Guardians of Privacy

Nearly five years after a landmark Supreme Court ruling affirming information privacy as a fundamental right in India, the country enacted its Digital Personal Data Protection Act (DPDPA) on August 11, 2023. This Act incorporates principles from global data protection frameworks like the EU and UK GDPR, as well as US laws like California's CCPA. Key principles include informed consent, security measures, and transparency. However, the Act also introduces unique elements, such as a broad definition of "Personal Data" and stringent consent requirements, leaving few alternative lawful bases for processing data. picture credit: https://www.clearycyberwatch.com The DPDPA covers all personal data processing in India and activities related to offering services to Indian residents, extending even to processing outside India. It excludes data processing for personal or domestic purposes and publicly available data. The Act places primary obligations on Data Fiduciaries (akin to da...

The General Data Protection Regulation (GDPR), effective since May 25, 2018, is the world's strictest privacy and security law. Drafted by the European Union (EU), it applies globally to any organization processing the personal data of EU residents. Non-compliance can result in penalties up to tens of millions of euros. Privacy rights in Europe date back to the 1950 European Convention on Human Rights. As the internet evolved with banner ads in 1994, online banking by 2000, and social media by 2006, the need for updated data protection laws led to the GDPR, finalized in 2016 and enforced from 2018. Picture Credit: lawbrit.com Core Principles and Compliance The GDPR is based on key principles: lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability. Organizations must process data legally and transparently, collect only necessary data, ensure its accuracy, and protect it from unauthorized...