The influence of technology and the internet in our daily lives is greater than it was earlier and this scenario is here to grow manifold with the advent of AI. During the course of our lives, we share personal information online through various social media and online platforms to connect personally and professionally. The price that we pay while availing the digital services is in the form of our personal information which raises valid concerns surrounding data privacy and protection.
Right to Privacy allows you to keep your personal information confidential. Data protection refers to the measures and practices that ensure your personal data is safeguarded against data theft and misuse.
Your personal information includes details like your name, address, phone number, financial data, and health record, this data can be misused by cyber criminals for identity theft or other financial scams. With the introduction of AI, various new areas of crimes have emerged using Deep Fake technology. Hence, protecting your data has become more important than it ever was. Privacy laws and data security regulations empower you with ownership over your personal information and restrict any unauthorized use.
There have been various instances wherein an individual’s personal data was subjected to various malicious uses by private entities. This data is sometimes taken without even the owner’s consent. The Cambridge Analytica Scandal in 2018 brought widespread attention to the issue of data privacy and misuse of data. It exposed that the personal information of Facebook users was collected without their consent for political advertising. In a similar incident in 2021, the Pegasus Spyware Case came into light wherein, it was alleged that Pegasus Spyware is used for illegal surveillance on journalists, activists, and politicians. This incident again highlighted the importance of data privacy.
The courts in various instances came to the rescue of people who were the victims in the hands of private entities. The personal data was either taken without their consent or through complicated interfaces wherein users did not even understand that they have given consent and for what purpose. This left the data subjects in a vulnerable position without any recourse. In such situations, judicial intervention provided appropriate remedy to the data subjects. It also ensured that the entities using personal data are not taking advantage of the data subject’s innocence or lack of technical knowledge.
In the case of Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Ors. AIR 2017 SC 4161, Supreme Court confirmed that privacy is a fundamental right under the Indian Constitution, paving the way for stronger regulations to safeguard personal information.
In another notable case, WhatsApp LLC & Anr. v Competition Commission of India, LPA 163/2021, the Delhi High Court ruled that WhatsApp's updated privacy policy violated IT Act and rules and the judgement allowed users to opt out from providing forced consent. This case highlighted the importance of transparent and responsible data management practices.
The Information Technology Act, 2000: The Information Technology Act of 2000 sets out rules for electronic governance and oversees how personal data is handled. It also includes penalties for cybercrimes such as hacking and data theft.
The Digital Personal Data Protection Act, 2023: The Digital Personal Data Protection Act of 2023 has established a strong data protection law in India. It outlines individual rights regarding personal data, creates a Data Protection Authority, and places responsibilities on data fiduciaries. The 2023 act permits personal data to be used for any legal purpose. Entities that collect, store, and process digital personal data (‘Data fiduciaries’) and have specific responsibilities of:
(a) maintaining security measure;
(b) ensuring accuracy and completeness of personal data;
(c) reporting data breaches to the Data Protection Board of India (DPB) in a prescribed manner;
(d) deleting data upon consent withdrawal or when the specified purpose expires;
(e) appointing a data protection officer and establishing grievance redress systems; and
(f) obtaining parental/guardian consent for children/minors under eighteen years of age.
The Aadhaar Act, 2016: The Aadhaar Act, 2016 dictates how the Aadhaar unique identification system is used and lays down guidelines for gathering, storing, and using biometric data. The Supreme Court in Aadhar Judgement found that the Aadhaar Act was constitutional to the extent of using Aadhar for verifying an individual's identity to receive government-funded benefits like subsidies. However, private entities cannot use Aadhaar data without an individual's consent for any other purpose.
Consent: When it comes to your personal data, companies and organizations are required to ask for your clear permission before they gather and handle it.
Purpose Limitation: Your data can only be used for the specific reason it was collected for or permitted for, and not for anything else.
Data Minimization: Additionally, only the necessary amount of data should be collected, and once the purpose is met, it should be removed.
Access and Correction: You also have the right to see and correct any inaccuracies in your personal data that the organizations holds.
Data Portability: Furthermore, you can move your personal data from one service provider to another in a standard format.
Right to Be Forgotten: You have the right to get your personal data removed or deleted from an organization's records under certain circumstances.
Be Cautious with Personal Information: When sharing personal information online, be cautious and think carefully about what you disclose, especially on social media platforms.
Use Strong Passwords: To protect your accounts, create strong, unique passwords for each account, especially banking and investment related information and consider using two-factor authentication if possible.
Keep Software Updated: Keep your operating systems, applications, and antivirus software up to date to prevent data security breaches.
Be Vigilant Against Phishing Attempts: Do not reply or provide personal information to unsolicited emails, messages, or calls requesting personal information.
Privacy and data protection are fundamental rights in the digital age. In a country like India where the majority of the population may not be technically-informed, it becomes even more dangerous to protect personal information. Many people might not be aware enough to understand their personal data being used for unintended purposes. The Internet has reached various parts of the country, with internet access and mobile usage, the issue of personal data protection has become more crucial than before. By understanding your rights and the laws that protect them, you can take steps to safeguard your personal information and maintain control over your data.