© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
Each year, on January 28, the world observes Data Privacy Day. The day highlights the significance of privacy and data protection. It all started in Europe, where it was observed earlier as Data Protection Day. In 2008, it was extended to the US and Canada, where it began to be observed as Data Privacy Day. On this day in 1981, the Convention 108, the first legally binding international treaty dealing with privacy and data protection, was signed. Today, Data Privacy Day is observed globally each year. In this article, we break down the concept, its significance, and expert opinions.
In relation to data privacy, the term ‘data’ refers to personal or sensitive information about individuals that needs to be protected to maintain confidentiality, integrity, and security. This can include any data that identifies the person. The data can include personally identifiable information, such as name, contact details, email ID, date of birth or Aadhar details, PAN card number, passport details, etc. This can also include sensitive personal data such as health records, financial information, and biometric data. Data can also refer to behavioral data, such as online activities, geolocation data, or the device that the user is using, and can include the communication data, such as emails, messages, and call logs.
Cybersecurity expert and co-founder of The Organisation For Enlightening and Education (TOFEE), Tushar Sharma, said, “When personal data—like your name, address, online activities, or financial details—gets into the wrong hands, it can lead to identity theft, financial fraud, and even stalking or harassment.”
1. Identity Protection: Personal data, if exposed, can be used to impersonate anyone, leading to unauthorized access to the date of birth, KYC documents, bank details, or even to the victim’s social media profiles.
2. Financial Safety: Personal financial data, such as credit card details, online purchase history, and banking information, can be misused by cybercriminals/fraudsters to make fraudulent transactions.
3. Avoiding Discrimination: Data privacy ensures that sensitive information like your health status, race, or political beliefs isn’t exploited or used against you, whether by employers, insurance companies, or even advertisers.
4. Personal Autonomy: It’s about your right to control who has access to your information. If you don’t have control over your data, companies, governments, or other entities can make decisions about you without your consent.
5. Cybersecurity: Protecting data privacy is also essential for preventing larger-scale cyberattacks. If individual data is compromised, it can lead to larger breaches affecting millions of people, compromising personal security on a wider scale.
6. Freedom from Surveillance: Data privacy also relates to personal freedom. If too much personal information is exposed, it could lead to a world where people feel constantly surveilled or manipulated by companies or governments.
According to Abhivardhan, chairperson & managing trustee of the Indian Society of Artificial Intelligence and Law, “India’s data privacy framework, the DPDPA, employs distinct terminology compared to the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), reflecting its unique legal and cultural context. While GDPR uses terms like ‘data subject’ and ‘data controller,’ the DPDPA opts for ‘data principal’ and ‘data fiduciary.’. These terms emphasize the trust-based relationship and responsibilities in data handling, potentially empowering individuals as key stakeholders. Despite the terminological differences, the DPDPA’s core principles align with global data protection standards, focusing on consent, individual rights, and data security.
According to advocate Jaanvi Sharma, data protection law expert and founder of the WDP Foundation, there are certain gaps in the current DPDPA framework, such as, “First, it excludes non-digital personal data, leaving significant areas unprotected. Second, its over-reliance on consent as a legal ground for processing may lead to consent fatigue. Third, while the Data Protection Board is operational, its independence and effectiveness require strengthening. Fourth, the integration of DPDPA with sectoral regulations in areas like telecom, finance, and health remains unclear, leading to operational complexity. Finally, although data localisation is not explicitly mandated, restrictions under Rule 12 could impact businesses relying on global data processing.”
“The Digital Personal Data Protection Act mandates companies to use advanced solutions to store personal data securely and grants access to the collected data only to authorised personnel, thereby protecting against cyber fraud. This act has sparked a cultural shift across organisations, fostering a heightened commitment to prioritising customer data protection,” said Tushar Dhawan, partner at Plus91Labs.
Ashok Hariharan, CEO and co-founder of IDfy, while talking to indianexpress.com, said, “Safeguarding personal data is not a one-time responsibility but an ongoing commitment. As India advances under the DPDP Act, it is necessary to build a digital ecosystem where trust and transparency are woven into the fabric of every interaction.”
Abhivardhan states that the Indian citizens, as ‘data principals,’ have several rights under the DPDPA, including access to their data, corrections, erasure, and the ability to withdraw consent. The law establishes a three-tier grievance redressal mechanism; complaints are first addressed to the data fiduciary, then through a consent manager, and finally to the Data Protection Board of India (DPBI), which acts as the primary enforcement authority with powers similar to a civil court.
In case of data breaches, fiduciaries must notify both affected individuals and the DPBI, which can order remedial actions and impose penalties. Citizens can appeal DPBI decisions to the Telecom Disputes Settlement and Appellate Tribunal. However, the law lacks provisions for direct monetary compensation to individuals.
Jaanvi Sharma adds, “The IT Act, 2000 mandates companies to implement security practices under Section 43, allowing citizens to claim compensation for negligence, with criminal penalties outlined in Sections 43, 66, and 72A. The Consumer Protection Act, 2019 enables individuals to seek remedies for data misuse causing unfair trade practices or harm. Additionally, Article 21 of the Constitution safeguards privacy as a fundamental right, allowing citizens to approach courts for violations. Filing a civil or writ petition for an injunction from the HC can also help prevent the spread of stolen data, ensure its removal, block unauthorised access, and protect affected parties from further damage. These laws collectively ensure accountability.”
Neehar Pathare, MD at 63SATS, opined, “India’s data privacy framework has evolved with the DPDP Act, aligning it more closely with global standards. However, notable differences remain when compared to the European Union (EU) and the United States (US).The DPDP Act focuses exclusively on digital personal data, mandating organisations to disclose the nature, purpose, retention period, and accessibility of the data they collect. It emphasises transparency and requires technical safeguards like encryption. Unlike the EU’s General Data Protection Regulation (GDPR), the DPDP Act does not categorise data into ‘personal’ and ‘sensitive personal’ data. Additionally, it does not extend its provisions to non-digital data, leaving certain personal information outside its scope.”
“India stands out with one of the most complex data privacy frameworks, encompassing various sectors of the economy. These regulations can be challenging to follow, especially when business leaders come from different industries. Each sector is governed by different acts catering to its unique requirements,” added Tushar Dhawan.
According to Dhiraj Singh, CEO of SIS Ltd., the integration of advanced technologies such as artificial intelligence (AI), the Internet of Things (IoT), and biometrics plays a pivotal role in enhancing private security. “These technologies have revolutionised the way businesses approach security, enabling more proactive, data-driven decision-making. With the increasing use of these technologies comes the growing responsibility to protect the data they generate. Data privacy is of paramount concern, not just for individuals, but also for businesses. As we adopt new technologies, ensuring compliance with stringent data protection regulations, such as India’s Digital Personal Data Protection Act, becomes increasingly complex,” Singh said. He added that it is crucial for security companies to maintain a balance between robust surveillance measures and privacy regulations, ensuring that the data collected is used responsibly and in accordance with legal standards.
Tushar Sharma too shared that AI and blockchain can be instrumental in preventing data breaches. AI can help identify and respond to potential breaches faster than traditional systems, minimising damage. By continuously analysing network traffic and user behavior, AI can stop a breach before it spreads or escalates. Blockchain can ensure data integrity, preventing unauthorised alterations or tampering of data. It also reduces the likelihood of a single-point-of-failure breach due to its decentralised nature.
Tushar Sharma lists for individuals:Use strong, unique passwords: Avoid simple or repeated passwords; create complex, unique ones for each account.
Enable two-factor authentication: Add an extra security layer to accounts, requiring a second verification step.
Regular software updates: Update devices frequently to patch security vulnerabilities.
Beware of phishing: Verify senders, avoid suspicious links, and do not download unknown attachments.
Limit data sharing on social media: Share minimal personal details and adjust privacy settings to restrict access.
Backup data regularly: Use external drives or cloud storage to prepare for ransomware, crashes, or accidental deletion.
Encrypt sensitive files: Protect financial or personal documents with encryption to ensure data safety even if compromised.
On the other hand, Tushar Dhawan added that with AI-driven connectivity, the absence of appropriate data privacy methods and security safeguards leaves information vulnerable. “As cyber threats become increasingly sophisticated, implementing robust data security measures is essential to protect individual data and prevent malicious attacks. Moreover, data privacy compels companies to adopt ethical practices in handling personal information. Ultimately, data privacy encourages people to move toward a secure and reliable digital world,” he said.
