India is going to see a massive shift in its approach to privacy and data protection, thanks to the introduction of the Digital Personal Data Protection Act 2023. This new law holds major implications for businesses dealing with substantial amounts of personal data, particularly the giants of the tech world such as Google, Meta (the parent company of WhatsApp and Instagram), and similar players.
These companies will be handed additional responsibilities, such as appointing a data protection officer, enlisting an independent data auditor, conducting data security assessments, and adhering to other regulations. All these changes are aimed at bolstering online data security, a critical move given recent instances of data breaches and misuse.
A pivotal element of this act is its emphasis on safeguarding the personal information of children and young adults, who constitute a significant portion of customers for major tech firms in India. The act stipulates that these companies must obtain consent from parents or legal guardians prior to utilizing the personal information of individuals under 18. It also curbs the use of data in ways that could be detrimental to children. Flexibility is built in, allowing the government to permit data processing for younger children if it’s deemed safe. This measure intends to ensure more careful handling of user data from major tech products.
The Digital Personal Data Protection Act 2023 is set to trigger a profound shift in India’s privacy and data protection compliance landscape. A key aspect of this legislation revolves around strengthening obligations for enterprises engaged in processing substantial volumes of personal data, likely to be categorized as ‘significant data fiduciaries’.”
Major tech conglomerates are likely to fall within this category and will shoulder augmented responsibilities. Primary among these new duties is the requirement to designate a resident data protection officer. Moreover, they will need to appoint an independent data auditor, conduct data protection impact assessments, and adhere to other measures stipulated by the upcoming legislation.
The Digital Personal Data Protection Bill 2023 has successfully passed through India’s parliament and gained the final approval of the President of India. Preparations for its implementation are underway, involving consultations with data fiduciaries to ensure a cautious yet swift rollout. This landmark legislation follows six years after the Supreme Court’s recognition of privacy as a fundamental right.
Under the new law, companies referred to as ‘data fiduciaries’ are mandated to establish safeguards for digital data collected from individuals. In a move to provide users with real-time grievance resolution, companies will need to designate a Data Protection Officer. Users will also be granted control over their personal information. Failures to meet data security or disclosure requirements could lead to fines of varying degrees, with the possibility of cumulative penalties for repeated violations.
The Act introduces the concept of ‘consent managers’, offering users a centralized interface for managing their consent. These managers are required to register with the Data Protection Board, maintaining an accountable relationship with users while also having the power to file complaints on their behalf.
Highlighted rights and responsibilities outlined in the Act encompass access to information about data processing, rectification and erasure of personal data, mechanisms for addressing complaints, and the option to appoint a representative to exercise rights in exceptional cases. Conversely, users are obligated not to submit frivolous complaints or provide false information, with potential penalties for non-compliance.
from Firstpost Tech Latest News https://ift.tt/oziq2ST
No comments:
Post a Comment
please do not enter any spam link in the comment box.