EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Welcome to "Gateway to data privacy and protection," a cutting-edge podcast series that delves deep into the realm of data privacy and protection.
Employee perspective
From the vantage point of employees, the inception of ‘legitimate use’ and the fortified right to withdraw consent signifies monumental strides in safeguarding personal data. Employees can now rest assured that their personal information won't be utilized without their explicit authorization, except for any purpose other than their employment; and they possess the prerogative to easily rescind/alter consent if they so desire. This newfound control emboldens employees to make informed choices regarding the sharing of their data, fostering a climate of trust between employers and their workforce.
However, employees may encounter challenges in grasping the intricacies of data protection statutes and comprehending how their data is utilized within the corporate arena. Organizations must invest in lucid communication, comprehensive data privacy training, and accessible resources to ensure employees are well-informed about their rights and options concerning their data, especially the concept of ‘legitimate use’ should be clearly explained in the context of their data.
Implication of consent taken under the context of ‘legitimate use’ :
- Consent may not be freely given, specific, informed, and unambiguous.
- Such consent might lack the transparency necessary to inform individuals about how their data will be used.
- Organizations using such consent need to be able to prove that it was for ‘certain legitimate use’ as per the DPDP Bill.
- With consent for legitimate use as per the Bill, individuals might not be aware that they've consented in the first place, making it difficult for them to exercise the right of withdrawing consent.
- Such consent might not be adequate for Sensitive Personal Data, Children’s Data and may attract regulatory scrutiny / legal action if non-complied as per the Bill.
- Organisations may face reputational damage if such consent is questioned; it may be construed that organisation has not taken the privacy of data principals seriously.