top of page

Sold. Without Your Consent




Kushagra More, Nirma University

Krity Upadhyay, Nirma University


Before you have even had your first cup of tea, your phone already knows more than you'd like about where you slept, the news you consumed, the product you were about to buy at midnight. Every single thing you do online, every tap, every scroll, every hesitant search, is quietly flowing out to companies you have never heard of, on privacy policies you never actually read. The most unsettling part? You never even noticed the pattern.


Yes, India has more than 900 million internet users. That's a whole lot of people creating a lot of data every day. But until recently, there had been virtually no dedicated law to safeguard any of it. That all changed with the passage of the Digital Personal Data Protection Act, 2023 (“DPDPA”) on paper, though. However, there is a disconnect between laws and reality. . The real challenge was never passing the law, but ensuring that it rightly protects the citizens in an evolving technology driven society.


The coming into existence of the DPDPA marked not just a legislative development but also a constitutional realisation, influenced in part by the landmark judgment of Justice K.S. Puttaswamy v. Union of India. judgement, where a nine-judge bench of the Supreme Court that unanimously held that the right to privacy is a fundamental right under Article 21 of the Constitution. The legislation includes several important mechanisms. It sets out a tiered system of responsibility with "data fiduciaries" and "data principals". The rights accorded to the individual are similar at least in some respects to those of the General Data Protection Regulation (“GDPR”) of the European Union: they include the right to access their data, the right to correct their data and the right to have their data deleted, and they are to be heard by a Data Protection Board of India, which is envisaged as a body for the investigation of complaints and the imposition of fines of up to ₹250 crore. It is possible. Indian citizens now have personal rights over their personal data that are codified and enforceable for the first time. The incentive for businesses is to adopt a privacy-conscious design. Data restrictions for cross-border transfers indicate that India wants to play a serious role in the global data governance discourse. But the problems are not without significance either. The Data Protection Board is not an independent statutory body like the Election Commission but is appointed by the Central Government, raising concerns about insulation from political pressure. Furthermore, the Act does not explicitly cover algorithmic profiling, surveillance technologies or the use of AI systems to process data in a country that is fast making use of AI in areas such as welfare delivery, law enforcement and financial services. Data protection as a constitutional right may turn into a ‘pie in the sky' objective, not a reality.



Indian Journal of Law and Legal Research

Abbreviation: IJLLR

ISSN: 2582-8878

Website: www.ijllr.com

Accessibility: Open Access

License: Creative Commons 4.0

Submit Manuscript: Click here

Licensing: 

 

All research articles published in The Indian Journal of Law and Legal Research are fully open access. i.e. immediately freely available to read, download and share. Articles are published under the terms of a Creative Commons license which permits use, distribution and reproduction in any medium, provided the original work is properly cited.

 

Disclaimer:

The opinions expressed in this publication are those of the authors. They do not purport to reflect the opinions or views of the IJLLR or its members. The designations employed in this publication and the presentation of material therein do not imply the expression of any opinion whatsoever on the part of the IJLLR.

bottom of page