Adv Mehul Bansal, Jadetimes Staff

The establishment of the Data Protection Board of India, an independent adjudicatory body with the power to investigate breaches and impose penalties of up to Rs 250 crore per violation, represents a significant enforcement mechanism. However, critics note that the DPDPA's exemptions particularly for government entities in the interests of 'sovereignty and security' are broadly drafted and may undermine individual privacy protections in practice.

Your Rights: A Consumer's Toolkit

Under most modern data protection laws, regardless of jurisdiction, consumers typically enjoy the following core rights:

•      Right to Access: You can request a copy of all personal data a company holds about you, how it is being used, and with whom it is being shared.

•      Right to Rectification: If the data held about you is inaccurate or incomplete, you have the right to have it corrected without undue delay.

•      Right to Erasure (Right to be Forgotten): In many jurisdictions, you can request deletion of your personal data when it is no longer necessary, when you withdraw consent, or when processing was unlawful.

•      Right to Data Portability: You can receive your data in a structured, machine-readable format and transfer it to another service provider.

•      Right to Object: You can object to your data being processed for direct marketing, profiling, or certain other purposes, and the organisation must stop unless it has compelling legitimate grounds.

•      Right Not to Be Subject to Automated Decision-Making: Decisions that significantly affect you credit scores, insurance pricing, job screening should not be made solely by algorithms without meaningful human review.

Big Tech Under the Microscope

The past three years have witnessed a dramatic escalation in regulatory enforcement against the world's largest technology companies. Meta has been fined over €1.3 billion by the Irish Data Protection Commission for transferring EU user data to the United States without adequate safeguards the largest GDPR penalty to date. Amazon, Google, and TikTok have each faced multi-hundred-million-euro sanctions for a range of violations, from unlawful targeted advertising to inadequate data-transfer mechanisms.