What does data privacy mean? How is my data protected?

One of the simplest ways to understand what data privacy in Indian context means is that it is a branch of data security which deals with proper handling of personal data. It involves gaining consent, providing notices, complying with obligations and adhering to various other practical concerns w.r.t. the processing of personal data of an individual.

As a law, data protection stems from one’s fundamental Right to Privacy, which is a part of our Right to Life. While the right to life applies more directly to our physical existence, privacy goes one step further to protect the virtual and online existence of a person. Data privacy deals with how the smallest piece of personal information or data is to be handled by individuals and companies who are in the ecosystem of collecting and processing personal data.

In this digital era one of the most important asset of any company is the data it possesses. Whether this data belong to employees, clients or is a part of research and development, personal, sensitive and critical data needs to be processed with utmost care and caution and this is the basic principal on which data protection laws around the globe operate. Over and above data privacy ensuring protection of one’s existing data, it also ensures that no individual is not overly surveillanced, i.e. become a subject of uninvited digital scrutiny. In India the aforementioned principal was one of the root causes for why the Personal data Protection Bill came into being.

The landmark judgement of Justice K.S. Puttaswamy vs Union of India provided that “the right to privacy imposes on the State a duty to protect the privacy of an individual, corresponding to the liability that is to be incurred by the state for intruding the right to life and personal liberty. The right to life and liberty are inalienable to human existence – not bounties granted by the state, nor creations of the Constitution. No civilized state can contemplate an encroachment upon them without the authority of law” hence the PDPA was decided to be framed to ensure that neither individuals, nor the State can take away from us what is naturally ours- our Privacy.

One common misconception among the masses is that data protection laws are the same as information technology laws. The comparison between the two laws in is not unusual for the simple reason that to a lay man the two fields appear to solve similar purposes, however a closer look from a legal stand point suggests differently, the Information Technology laws focus on the various operations within the internet and the consequential breaches and offences, whereas Data Protection laws focus more on the data security and breach aspects and the transactions between a fiduciary and a data principal.

Arsh Bhatti

Privacy and data protection expert with Privacy Consultancy Services (PCS)

arshbhatti@privacad.com

Research & Development associate with Privacy Academy (Privacad)

RECOMMENDATIONS

Recommended readings for the topic:

1. Handbook Certified Data Protection Officer: Practical Work PlanGuidance (for the EU DPO)
2. Soft Skills of a Data Protection Officer (DPO), Privacad Whitepaper 21-081

Recommended courses for the topic:

1. India Registered Data Protection Professional (RDPP), EU-INDIA Data Protection
2. Certified Indian Data Protection Officer (CIDPO) – Indian Validation & Registration
3. Certified Data Protection Officer (CDPO) Soft Skills Training– European Validation and Registration
4. Certified Data Protection Officers (CDPO)– European Validation & Registration
5. Indonesia Registered Data Protection Professional– Indonesian Validation

See also website of Privacy Consultancy Services (PCS):

1. DPO providing a piece of mind
2. DPO professional outsourcing