Greetings,
Dear Readers!
“Your Legal-Tech Brew!” (by Annanya Deshpande) is a blog as cliché as any other blog…. It is an honest attempt dedicated towards compiling recent developments in the cyber-legal domain and providing readers with a comprehensive understanding of fundamental terminologies in cyberspace.
(The content of the blog is original work of the author, due credits have been given for the content referred from different sources. The blog is for information purpose only.)
🖧 Post 2/2024: (Part I) What is the ‘Personal Data’ and why is it debated all over?
“No digital footprint can be erased completely.”
A digital footprint is a user’s digital ‘shadow’ or often termed as ‘electronic footprint’. Every time an individual uses internet, it leaves behind a trail of the activity he has performed. Posting on social media, accepting cookies on the websites, deliberately posting information (active footprints) and information collected by websites the user has visited (passive footprints), are all a part of our ‘data’. Therefore, on one hand we have the data taken from us by the ‘state’ and on the other hand we have the data that we deliberately provide in the cyber realm; both of these actions culminate to one concept- ‘personal data’, its protection and usage.
In a general parlance, in our everyday lives, we use the term data in various contexts such as these discussions pertaining to privacy which are incomplete without the data, the news and updates of data breaches, data security and what not! So what is this Data and why is it such an intrinsic part of this techno-savy world….
Data has been derived from the Latin term ‘Datum’, meaning ‘to give’. Naturally, a piece of information can be termed as a data when an individual offers the information/details, observations, anything that can be fit into a set and is unstructured (by and large) becomes data of that individual. This unstructured Data later has taken a structured manner forming the basis of ‘information technology’ being “Transmissible and storable computer information”. This leads us to our concept of ‘Personal Data’.
‘Data’ finds its mention in the Information Technology Act, 2000 (IT Act, 2000), in the definitions: 2(i) Computer; 2(k) Computer Resource; 2(l) Computer system; 2(o) Data; 2(t) Electronic Data; 2(v) Information.
2(o) IT Act, 2000 defines data as “representation of information, knowledge, facts, concepts or instructions
which are being prepared or have been prepared in a formalized manner, and is intended to be
processed, is being processed or has been processed in a computer system or computer network, and
may be in any form (including computer printouts magnetic or optical storage media, punched cards,
punched tapes) or stored internally in the memory of the computer.”
which are being prepared or have been prepared in a formalized manner, and is intended to be
processed, is being processed or has been processed in a computer system or computer network, and
may be in any form (including computer printouts magnetic or optical storage media, punched cards,
punched tapes) or stored internally in the memory of the computer.”
The Information Technology (Reasonable security practices and procedures and
sensitive personal data or information) Rules, 2011 under Section 3 defines Sensitive Personal Data or Information to include- passwords, financial information, physical, physiological and mental health condition, sexual orientation, medical records and history, biometric information, details of the above as provided to body corporates and any information received under above clauses by body corporate for
processing, stored or processed under lawful contract.
sensitive personal data or information) Rules, 2011 under Section 3 defines Sensitive Personal Data or Information to include- passwords, financial information, physical, physiological and mental health condition, sexual orientation, medical records and history, biometric information, details of the above as provided to body corporates and any information received under above clauses by body corporate for
processing, stored or processed under lawful contract.
The Digital Personal Data Protection Act, 2023 (DPDP), which is latest legislation regulating and governing personal data provides for “processing of digital personal data in a manner that
recognizes both the right of individuals to protect their personal data and the
need to process such personal data for lawful purposes and for matters
connected therewith or incidental thereto.” What sets apart DPDP is the definition of ‘data’; 2(h) “data” means a representation of information, facts, concepts, opinions or
instructions in a manner suitable for communication, interpretation or processing by
human beings or by automated means.
recognizes both the right of individuals to protect their personal data and the
need to process such personal data for lawful purposes and for matters
connected therewith or incidental thereto.” What sets apart DPDP is the definition of ‘data’; 2(h) “data” means a representation of information, facts, concepts, opinions or
instructions in a manner suitable for communication, interpretation or processing by
human beings or by automated means.
The scope and ambit of ‘data’ in the DPDP is wide enough to include every aspect of individual and public pieces of information and on every platform available today. In Indian scenario, data acts as a key source for our digitized economy, every government document can be found online today, for instance, set ups like ‘DigiLocker’ have put the personal data of the individuals on the online platform. The advancements and technological environment in India has helped in achieving accessibility and efficiency but also in attracting major threats to our personal data.
(Part II will cover the global frameworks for data protection in brief and threats associated with the personal data.)
YLTB! 
Leave a comment