EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
The core of this act revolves around a set of data principles. These principles spindle around the basic idea that individuals inherently possess rightful dominion over their personal data—a dominion that mandates responsible and ethical handling by entities and establishments.
Consent is prime
As per the act, organizations may solely process an individual's personal digital data for a specific purpose, unless alternative consent is granted. For example, if an online retailer under a conglomerate manages personal data for a mobile purchase, the consent is exclusively applicable to that transaction. The data cannot be transmitted to the parent company or a sister organization. This delimited, informed, and functional consent effectively prevents data misuse.
Another extent of individual empowerment lies in the right to rectification. Individuals are empowered to rectify inaccurate or incomplete personal data held by organizations, including correcting name spellings. Data fiduciaries—the entities collecting and safeguarding data—must diligently strive to uphold data accuracy and completeness. The act compels entities, like insurance organizations, which previously lacked avenues for data correction, to now furnish means to rectify data, ensuring its precision and entirety.
The right to erasure of data lacks clear provision under existing laws. The new act introduces the right to erasure , wherein individuals, under certain conditions, can request the deletion of personal data no longer essential for its original collection purpose. Imagine a food ordering platform scenario. A long-term user who is not interested in continuing his engagement can now request the complete erasure of their data associated with the initial purpose of collection. The DPDP act extends the privilege of data porting to individuals. The user can now port his data to another similar platform if he wishes to. Thus a citizen can reuse the personal data across diverse services, fostering competition among service providers and choice for users.