YLTB!

/

Tumblr

/

Linkedin

Post 3: (Part II) The ‘Fate’ of your personal data: Threats and Actors in the play.

Greetings, Dear Readers! “Your Legal-Tech Brew!” is a blog as cliché as any other blog….  It is an honest attempt towards compiling recent news in legal-cyber world, making the readers understand the basic terminologies and analyzing existing legal framework across dimensions of cyberspace through various brief posts.    (The content of the blog is original work of the author, due credits…

Greetings,

Dear Readers!

“Your Legal-Tech Brew!” is a blog as cliché as any other blog….  It is an honest attempt towards compiling recent news in legal-cyber world, making the readers understand the basic terminologies and analyzing existing legal framework across dimensions of cyberspace through various brief posts.  

 (The content of the blog is original work of the author, due credits have been given for the content referred from different sources. The blog is for information purpose only.) 


🖧 Post 3/2024: (Part II)  The ‘Fate’ of your personal data:

Threats and Actors in the play.

 

The heavy usage and digitalization of personal data has invited the threats along. MalwaresErrorsHackingPhishingSmishingVishing and the most common and favorite of all the attackers- ‘data-breach’. Dominoes Data Breach, BoAt’s, JustDial’s, BigBasket’s, Aadhar Data Breach and the recent Covid-19 test result’s breach, are all the data breaches, each one of us were a victim of.  

These organizations (private or government) are the entities determining the processing of our data: ‘data fiduciary‘ in legal/technical terms. For instance, every customer of Dominoes, every user of BoAt products and such scenarios where, an individual provides his phone number, email, financial credentials and address (personal data in all and every form) is indeed at a risk of ‘data-breach’. Such data is usually sold at the ‘dark web’ or is used for identity theft.

                                        Can it be absolutely curbed? No! Can it be prevented? Maybe! Because, personal data is an integral part of the digitized world today, none of our data is safe, all the government documents, its transactions, other private transactions are in the digital mode. So, limiting the distribution of our personal data, providing it to trustworthy sites/portals/organizations, reading the terms & conditions (most of us would never do that), and checking the privacy policies are certain basic steps to at least stay aware and alert. 

The Digital Data Protection Act (the Act) gives a comprehensive data protection framework (K.S Puttaswamy (Retd.) Vs. Union of India [(2017) 10 SCC 1] being the foundation stone of the DPDP Bill, upholding the ‘Right to Privacy’ as a fundamental right under the Constitution of India.) for ‘collection’, ‘processing’ and ‘purpose of collection’ of the personal data.

The Act under Section 2(u) defines ‘Personal Data Breach’ as “any unauthorized processing of personal data or accidental disclosure, acquisition, sharing, use, alteration, destruction or loss of access to personal data, that compromises the confidentiality, integrity or availability of personal data” and a Data Fiduciary is responsible for prevention of such data breach.

Now, we have at hand the following terminologies: Data Fiduciary, Data Principal, Data Processor and Processing of Data.  

2(i) Data Fiduciary: “any person who alone or in conjunction with other persons determines       the purpose and means of processing of personal data.”

2(j) Data Principal: “the individual to whom the personal data relates and where such individual is— (i) a child, includes the parents or lawful guardian of such a child; (ii) a person with disability, includes her lawful guardian, acting on her behalf.”

2(k) Data Processor: “any person who processes personal data on behalf of a Data Fiduciary.”

2(x) Processing: “In relation to personal data, means a wholly or partly automated operation or set of operations performed on digital personal data, and includes operations such as collection, recording, organization, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction.”

All these terms revolve around the data fiduciary being in control of an individual’s data. Let us see what a data fiduciary is. DPDP has intentionally made use of the word ‘fiduciary’ here, other jurisdictions such as European Union uses ‘Data Controller’ in Chapter 4 ‘Controller and Processor’ of the ‘General Data Protection Regulation’ (GDPR); Australian Privacy Principles uses ‘APP Entity’. Fiduciary establishes a sense of ‘trust’ (The Committee of Experts on a Data Protection Framework for India led by Justice B.N. Shrikrishna). The ones who are using your data, are responsible to act with that trust obligation towards you.

You as a data principal (owner of data) give your consent to the data fiduciaries and handover the ‘fate’ of your data, DAILY. The social mediasfinancial institutionsCloudsDrives (example: google drive), all other internet intermediaries and most common the COOKIES, you give CONSENT to are all data fiduciaries, the fate of your data once handed over to them, lies in their hands….

                                                                                                                                                         📎

Leave a comment

This is a blog aiming to provide its readers with basic legal-tech knowledge that is necessary in the current times.

The author (www.linkedin.com/in/adv-annanya-deshpande) is a cyber law enthusiast and a keen researcher on the theme of Cyber Law and Artificial Intelligence. She aims to share the basic knowledge of the legal-tech world to the commoners and also the professionals.

The Blog post provides with short/brief reads, regarding the ongoing trends, Statutory viewpoints, the tussle between practicality and the letter of law, while also explaining the basic terms used in the field of AI and technology.

The author is always open to constructive criticism and feedback. Collaborations are welcomed! Any insight can be communicated via the feedback form/ LinkedIn.

Related posts