In 1890, Warren and Brandeis were the first to envisage the concept of privacy. People are concerned about surveillance and privacy in this information age and post-globalization period. As technology advances, the state apparatus has used it to keep a close eye on people’s activities, both physically and virtually. It implies that it is a violation of a person’s right to privacy. Individually collected data could be used to modify them. As a result, it becomes clear that the government’s surveillance must be limited. The state’s main obligation is to protect its citizens while interfering minimally in their lives. This can be accomplished through the implementation of effective policies and tactics.
The law on privacy and data protection is quite simple and basic. According to Section 43A of the Information Technology Act, 2000, and the Information Technology (Sensible Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI rules), every business in India that gathers, receives, owns, transmits, processes, or can link any other verb that relates to “personal information” falls completely under a contractual responsibility with the information provider to have such privacies.
What kind of information is being gathered?
The data fields that are being gathered must be clearly stated in the policy. Personal identifiable information (PII) and sensitive personal data (SPD) must be mentioned properly.
According to the SPDI guidelines, any information relating to a natural person can be identified as private details, which can be used directly or indirectly in conjunction with other information available or anticipated to be available to the body corporate to identify that person.
The SPDI laws only limit sensitive personal data or information, as well as the scope of protection, to the following:
– Security Passwords
– The state of one’s mental, physiological, and physical health.
– Medical records and history
– Bank account, credit card, and debit card numbers, as well as any other financial or payment-related details.
– Sexual preference.
– Any information related to the preceding clauses that is given to the body corporate for the purpose of delivering service.
– Information on biometrics
– Any information received by a body corporate under the preceding paragraphs for the purposes of operating, storing, or processing the legal agreement or otherwise.
Under the terms of the guidelines, other types of data will not require data protection.
What method is being used to collect the data?
Notifying the purpose of data collection
Is there any use of third-party plugins or third-party data collection?
Many websites make use of a number of different plugins. Some websites disclose the use of third-party plugins; however, they could be more transparent by informing consumers about which plugins were used, why they were used, and whether or not the plugins collected data. Many websites allow the marketing of advertisements as a means of generating cash. The website should make it clear that it is not responsible for data collected by a third-party website.
Is it possible to avoid the data collection process?
Before obtaining any information, especially sensitive personal data, organisations should give people the option to opt out of supplying such information. Furthermore, there should be a procedure for doing so. Withdrawal of consent must be communicated to the organisation in writing. As a result, the organisation will no longer be accountable for providing any services.
What are some of the organization’s well-considered security safeguards and procedures?
According to SPDI rules, every data controller must have a comprehensive, documented information security programme and policy that includes technical, managerial, physical, and operational security limitations that are appropriate for the information assets being safeguarded and the nature of the business.
Is the usage of cookies or web beacons permitted?
With the help of these settings, many websites employ web beacons (transparent image pixels) and cookies (a particular set of codes) to track users or provide customised services to them. Enabling cookies, for example, allows the website to remember you so you don’t have to log in every time you visit. It is possible to disable cookies in this case, but not in the case of web beacons.
Whom should I contact if I have a complaint?
The body corporate must establish a grievance officer and post his or her name and contact information on the website to address any user complaints and discrepancies. It is the grievance officer’s job to settle the matter quickly, within one month of receiving the grievance submission.