Had it been some six decades later, poor McKenna wouldn’t have taken such a fateful journey, but just logged into his computer and hit the gold mine. Data, the biggest treasure trove of this age, celebrates 28 January as its day of security and protection from prying eyes.

At a time when every swipe, search, click, and share leaves a digital footprint, data privacy has attained immense significance across the world. From social media apps tracking our preferences to ecommerce platforms predicting our next purchase, the convenience of technology often comes at the expense of our privacy. While data is helping power innovation, shape user experiences, and fuel economies, it has also raised critical questions about control, consent, and security.

As governments enforce stricter regulations and companies adopt various policies, individuals are left wondering – how much of their personal information is truly safe?

In India, the rules for data privacy and security are in the process of being thrashed out under the Digital Personal Data Protection (DPDP) Act, 2023, even though the country is taking giant leaps on the global digital landscape.

On this Data Privacy Day, we chose to delve deeper into the current state of the country’s data privacy rules, understand its strengths, map its gaps, and assess the state of awareness among consumers and companies on the impending law. It is pertinent to note that this year’s theme is “Take Control of Your Data”.

India’s Take On Data Privacy

In August 2023, the Lok Sabha passed the DPDP Bill, 2023. The aim was to replace the data protection rules that were largely enforced through Section 43A of the Information Technology Act, 2000.

Although there are some major differences between the DPDP Act and the EU’s General Data Protection Regulation (GDPR), both intend to adhere to the global standards in safeguarding sensitive data.

After much back and forth, the Ministry of Electronics and Information Technology (MeitY) released the draft rules for the DPDP Act to the public on January 3 this year and kept the feedback window open till February 18.

However, there continue to be multiple caveats and the stakeholders have raised some concerns over the proposed rules.

The DPDP Act has a major focus on ‘data fiduciaries’ – the internet companies and social media platforms that collect personal data from users – to prevent misuse of the information and penalise companies that flout the data protection rules.

Some policy experts, however, believe that the Centre has taken a faulty approach by targeting the data fiduciaries to protect the fundamental ‘right to data privacy’.

“The current draft is........

© Inc42