DATA PRIVACY LAWS: COMPARING GDPR AND INDIAN DATA PROTECTION REGULATIONS

INTRODUCTION

Data privacy refers to the practice of handling, processing, and storing personal or sensitive information of the individual in a way that ensures it is protected from unauthorized access, misuse, or breaches. It involves safeguarding individuals’ data, giving them control over how their information is collected and used, and ensuring compliance with regulations like GDPR (General Data Protection Regulation) or CCPA (California Consumer Privacy Act). Data privacy is crucial for maintaining trust, preventing identity theft, and protecting personal and business-sensitive information. Data privacy is one of the most important and essential subjects especially in the time where everything is digitalised.

DATA PRIVACY LAWS

Data privacy laws are regulations designed to protect individuals’ personal information from misuse, unauthorized access, and breaches. These laws govern how organizations collect, store, process, and share personal data. Some of the most significant data privacy laws worldwide include:

1. General Data Protection Regulation (GDPR) – Europe:Enforced since 2018, GDPR applies to any organization processing EU citizens’ data. It Requires user consent, data transparency, and the right to access, correct, or delete personal data. Non compliance of these laws will result in heavy fines.
2. California Consumer Privacy Act (CCPA) – USA: Grants California residents rights to know, delete, and opt out of data collection. Businesses must disclose what data they collect and how they use it or store it. This ensures sense of security to the individuals.Expanded by the CPRA (California Privacy Rights Act) in 2023.
3. Personal Data Protection Act (PDPA) – Singapore: Regulates the collection, use, and disclosure of personal data of the individuals. Requires organizations to obtain consent and secure data appropriately. No organizations and entities can secure data of the individuals or public without their consent.
4. Personal Information Protection Law (PIPL) – China: Similar to GDPR, it imposes strict rules on data collection, processing, and cross-border transfers. This again requires companies to obtain consent before collecting personal data.
5. Health Insurance Portability and Accountability Act (HIPAA) – USA: Focuses on protecting health information from unauthorized access and fraud. Applies to healthcare providers, insurers, and related businesses.
6. India’s Digital Personal Data Protection Act (DPDP) – 2023: Establishes rules for personal data processing with user consent requirements. Introduces penalties for breaches and non-compliance.
7. Brazil’s General Data Protection Law (LGPD):Similar to GDPR, it mandates transparency, consent, and security in data handling. Applies to businesses collecting Brazilian citizens’ data.

These laws aim to enhance consumer rights, ensure transparency in data handling, and impose penalties on organizations that fail to protect personal information. Different countries have varying regulations, but the trend is toward stronger global data privacy protections.

COMPARISON BETWEEN GDPR AND INDIAN DATA PROTECTION REGULATIONS;

Comparison Between GDPR (EU) and DPDP Act (India)

Some of the significant differences include:

1. Consent Mechanism: GDPR has stricter consent rules, while India allows non-consensual processing for certain government and public interest cases.
2. Cross-Border Transfers: GDPR follows a strict adequacy framework, whereas India gives the government more control over data transfers.
3. Exemptions for Government: India’s law provides broader exemptions for state agencies, which GDPR limits under strict conditions.
4. Scope of Personal Data Protection: GDPR covers both digital and non-digital data ie all personal and sensitive data, whereas India’s DPDP Act focuses only on digital personal data.
5. Application: GDPR applies to any EU residents whereas DPDP applies to residents within India or any good or services to be transfered to India.
6. Enforcement authorities: Data Protection authorities in each EU country, Data Protection board of India handles the collection, transfer, complaint and enforcement.

CONCLUSION

While both laws aim to protect personal data, GDPR is more comprehensive and stringent, whereas India’s DPDP Act is more business-friendly and allows broader government control over data processing.

REFERENCES

1. Data privacy laws, https://lawbhoomi.ac.in.com, last accessed:18^th February 2025, 6:00PM
2. GDPR,www.onetrust.com, last accessed:19^th February 20205,12:00PM