was designed, yet it is not immune to criticism.


FAQ’s
The DPDP Act went into effect when?

On August 11, 2023, the Act went into effect.

Which kind of information are legally protected?

that can be used to identify a person is considered “personal data” under the Act, and this is what the law protects. Details like name, address, age, phone number, and so on can be included in personal data. Regarding the applicability of sensitive personal data, the Act is silent.

To whom are the provisions of the DPDP Act applicable?

The DPDP Act’s Section 3 specifies that it only applies to digital personal data
offline personal data. It does apply to commerce done both inside and outside of India, provided that the business involves Indian goods or services.

Leave a Reply

Your email address will not be published. Required fields are marked *