It’s not me or you or even for that matter, a business-to-consumer company has the right to store consumers’ Personal Identifiable Information (PII) thanks to the Digital Personal Data Protection (DPDPA) Act 2023. The Digital Personal Data Protection (DPDPA) Act 2023, might serve as a guardian of customer data in a world which is becoming more interconnected and data-driven. “ The law eliminates ambiguity by establishing a framework for the lawful use of customer data, benefiting both businesses and consumers. This will establish the much-needed digital trust within the ecosystem where users’ data is used legally for innovation and improved customer experience. The act will enable companies to collect and safeguard user data in exchange for an increased chance of the user signing up for their service,” Arpit Ratan, CBO, co-founder, Signzy, a global no-code AI platform for financial service, told FE-TransformX.
Experts believe that with the implementation of DPDPB’s consent policies, citizens will be able to get the right to access information, request corrections, file grievances and nominate others to exercise these rights in the event of their death or incapacity. India being the second-largest Internet population in the world is expected to have greater connectivity for a n large-scale progress, which also leaves digital societies open to new vulnerabilities. Interestingly, the shift in consumer shopping behaviour since the pandemic and an increasing share of the organised sector within retail markets created a strong foundation for the e-commerce market. With a population of more than 1.4 billion and a fast-growing economy, the number of online shoppers is predicted to increase to 427 million by 2027, as per insights from Statista, a market research platform.
In 2020, 53% of Asia-Pacific-based youth (aged between 15 and 24 years) were using the Internet, compared with 57% of the other age groups. At a global level, young people were 1.24 times more likely to connect than the rest of the population, as per insights from the International Telecommunication Union (ITU), a United Nations-based agency for information and communication technologies – ICTs. However, this will leave the youth more prone to cyberbullying and other cyber threats related to the leakage of personal data. “ One of the crucial issues addressed by the DPDP act is safeguarding the personal information of kids and young adults who account for a sizeable population of active internet users in India. By mandating parental consent for companies to use the personal information of those under 18, the law ensures their safety and privacy. It brings constructive regulation by motivating companies to design products suitable for specific age ranges,” Prashant Muddu, MD, CEO, Jocata, a B2B FinTech platform provider for the BFSI industry, explained.
Case in point could be Big Basket, the online grocery platform, which lost data of about 20 million users in November 2020. Apart from this government agencies have also experienced security breaches. India’s unique citizen identification system, the Aadhaar, was compromised and this included a breach of personal information including bank details, addresses and biometrics of over a billion Indians. In 2020, alone, the cost of data breaches amounted to about $2 million in the country, as per Statista, a market research platform. Experts believe there has been a lack of awareness of cyber hygiene when it comes to curbing cyber crimes. “ With DPDPA being a part of India’s first data protection law, companies will not be allowed to collect or process any data without consumer consent. Consumers will have the right to know why a particular entity wants their data and how it will be used The law will also see whether the data is stored within India or outside. Hence, companies that provide offerings/ services to citizens in India but store their data in another country will have to ensure that the data is not compromised,” Anil Sinha, Chief Technology Officer(CTO), Fibe, India’s first digital lending application, said.
Industry experts believe Digital Personal Data Protection (DPDPA) Act 2023, can be a catalyst and foster a culture of vigilance while encouraging companies to invest in cutting-edge technologies and boost innovation. With this, companies are expected to not only safeguard the personal data of youth but also strengthen and efficiently manage the infrastructure that holds the data. “The act will focus on processing elements such as data subject, data controller, and data processor, how the data is going to be stored, handled, and in what circumstances the data will be shared should be clearly defined and shared with the data subject, among others. If the data is not handled according to the guidelines there are huge penalties to be paid by the companies,” Kiran Kalyan Kulkarni, CEO, AyanWorks Technology Solutions Private Ltd, a blockchain consulting company, concluded, adding that this act has the potential to bring the necessary framework for effective customer data management, especially among the youth, with privacy of the digital data being at the core.
