Privacy in India in 2024

Source: Adobe Stock

Background

Indian culture is known for its openness, transparency, kindness, communication, and connections. With this inherent belief in our culture, privacy has been almost an alien concept in India. However, with the landmark decision of K.S. Puttaswamy v. Union of India in 2017; Supreme Court held that “Right to Privacy” is protected as fundamental constitutional right. This decision at least ignited the thought and importance of secured information among all Indians.

With the emergence of digital world where data spreads at the speed of light; even the Indian cultured embedded community started worrying about the use and more importantly misuse of widely available personal information across organizations. While these thoughts were running across Indian community, government took the initiative proactively to pen down these thoughts and design controls to safeguard the personal information of Indians from theft or misuse and it took the form of first prescriptive draft legislation in 2019. This draft was only the first step of the long journey of reviews, discussions, and consultations for the much-awaited law to come in place. Finally, this extensive journey culminated with “Digital Personal Data Protection” DPDP Act receiving the assent from President on 11th August 2023.

DPDP Act resolving the crucial challenge of Data Privacy in India

DPDP Act is a simple, concise, and well thought through legislation that not only empowered the individuals/Data Principals to secure their personal information but also ensured maintaining delicate balance of compliance requirements for organizations and ease of doing business promoting the start up culture in India which is being driven by solving the issues or problems of mass. Well known and encouraged startups in India have access to personal information of magnitude of individuals but have been exempted from heavy compliances that need to be met by Significant Data Fiduciaries. This act has not only leveraged the benchmark controls of well implemented data privacy regulations across the world but also ensured customization of these controls suitable for the needs of Indian market.

With this beautifully drafted act receiving presidential assent, everyone is now waiting for detailed rules of the act which will elaborate on the expectations of control implementation with prescribed timelines.

Pre-work required before or during DPDP advised controls implementation

While the rules are awaited, one major issue to be resolved in Indian community especially in tier2 and tier3 cities is to create awareness around the Data Privacy and importance of secured personal information. Considering that rural areas has started reaping the benefits of digital world through the outreach of start-ups and through the focused Pradhan Mantri “Yojanas” especially crafted for rural areas, its pragmatic to make the users aware about the ways their personal information can be misused resulting in multitude of losses including but not limited to reputational and financial loss. It is of utmost importance to adopt all the controls of securing their information before agreeing to share or submit the personal information with any of the organizations.

Without this awareness, the drafted controls in the act such as obtaining consent from Data Principals will lose its essence. Unless Data Principals in rural areas understand the meaning of providing consent in true spirits, requirement of gathering consent will not hold good. Hence, to give meaning to these rules on ground, it’s prudent to create awareness in the community about privacy, security and pertinent designed controls.

Another crucial factor that needs focus is the increased involvement of children on internet with the evolving educational needs being fulfilled through digital means. This involvement has seen a clear surge since COVID-19 has hit the world. Since everyone shifted to online mode of education during that time, it has now become “Business as usual” to fulfill educational needs through online mode both for reasons of availability and convenience. Now, that children involvement has been increased in digital world, it’s prudent to focus on enhanced controls that would be required to secure children personal information and the restrictions to be placed regarding monitoring and profiling of children basis their online behavior.

Conclusion:

Digital evolution and transformation have encircled the world with its extensive benefits and convenience. We all are looking forward to enhanced and promising features of digitization in the form of Artificial Intelligence (AI) but to keep leveraging these pros of digitization; we must learn to circumvent the unethical uses of readily available and quick sharing information by ensuring adequate controls and practices both in organizations as well as with individuals.

Author: Himshikha Jain