The owner of a website is required to indicate what information they will gather from the users and how such information will be utilized and applied. The user information given on the site or in a mobile application can be subject to exploitation and breach and the same can be avoided if it is regulated in an appropriate way. Hence, every site or application should have measures to safeguard such information and that is the main objective of privacy policies.
Whenever users submit their personal data to organizations, they provide the organizations with their personal and sensitive personal information which can be utilized against them if it falls into some untrustworthy hands.
In the light of the foregoing, data privacy policies or privacy policies are implemented in the websites or applications to safeguard the personal information of the users, including the clients and employees of the organizations.
PRESENT CONDITIONS OF DATA PRIVACY POLICIES
In 2020, India prohibited 118 extra Chinese applications since they were violating Section 69A of the Information Technology Act, 2000. According to reports, these applications were viewed as indulgence of the unlawful collection of information. The data gathered included delicate data of shoppers, their GPS locations, WiFi access names, and so forth.
LinkedIn, the world’s biggest professional website, in April 2020, affirmed a huge information break and information of more than 500 million of its clients were exposed and subject to the breach. The spilled data sets included personal data of its clients and allegedly were sold to unknown and illegal websites. Furthermore, in April 2021, renowned Indian start up, Big Basket, announced information breaks and security bugs in their framework, compromising the sensitive data of more than 20 million users.
Like the ones mentioned above, several such data breach incidents have taken place in the recent past. While enormous fines for information breaks stand out as truly newsworthy, it is appropriate for developing businesses to consider the risk management based approach while overseeing information security since the result of these breaches are unlimited.
SALIENT FEATURES OF DATA PRIVACY POLICIES
It was stated in that judgement that “if an individual grants permission to somebody to go into their house it doesn’t imply that others are also allowed to go into the house. It becomes essential to maintain and keep in check the rights of the individual which is applicable in both, be it in physical form or technological form.”
- Purpose of the Data Collected
In the event, later on, there is a modification in the purpose for which the data was collected; the same shall be informed to the users at the earliest. Usually, the data gathered for a predefined reason cannot be held for longer than it is expected of the purposes.
In this way, when the personal data has been utilized as per the required reason, it is ought to be disposed by the Data Controller.
- Third Party Data Transfers and Cross Border Sharing
In today’s boundary-less nature of the internet, it is important to stipulate the extent of data sharing or data transfer. The users should be aware about whether their personal data would be transferred beyond the national jurisdiction or to any third party.
Furthermore, the organizations should also ensure to be compliant with the data protection laws across several jurisdictions as the same might have different implications on the data that is being processed and transferred.
Taking into account that the technological population in India has developed significantly, information security and information assurance are central points of issues right now. Each user visiting a website leaves his/her computerized impressions which is usually their private information. This might include, purposely or accidentally, giving their IP address, name, gender, or other such personal and sensitive personal data.
To regulate this entire process of data collection, processing and storing, the organizations should implement exhaustive privacy policies which shall include all the important elements as discussed hereinabove.
Terms of purpose and privacy policies ought to be treated as one of the most important legal instruments which is mandatory while building a website, and the same should be tailored as per the business necessities and the target user base, along with due compliance with the national and international laws.
–Team AMLEGALS assisted by Ms. Amrita Ghosh (Intern)
For any queries or feedback, please feel free to get in touch with firstname.lastname@example.org or email@example.com