How to resolve individual data privacy complaints

Author: Smriti Parsheera

The article was first published in The Indian Express on July 13th, 2020. The views are of the individual author.

It has been almost three years since the process of drafting the Personal Data Protection (PDP) Bill was set in motion. Assuming that the current version of the Bill, which is being reviewed by a Joint Parliamentary Committee, were to be passed, what remedies would it offer to individuals who suffer privacy harms?

For instance, if an app collects an individual’s location data for the sole purpose of COVID contact tracing, but later uses it for monitoring quarantine restrictions, what recourse would the person have? Similarly, what happens if a website fails to safely secure their database leading to a breach of the customer’s credit card information with resulting financial loss?

The answers to these questions are closely tied with the design of the proposed Data Protection Authority (DPA) that is to be created under the Bill. One of the many important duties cast on the DPA is to adjudicate complaints received from data principals — individuals whose personal data is processed by others. In the above examples, the affected individual can, therefore, make a complaint to the DPA seeking compensation for the harm caused to her.

Read the full article here.