Should India have stricter laws for Data Privacy?

Times have changed, some may even say have become more technological and digital. From the methods of communication changing from letters to mobile phones, transactions are now done through UPI, PayTM and other online ways, classes and lectures have also changed to the online platform because of convenience reasons, filling out forms and other information online is opted over physically going to the institution.

For every single one of these digital procedures, individuals have to fill out their personal data and information to the applications and allotted websites, resulting in the constant collection of their private data. So the question arises - Are Indian laws strong enough to protect our personal data?

This can be determined by a country’s ‘data privacy laws’. Data privacy is an individual’s right to control their personal data - how it is collected, stored, used and shared by other organisations. Examples: phone numbers, aadhar card details, browsing history, location etc.

Misuse and mishandling of personal information is using one’s data (phone numbers, card details etc) beyond its intended purpose and without their consent. Examples are as follows

• Identity theft or fraud - using stolen ids for fake contracts, bank frauds or false subscriptions.

• Unauthorised disclosure - sharing of this data to unauthorised people, social media, noticeboards

• Surveillance - illegally monitoring phone calls or personal messages

These few misuses can lead to major consequences for the individual and the organisation:

• For individuals - identity fraud, harassment, financial ruin, reputation damaged etc.

• For organisations - heavy fines, loss of customer trust, ban on platforms etc.

For the safety of the Indian citizens, India has a primary data protection law - Digital Personal Data Protection Act, 2023 (DPDP Act) The DPDP Act makes sure your personal data is used fairly, safely, and only with your permission.

How does this work?

Well, a company has customers. These customers fill forms which ask for personal data.

1. Your data belongs to you, when a company asks for it- they must ask for clear permission and inform you why they are collecting it

2. They must use it only for that purpose.

3. As the user: you have the right to know what data is collected about you, ask for corrections if required, deletion of your data and may file a complaint if your data is misused.

4. Companies must protect your data by keeping it safe from hacks or leaks, delta when no longer needed and be careful when sharing with others.

5. Extra protection for children below 18 - parental consent is required, no targeting ads, tracking and profiling.

6. If misuse of data is found, companies may face penalties including fines of up to ₹250 crore.

Though these rules have been applied, problems have arisen in the current system.

1. Enforcement of the current laws: The rules stated in the DPDP Act exist, but they are not being implied in a strict way. Several times violations go unnoticed and unpunished leading to companies handling their customer’s data freely without consent.

2. Lack of clear consent: We all have been the victim of ‘accept all cookies' agreement when we go to a website for a one time job. We often do not even know what we are agreeing to because of the website’s lengthy and extensive ‘terms and conditions’ leading to us mishandling our data.

3. Data Breaches are Common : Personal information often gets leaked due to weak security while sharing the data or even leaks or hacks. There are not enough strict requirements or rules for companies to protect data.

How to solve these issues and make an individual feel safe about their privacy

1. Proper enforcement of the rules : The government should be more proactive in this case. Take note if a complaint is filed, constant check ups in companies and their data privacy system, stricter punishments and penalties for misuse etc.

2. Clear permission: Websites and applications should explain their terms and conditions in a simple manner for better understanding. Highlight the more important points, explaining the phrases in bulletin points for clearer reading, for children below 18 using the devices they should have a parental consent agreement etc.

3. Stronger security for data: Imposing stronger requirements for companies to handle customer data. Strong data safety standards should be followed to prevent leaks, sharing data should be done with consent and permission of the customer, information should be deleted at the appropriate time, constant checks to prevent data breach. Companies should also explain how the data is going to be used and shared, policies should be short and simple to understand.

4. An independent data protection authority: An increase in data misuse has been witnessed in India leading to the need to protect personal data. A separate body should be employed to monitor companies' usage of data and handle complaints from customers. This institution should act fairly and independently.

Data privacy has become an important topic in today’s digital world. As more people in India use media and the internet, protecting our personal information is required. While India does have data protection laws like Digital Personal Data Protection Act, 2023 (DPDP), they are not strong enough to handle modern challenges. Implying stricter rules, stronger punishments and better user rights, can improve data safety.

Strong data privacy laws will help build trust and ensure a safer digital future for everyone.

-Written by Anannya Wanage