DATA PRIVACY UNDER THE INDIAN LEGAL SYSTEM
THE LAWWAY WITH LAWYERS JOURNAL VOLUME:-20 ISSUE NO:- 20 , MARCH 25, 2025 ISSN (ONLINE):- 2584-1106 Website: www.the lawway with lawyers.com Email: thelawwaywithelawyers@gmail.com Authored By :- Anamika Das DATA PRIVACY UNDER THE INDIAN LEGAL SYSTEM ABSTRACT Data privacy is individuals’ right to control their personal information. Information privacy is another name for data privacy. In the modern world data is an asset for every human being. Data is a collection of facts such as numbers words descriptions of things. But nowadays many evil people are misusing people’s data. If people do not have control over their data evil people can use it in many ways like they can use personal data to fraud or harass someone they can selling data or they can track a person’s activities and many more things. The Digital Personal Data Protection Act 2023 (also known as the DPDP Act or DPDPA 2023) plays an important role in data privacy. It recognizes the right of an individual to their data and the need to process and search personal data for new lawful purposes and matters connected therewith or incidental thereto. The primary aim of this article is to look into various provisions and the legal fame worth in India relating to data privacy. This article also talked about what is data, why there is a need for data privacy, how people can misuse other people’s data, and the importance of data privacy. This article also gives a deep understanding of the Digital Personal Data Protection Act 2023. Keywords:- Data privacy, right, data protection, personal data, digital, court, act, information, right INTRODUCTION Data privacy is a very essential right of people in the digital world. Data is the collection of facts, such as numbers, measurements, observation, and even just description of things. Data privacy generally means the ability of a person to determine for themselves when, how, and to what extent personal information about them is shared with or communicated to others. Under the digital personal data Protection, Act 2023 only includes those data which is digital. It does not include other forms of data. Every user has the right to know how much a company holds their data. They also have the right to access their data. A company cannot use people’s data without their permission. If a person wants, they can ask the company to delete their data and the company needs to do it. If the company refuses to do so, that person can file a suit against that company. Background On 24th August 2017, A nine-judge bench headed by Chief Justice J. S. Khehar gave a landmark decision on the right to privacy. In 2018, The Srikrishna Committee submitted the draft Personal Data Protection Bill. The draft bill is introduced in Parliament but lapses due to the dissolution of the Lok Sabha. Again in 2022 the government withdrew the bill and introduced a new draft, the Digital Personal Data Protection Bill. And in 2023 the DPDP Act was passed by Parliament and received presidential assent, becoming a law. The law came into effect on August 11, 2023, after being passed by both houses of Parliament and receiving the President’s assent. What is data? According to the Digital Personal Data Protection Act 2023 section 2(h) data means a representation of information, facts, concepts, opinions, or Instructions in a manner suitable for communication, interpretation, or processing by Human beings or by automated means. This act balances the rights of individuals to protect their data with the necessity of processing such data for lawful purposes. Why there is a need for data privacy Data is the oxygen of the digital world. Everything is surrounded by Data in the digital world. Anyone can take our identity by our data. That’s why data privacy is very important. Data privacy safeguards our personal identity, rights, and digital freedom and ensures that sensitive data like Social Security numbers, bank account details, addresses, health information, and locations remain secure. One one will be able to use people’s data without their consent Or sell anyone. Data privacy also creates a trustful bond between the individual and the organization. If there is no data privacy, people’s emails could be hacked and their identities could be stolen and their medical conditions could be shared without their consent, their banking data could be hacked. This call can cause mental, physical, and financial harm. Challenges in data privacy Data principals and data fiduciaries both parties face some challenges in data privacy. According to the Digital Personal Data Protection Act 2023, Data Fiduciary means any person who alone or in conjunction with other Persons determines the purpose and means of processing personal data and Data Principal means the individual to whom the personal data relates and Where such individual is a child, includes the parents or lawful guardian of such a child And a person with disability includes her lawful guardian, acting on her behalf. Cookies often record user’s activities. In some websites, there is an alert for cookies and in some websites, there is no alert system for cookies policy. In this way, the Data principal’s behavior is often tracked online. In some websites, there is a lack of transparency about the website policy. Even the data fiduciary also faces many problems like they unable to communicate with the users about how much data they are taking, how much data they are going a store, and in which way they are going to use users’ data. Some third parties also try to hack data leading to a massive data breach; even some insider employees can use users’ data inappropriately. That’s why the data principles and data fiduciaries need to be alert about their data. Data privacy Laws that govern data around the world California Privacy Rights Act (CPRA): The California Privacy Rights Act (CPRA) was passed in November 2020. Amending the recently passed California Consumer Protection Act (CCPA) 2018. It governs companies and individuals that