After a tense drama, India has now introduced a digital privacy and data protection law after the bill was given the green light by both houses of Parliament. India's bill is often compared to the European Union's General Data Protection Regulation (GDPR).
The IT ministry is proud to introduce a bill for the first time to use "she" instead of "he" in an Indian document. This law is intended to reshape the landscape for Indian citizens and their data.
PHYSICS vs. DIGITAL DATA
As an Indian citizen, it is important to understand the difference between physical data and digital data. The new law specifically covers digital data, not physical data - all data available in digital form, including data snapshots, is covered by this law.
All digital data relating to Indian citizens will now be subject to this rule.
However, if someone uses only paper and avoids scanning, they are exempt from these rules, regardless of how much data they have.
As an online Indian citizen, you will observe some changes. Once online, you'll see clearer privacy notices, opt-out options, data abuse warnings, and data access and correction rights. For example, from now on:
1. Online companies will tell you about your data usage.
2. Websites and apps will ask for permission before using your data.
3. Consent is required before receiving promotional emails or text messages.
IMPACT ON INDIA CITIZEN DATA
India data processing
Under the new law, the definition of "processing" has been adjusted to include fully or partially automated data. Your data may be processed unless you explicitly indicate your disagreement.
The following are situations in which private entities may use your data:
If you share your phone number at the movie theater, they can use it to notify you about upcoming movies or offers, which makes perfect sense.
Likewise, if you provide your number at a restaurant, they can use it to share information about new dishes, premieres, or reservations. Data can only be processed for the specific purpose for which it is provided and must be necessary to achieve that purpose.
Individuals have the right to correct or delete their data. This allows individuals to:
1. Correcting incorrect personal data, such as correcting the spelling of their name.
2. Incomplete personal data, such as missing PIN.
3. Update personal data, such as changing your phone number or email address.
4. Delete personal data that is no longer needed, unless it is kept for legal reasons. Data for grants, services, licenses
Companies that provide benefits, certificates, licenses, etc., may process your data if you consent to it or if your data has been previously collected by a public entity.
If your data is available online for these purposes, it may be processed for grants, benefits, services, etc.
Government use of your personal data
Government agencies are more flexible in their use of citizen data, bypassing standards that require explicit consent in some cases.
In the event of an emergency, your data may be used without consent, such as during natural disasters.
You can appeal the decisions of the Data Protection Commission to the Telecommunications Dispute Settlement and Complaints Court (TDSAT).
