INTERSECTION OF PRIVACY AND RESPONSIBILITY : A STUDY OF DATA PROTECTION DUTIES AND RIGHTS.
THE LAWWAY WITH LAWYERS JOURNAL VOLUME:-15 ISSUE NO:- 15 , SEPTEMBER 20 , 2024 ISSN (ONLINE):- 2584-1106 Website: www.the lawway with lawyers.com Email: thelawwaywithelawyers@gmail.com Authored By :- Izal Eldita Lobo INTERSECTION OF PRIVACY AND RESPONSIBILITY : A STUDY OF DATA PROTECTION DUTIES AND RIGHTS. ABSTRACT The Digital Personal Data Protection Act (DPDPA) 2023 marks India’s first comprehensive data protection legislation, aiming to provide data principals with control over personal data and impose stringent obligations on data fiduciaries. The Act addresses emerging challenges in data privacy and protection in the context of increasing digitization. Data protection is a significant area of law in a country like India, which is digitalising at a fast rate. The right to privacy is an essential human entitlement that involves an individual’s independence and authority over their personal data. In this era, the right to privacy has become increasingly pertinent. The concept of data privacy encompasses the protection of personal information from unauthorized access, use, and disclosure. In this fast-paced digital landscape, the Digital Personal Data Protection Act, 2023, is a momentous stride in safeguarding individual privacy rights and promoting responsible data management practices. The primary purpose of the Act is to regulate the processing of digital personal data and respect individuals’ right to protect their data while recognising the necessity of processing and using such data for lawful purposes. The law is intended to protect personal information for citizens in the world’s most populous country, and increase accountability for organizations that handle a lot of such data, including those with online operations and that run mobile apps. Like many data privacy laws around the world, the DPDP Act is extraterritorial, and so applies to organizations operating both inside and outside of India, if they are offering goods or services to Indian citizens, and in doing so processing personal data. The DPDP Act defines data, personal data and digital personal data. “Personal data” is defined broadly to mean any data about an individual who is identifiable by or in relation to such data, and “digital personal data” means personal data in digital form. Key words – Digital Personal Data Protection Act, Rights. Duties, Data Principal, Data fiduciary INTRODUCTION Privacy in today’s time is considered to be a person’s Fundamental right. The scope of Art 21 of the Indian Constitution has been made so wide that it embraces even The Right to Privacy of a human being. Around the world, privacy has come to be seen as a fundamental human right; in India, it is officially recognised as such under Article 21 of the Indian Constitution. The right to privacy is intimately linked to data protection, which is more challenging to accomplish in today’s technologically advanced and international society. In many jurisdictions, privacy of an individual is of utmost importance and has data protection laws brought into existence to protect the same. The concept of privacy is multi-dimensional and has been defined differently by different scholars and jurists. Westin defined privacy as: “…claim of individuals, groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others.” A person’s right to privacy entails that a person should have control over his or her personal information and should be able to conduct his or her personal affairs relatively free from unwanted intrusions. The concept of data protection deals with 2 aspects namely data protection and data privacy. Data protection is the practice of safeguarding or protecting the information of the individuals whereas Data privacy is the process of ensuring when, how and on what basis the data of a person will be shared. In 2017, the celebrated case of K.S. Puttaswamy v. Union of India (2018) pronounced the right to privacy a fundamental right safeguarded under Article 21. This is a time where our personal data and information is being collected and processed day in and out and it is essential for us to know our rights when it comes to data protection and privacy. Part 3 of the the Digital Personal Data Protection Act, 2023 provides light on the rights and duties of the data principal. Data principals are the individuals to whom the data relates to. RIGHTS OF DATA PRINCIPAL THE RIGHT TO INFORMATION The Data Principals have the complete right to know the information of theirs which is being collected and is being processed by the Data Fiduciaries. Data Fiduciaries are defined as those individuals or in co-existence with others who access the information others. Section 11of the DPDP Act, 2023 mentions that the individuals shall have the right to obtain information which the Data fiduciary is accessing to whom they have previously given consent to. The data principal has a right to know about his personal data which is in possession with a data fiduciary, hence Under the Right to Information Act, 2005 the individuals can go about to access the information with the Public authorities. The special data protection laws and the right to information laws protects the individual’s right to know the nature of information which is being stored about him in organisations. Data Fiduciaries must provide clear and concise information about the collection, usage and storage of the Data Principal’s personal data. Individuals can also access information which is a matter of public concern and the concerned officer must provide the information to them within a prescribed time while at the same time the officer has a right to deny providing the information with a reasonable justification. They are entitled to know the identity and contact details of the Data Fiduciary which is responsible for handling their data. In Manohar Singh v. National Thermal Power Corporation Ltd. the central information commission had decided that when a citizen seeks information about himself and as long as the information sought is not exempt in terms of other provisions of section 8 of the Right to Information Act, section 8(1)(j) of the Act cannot be applied to deny information. This right ensures transparency and control which the individuals