Are personalized advertisements leading towards the potential breach of the
right to privacy? Is tailored marketing paramount to personalized content or
personalized contempt of privacy? Are the current Data Protection laws
sufficient enough to secure the personal data of the individuals? How to prevent
the breach of the new age asset namely the data in the current era whereby
there's a close eye on your web activities in the name of distinctive content
driven algorithms provided to the individuals?
The issue of personal data protection remains an unresolved quandary,
particularly concerning tailored marketing practices on the internet. Despite
advancements in legislation and regulatory frameworks, the efficacy of
safeguarding individuals' personal data in the realm of online personalized
marketing persists as a paramount concern. Henceforth, this article endeavors to
elucidate how a seemingly inconspicuous lacuna within extant data protection
legislation may precipitate a transgression of Article 21, as enshrined within
the Indian Constitution.
Data and Digital Data:
Information is the oil of the 21st century, and analytics is the combustion
engine", this phrase by Peter Sondergaard got a lot of attention when humans
realized the importance of Data. No sooner after this when people perceived the
eminence of data, Clive Humby coined another phrase, "Data is the new oil". In
the beginning of the 21st century, as technological progressions in the digital
sphere transpired, data became the most valuable asset, replacing oil.
The
centrality of oil during the Industrial Revolution of the 20th century is now
yielding to the ascendancy of data in the contemporary landscape of the Fourth
Industrial Revolution. Data and oil are both found in the crude form and need to
be refined in order to use them in the desired manner. Thus, these points of
similarities led the scholars to conclude that, "Data is the new oil". To
understand the concept of digital data it is important to begin with several
basic terminologies revolving around the concept of Digital Personal Security.
According to the Section 2(h) and Section 2(n) of the Digital Personal Data
Protection Act, 2023;
"Data" means a representation of information, facts, concepts, opinions or
instructions in a manner suitable for communication, interpretation or
processing by human beings or by automated means.
"Digital personal data" means personal data in digital form.
Furthermore, digital data can be classified into 3 major distinctive categories,
i.e. Digital Personal Data, Digital Non-Personal Data and lastly Digital
Critical Data.
- Digital Personal Data: Digital Personal Data means a type of data which stores your personal information like name, address, mobile number, e-mail address, bio-metric information, browsing activities, device location, etc. This data can be used to reveal your personal information.
- Digital Non-Personal Data: Digital Non-Personal Data means the type of data that is generated by an individual, but the identity of that individual is not disclosed or not generated into the means of data. The most common example of such data is the detection of the density of traffic when an individual generates a route via global positioning system on Google Maps. Herein, the identity of the user is not stored in the form of data.
- Digital Critical Data: Digital Critical Data is a type of data which creates a database for the information of the government's infrastructure, for example, Defense related data or Nuclear Power related data. Such data cannot be accessed by the general public and thus it does not fall under the ambit of Right to Information.
Personalized or Tailored Marketing:
Personalized or Tailored Marketing constitutes a digital marketing modality that
involves the customization of content and advertisements for specific products
and services, contingent upon an individual's internet activities. This
marketing practice leverages sophisticated algorithms to deliver content or
advertisements tailored to the discerned tastes and preferences of consumers.
The accelerated pace of contemporary human existence manifests as a rapid
cadence in the lives of individuals, where time is a precious commodity
perpetually in demand, henceforth, this process of marketing namely digital
marketing play a prominent role in furnishing substance-driven personalized
advertisements and content that are not only personalized but also highly
pertinent and beneficial to the target audience. In order to provide such
customized content or advertisement to the target audience, the browsing
activities of a user are being stored as data within the database of a company.
Such data is being collected from the cookies that are generated or accepted
while surfing on the internet.
Cookies are data files generated by a web server and transmitted to a web
browser, which subsequently stores them for a specified duration or the entirety
of a user's session on a website. These stored cookies later enable websites to
discern and analyze the browsing preferences of the individual, thereby
facilitating the delivery of algorithmically driven, personalized content.
These cookies serve to retain and manage data pertaining to website activity,
including visited pages, items within a shopping cart, login credentials, search
history, and language preferences. Additionally, they may gather personally
identifiable information such as names, email addresses, phone numbers, and
other user-related data. The discretion to accept or reject such cookies, i.e.
to allow such web servers to store the personal information or any such
information depends upon the user.
Therefore, this is how the tailored or personalized marketing process works with
the help of the web cookies in order to generate the algorithms that are content
driven as per the taste and preference of an individual.
Right to Privacy- An Overview:
Privacy, though lacking a singular legal definition, privacy has been expounded
upon by legal scholars as a fundamental human entitlement inherent to all
individuals by virtue of their existence, not contingent upon any instrument or
charter. This encompassing concept extends beyond mere seclusion to encompass
facets such as bodily integrity, personal autonomy, informational
self-determination, safeguarding against state surveillance, preservation of
dignity, confidentiality, protection from compelled speech, and the liberty to
dissent, move, or contemplate.
In essence, the entitlement to privacy
necessitates adjudication on a case-specific basis. The evolution in the field
of technology and the digitalization of the biometric and the demographic
information of the individuals made the legal scholars argue whether the right
to privacy was a fundamental right under the Constitution of India or not.
The Right to Privacy in India is a fundamental right granted to the citizens of
India to safeguard their personal information and to limit the collection and
storage of data by governmental and private entities, thereby protecting
individuals from threats to their privacy. The judgment passed by the nine Judge
Bench in the case of K.S. Puttaswamy (Retd.) & Anr. Vs. Union of India & Ors. is
regarded as the landmark judgment which gave the Right to Privacy constitutional
validity and brought the Right to Privacy under the ambit of Right to Life and
Personal Liberty under article 21 the Constitution of India.
This landmark
judgment unanimously held that "the right to privacy is protected as an
intrinsic part of the right to life and personal liberty under Article 21 and as
a part of the freedoms guaranteed by Part III of the Constitution". Though this
judgment became the reason for the existence of the Right to Privacy and its
confinement into the Constitution of India as a fundamental right, the concept
of privacy and the right to privacy has been a subject of extensive deliberation
in the Indian apex court for a considerable period, with numerous cases
thoroughly examining the issue.
Henceforth, the result of this thorough discussion and the need of an
individual's safety of privacy resulted into declaring the Right to Privacy as
the fundamental right as enshrined in the Constitution of India.
Digital Personal Data Protection Act, 2023:
The Digital Personal Data Protection Act (DPDP Act), 2023 is significant piece
of legislation in India that governs the use of personal data of the individuals
in the digital space. This act was enacted to prevent the breach of privacy of
the users in this era of digitalization. The Act outlines the rights of
individuals (data principals) and the obligations of the entities handling their
data (data fiduciaries). It mandates informed consent for data collection and
imposes strict penalties for non-compliance, aiming to ensure responsible data
management while balancing the interests of both individuals and organizations.
The Shah Committee, which was chaired by Hon'ble Justice A.P. Shah is considered
to be one of the first steps in the construction and the formation of the
aforementioned legislation. The Shah Committee was an expert committee formed
and established by the Government of India in order study and review the
international laws and regulations about the digital privacy and to recommend
the most suitable legal framework to legislate such privacy laws in India. This
committee issued a report which became a blueprint for the legislation of the
privacy laws in India. The key elements of this report are the nine basic
privacy principles mentioned therein which were an adaptation of the best
international policies and provided a basic guideline for framing the Indian
privacy laws.
The most prominent role in the codification of the privacy laws in India was
held by the B.N. Srikrishna Committee which was establish by the Government of
India led and chaired by Hon'ble Justice B.N. Srikrishna in the year of 2017.
This committee was assigned a task to review and analyze the current situation
of the data protection and privacy laws in India while taking a reference from
certain international policies and regulations governing the same in their
respective country or region.
The said committee submitted a report in the year
of 2018 which not only became a guideline for the new privacy laws in India but
also served to be an informational asset regarding data, consent, data
regulations, data protection and provided certain exceptions regarding the
implementation of aforementioned privacy laws with the reasonable explanation
thereon. The B.N. Srikrishna Committee also submitted a draft bill called the
Data Protection Bill, 2018. This draft bill proposed stringent regulations on
data processing activities, data localization, and the establishment of a Data
Protection Authority (DPA).
The draft Bill was later introduced in the parliament as the Personal Data
Protection Bill, 2019, the parliament suggested several modifications and was
also discussed in a Joint Parliamentary Committee (JPC) for further scrutiny and
public consultation. Furthermore, the committee conducted a thorough survey and
took extensive consultations from the different sections of civil society and
the legal experts.
The committee even considered the data protection laws around
the globe in order to adapt the most suitable legal framework for the said laws
and its implementation in India. Moreover, in the year 2021, the said committee
issued and submitted a report wherein all the changes regarding the draft bill
were suggested. This amended bill was named the Data Protection Bill, 2021. This
bill suggested notable changes and various amendments to address the concerns
about government exemptions, data localization, and cross-border data transfers.
In the year 2022, by the recommendations of the JPC Committee and the public
feedback the government of India took a decision to withdraw the Data Protection
Bill, 2019 and announced that a new bill will be introduced after considering
the JPC's suggestion and recommendations. Furthermore, The Ministry of
Electronics Information Technology issued a draft bill for the data protection
laws, the bill was named as the Digital Personal Data Protection Bill, 2022.
This new draft simplified several provisions and focused on core principles of
data protection. The bill was later introduced in Parliament as the Digital
Personal Data Protection Bill, 2023. The said bill was able to build a consensus
and therefore was passed by both houses and received the presidential assent
thereon on, becoming the Digital Personal Data Protection Act, 2023.
The main purpose of Digital Personal Data Protection Act, 2023 was to ensure the
safety of the personal data of the internet users, it was also legislated for
the prevention of data misuse and ensuring the data security, it also provided
the rights for the data principals with the outlines of the conditions for the
cross-border data transfers.
Personalized Content Or Potential Breach Of Privacy?
In order to provide personalized content to the user, the service providers of
any website, application or any such digital source often try to collect your
private data in the form of cookies. At the initial stage wherein the service
providers will have to ask the consent in order to access to the personal
digital data of the users in the form of cookies, the cookies which collect and
save the personal data are usually brought up by a pop-up interface which
appears while using an application or a website, the main objective of these
cookies is to provide a better user experience, as claimed by the service
provider.
These service providers at times not only consist of the developers of
the application/websites but also the partners and the vendors of the
application/website. The claimed use of such cookies is to keep track of the
data to analyze how the user uses the application, to provide personalized
content recommendations and to provide more relevant services.
The issue of
whether a user's fundamental rights are violated with regards to consent for the
collection and use of cookies hinges on a broader question: At the moment of
consenting to or rejecting cookies, was the user fully informed about the scope
and purpose of data usage? Furthermore, was the user adequately apprised of the
application's or website's third-party partners or vendors with whom their data
would be shared?
Why isn't the user allowed to access the application/website
after rejecting such cookies (only applicable to certain applications and
websites)? and lastly when the user deletes or exits the application or website
are these cookies deleted and if yes, where does the proof lie? This raises
serious concerns about the adequacy of disclosure and the validity of consent in
the context of data protection and privacy rights.
Furthermore, it is patently evident that cookies that are the collected by the
websites or the application often collect certain non-personal and personal
information in order to provide the personalized or the tailored content but the
question arises that up to what extent the collection of the data does not lead
to the potential breach of the Right to Privacy as enshrined in the Indian
Constitution? In order to answer it, we need to first understand whether
personalized content is a potential breach of privacy or not, the answer is it
does.
There have been instances when unauthorized data collection has been
witnessed by the users that led to the violation of privacy. Companies and
applications like Truecaller, Google, TikTok, Zoom and Facebook were accused of
collecting personal data from the users without their explicit consent.
Truecaller allegedly enrolled some users into its Unified Payments Interface
(UPI) payment system without their knowledge and even collected their personal
data without their consent. Moreover, Google in 2018 faced criticism after it
was revealed that it traced the location of the users even after the location
tracking feature was turned off.
Application called TikTok in 2020, a popular
video-sharing app, was fined for illegally collecting personal information from
children under the age of 13 in the U.S. without obtaining parental consent,
which violated the Children's Online Privacy Protection Act (COPPA) in the
United States of America. Zoom, often regarded as a virtual meeting platform,
was found to be sending data to Facebook without informing its users, even those
who didn't have a Facebook account.
This practice was discovered in the early
stages of the COVID-19 pandemic when Zoom usage surged globally. Lastly, the
most famous scandal, namely The Facebook- Cambridge Analytica Scandal, a
political malice, was the biggest privacy breach of all time. Nearly, the
political consultancy firm (Cambridge Analytica) accessed the personal data of
87 million Facebook users without proper consent.
Moreover, in order to provide personalized content, there have been instances
when websites or applications impose excessive surveillance and monitoring of
the user's behavior over the digital platforms. This surveillance and monitoring
are often done without the explicit consent of the user and therefore it is an
invasion of privacy. Users often face the problems of lack of transparency
wherein they are not made aware of the extent and the procedure of the data
usage by the service provider, therefore a distinct violation of the
informational autonomy, a key element of privacy.
Certain underdeveloped or
developing websites or applications often have vague terms and conditions that
users might not fully comprehend. In cases where consent for data collection is
not explicitly informed or is obtained through ambiguous or coercive means, it
fails the test of free consent. In such situations, personalization may be
deemed unconstitutional as it does not respect the dignity and autonomy
guaranteed under Article 21.
The biggest threat to the user's digital asset, namely the data, is the
inadequate data protection on the part of the digital service provider. There
have been cases in India where the large-scale data breaches exposing personal
information of users were witnessed, the reason behind this was merely the weak
encryption or inadequate data protection by service providers. The Aadhar Card
Data Breach (2020), The Justdial Data Breach (2020), The Domino's India Data
Breach (2021), The Mobiwik and the Air India Data Breach (2021) are the evidence
to the above-mentioned claim.
Therefore, it is evident enough to assert that the personalized content may lead
to a potential breach of privacy wherein in certain cases the users are under
huge threat of their personal data being exposed to the digital forum even
without their explicit consent or with the partial consent.
Are The Current Data Protection Laws Sufficient Enough To Safeguard The User's Right To Privacy?
The government's initiative to introduce the new data protection laws is
commendable but the question arises that are these new data protection laws
namely the Digital Personal Data Protection Act, 2023 sufficient enough to
safeguard the user's right to privacy?
The answer is paradoxical, as the name of the act Digital Personal Data
Protection Act, 2023 suggests that these laws are legislated for the protection
of the digital personal data of the users, the definition of the term "personal
data" under section 2 (t), "personal data" means any data about an individual
who is identifiable by or in relation to such data; is very vague and abstract.
The question of law arises in the interpretation of the definition, what comes
under the ambit of personal data?
Furthermore, the explicit ability of the government to exempt itself from the
provisions of the act under section 17 (2)(a) when the government demand any
data which is necessary for the sovereignty and integrity of India. Moreover, as
mentioned section 18-20 and 24, despite of the members of the Data Protection
Board functioning independently, the central government will have an unmediated
control over the appointment of the board chairperson along with its members
along with their tenure and salaries and removal of the chairperson and the
members.
Lastly, as mentioned under section 17(3), the central government can
notify several data fiduciaries which will be exempted from this law. This gives
the central government the explicit power to list down the companies or
organizations including startups exempting them from the application of the
provisions as mentioned under the Digital Personal Data Protection Act, 2023.
Moreover, as mentioned under the section 27(3), the central government has the
power to withdraw, cancel and suspend, any direction that the board has given to
a person or a company for violating the provisions of Digital Personal Data
Protection Act, 2023.
Therefore, these provisions have given undue powers and exemptions to the
government which is paradoxical to the "independence" of the board as mentioned
under the act. Hence, the aim to protect the right to privacy of the individuals
or the group of individuals by the express provisions of the act is itself
giving exemptions and powers to the central government that may infringe the
rights.
In addition to the abovementioned powers and exceptions of the central
government to be under the purview of the provisions of the act, the act clearly
lacks a data security auditing mandate which is an essential test to check
whether the company or the organization has control over the sensitive digital
data of the users. As per the current data protection laws it is left up to the
discretion of the company or the organization to have a data security audit
mandate or not. The implementation of a data security auditing mandate will
significantly enhance user privacy, whereas the absence of such mandates may
result in a deficiency of robust data protection measures.
Not only the fundamental right of privacy but even the right to freedom of
speech is under a threat, wherein it is mentioned under section 37(1)(b) and
37(2) that:- 37(1)(b) advises, in the interests of the general public, the
blocking for access by the public to any information generated, transmitted,
received, stored or hosted, in any computer resource that enables such Data
Fiduciary to carry on any activity relating to offering of goods or services to
Data Principals within the territory of India, after giving an opportunity of
being heard to that Data Fiduciary, on being satisfied that it is necessary or
expedient so to do, in the interests of the general public, for reasons to be
recorded in writing, by order, direct any agency of the Central Government or
any intermediary to block for access by the public or cause to be blocked for
access by the public any such information.
(2) Every intermediary who receives a direction issued under sub-section (1)
shall be bound to comply with the same. This implies that the central government
holds comprehensive authority to restrict certain statements or information
under the guise of serving the public interest.
Furthermore, one of the major shortcomings of the Digital Personal Data
Protection Act, 2023 lies in the provisions of the cross-border transfer of the
digital data wherein the issue of the countries having weaker data protection
laws, weaker data security or data management will surely make the data more
vulnerable and the threat to the breach of the sensitive data of the user was
overlooked by the legislation. This can lead to a potential threat to privacy of
the users in India using or operating any application or websites which are
developed overseas.
In conclusion, the act was enforced to protect the digital personal data of the
users, but it has not explicitly mentioned the measures and the remedies to
protect the data breaches or has not given robust guidelines to the
organizations or the companies collecting or storing the personal data to have a
basic security mandate in order to protect the privacy rights of the users.
Henceforth, when the user is getting the personalized content the question of
privacy will defiantly arise due to these major shortcomings of the act.
How To Prevent The Breach Of The New Age Asset?
It is now patently evident that there is a close eye on the user's web
activities in the purview of distinctive content offered to the users,
therefore, the concern over the protection of the sensitive personal data is the
need of the hour. This article not only aims to draw the readers' attention
towards the current issues but will also provide suggestions and remedies to the
individuals and the legislation to protect the right to privacy of the users.
Suggested Amendments to the Act:
The legislation should provide explicit guidelines in order to obtain the
consent from the user regarding the access of the personal sensitive data of the
user. Therefore, the government should enhance the framework for obtaining the
consent from the users. The consent should be clear and easy to understand, it
should have all the information about where and how the data will be used, it
should also provide the guarantee to the users that once the application or the
website is deleted or not in use the developers and vendors of the same will
delete the data thereon.
Lastly, the consent should mention this privacy policy
not only in English language but in the regional languages also for the better
understanding of the individuals. The verbal dictator with help of the AI
assistance to read out the policy for the user will be the most effective way to
bring attention to the privacy policy of the application or the website.
In the case of a privacy breach the users should be made aware of the same as
soon as the breach has occurred. This should be mandatory provision in the act
and a duty of the digital service providers to draw the attention of the users
towards the breach so that they can take several required actions to avoid
further exploitation.
The international transfers, also called the cross-border transfers in the act
has overlooked a major concern of transferring the data to the countries which
might have weaker data protection laws. Therefore, the legislation should
formulate a common set of rules for the international transfer of data.
Moreover, it should also provide a set of requisites in terms of the data
protection laws of that respective country to be fulfilled with an aim to
protect the potential breach of privacy of the users in India. If those
requisites are not being satisfied, then the government should not allow such
companies or the organizations of that respective country to collect and save
any kind of data from India.
The government should also impose a set of requisites for even the local
companies and organizations in order to collect and save the data of the users.
These requisites should give the utmost importance to an effective data security
mandate.
Lastly, as mentioned earlier data is now a new age asset therefore, stricter
punishments should be imposed to whoever commits the breach of data with an
unlawful intention and fine shall also be imposed on the company or the
organization from where such data is been hacked or breached. This will create a
fear in the minds of the hackers and the companies, or the organizations will
strengthen their data security in their servers. Moreover, the government should
educate the users regarding their rights and duties pertaining to the activities
on digital forums. It should also spread awareness regarding the legal remedies
for the data breaches.
In conclusion, these are certain changes rather suggestions to be made in the
current data protection act to safeguard the privacy rights of the users. These
suggestions not only aim to address breaches of privacy arising from
personalized content but also adopt a comprehensive perspective on safeguarding
the rights and safety of each individual within the digital landscape.
Generic Suggestions:
To safeguard their right to privacy, every individual should undertake specific
measures to remain vigilant regarding the malpractices perpetrated by service
providers under the pretext of personalized content. Individuals should endeavor
to educate themselves about various aspects related to consenting to access
their sensitive data; the following are those critical considerations:
- Read and understand the privacy policy of the website or the application before accepting the cookies thoroughly.
- Check whether the privacy policy explicitly mentions the extent to which the website or application will collect, use, and transfer the data. If the information regarding the same is absent, either do not approve the access or delete the application.
- Only give consent to access the data while using the application or website and not otherwise.
- Before deleting the application or exiting the website, check whether the data will be deleted as soon as the application or website is deleted/exited or not. If that information is not deleted immediately, decline all the access given to the application from your device settings, and for declining the access to the website, decline all the access given to the website from the browser settings.
- Lastly, to check whether the data is completely deleted or not, either consult the regulatory authorities or use any third-party data deletion tool.
Always implement parental control over the device and the applications used by a
minor. No consent shall be given by a minor without the permission of the
parents. Keep such applications and websites blocked in the device used by a
minor. Lastly, educate the minor about the malpractices over the internet and
ask him/her to complain to a guardian as soon as he/she witnesses anything
unusual.
It is imperative to promote social awareness regarding the critical importance
of data security. A user is merely one click away from potential digital
exploitation under the guise of personalized content. It is essential to
recognize that once sensitive data is collected and utilized to curate an
individual's online experience, such as controlling their menu or internet feed,
such data can influence their choices. When individual choices are manipulated,
it becomes feasible to exert control over their behavior. Ultimately, if one
gains control over an individual's behavior, they can compel that individual to
act in accordance with their desires. This phenomenon was exemplified in the
Facebook-Cambridge Analytica scandal, which underscores the profound
implications of data misuse.
Ultimately, an individual must be acutely aware of the safety and security of
their personal data. This awareness entails understanding the significance of
safeguarding one's information against unauthorized access, misuse, or
exploitation. Users should familiarize themselves with the data protection
rights afforded to them under applicable legislation, as well as the potential
risks associated with sharing personal information online.
Moreover, individuals ought to adopt proactive measures to enhance their data
security, such as employing strong, unique passwords, enabling two-factor
authentication, and regularly reviewing privacy settings across digital
platforms. Engaging in critical evaluation of the terms of service and privacy
policies of applications and websites is essential to ascertain how personal
data will be utilized and shared.
By cultivating a comprehensive understanding of these elements, individuals can
better navigate the digital landscape, mitigate the risks of data breaches, and
empower themselves to make informed decisions regarding their personal
information. Awareness of one's own data security is not merely advisable; it is
a fundamental aspect of maintaining autonomy and safeguarding one's privacy in
an increasingly interconnected world.
Conclusion
In conclusion, the intersection of personalized marketing and data privacy
presents a profound challenge in the digital age, where the value of personal
data has escalated to unprecedented levels. The Digital Personal Data Protection
Act 2023, while a commendable step toward addressing privacy concerns, leaves
critical lacunae that could undermine its efficacy. The Act's vague definition
of "personal data" and the broad exemptions granted to the government pose
significant risks to the integrity of the right to privacy. This is further
compounded by the government's power to exempt entities from compliance, raising
concerns about the transparency and accountability of data handling practices.
Moreover, the Act's failure to mandate data security audits and the provision
allowing cross-border data transfers to countries with weaker data protection
standards increase the vulnerability of personal data. Such legislative gaps
create a privacy paradox, where the right to privacy, enshrined under Article 21
of the Indian Constitution, is potentially compromised by inadequate regulatory
safeguards.
To effectively safeguard individuals' privacy, the Act must be strengthened
through amendments that provide more explicit and stringent data protection
measures. These should include clear guidelines for obtaining user consent,
robust data security mandates, and stricter regulations on cross-border data
transfers. Additionally, companies must be held accountable for data breaches,
with substantial penalties imposed for non-compliance, to deter misuse and
negligence in data management.
Ultimately, personalized content while offering benefits should not come at the
expense of fundamental rights. The potential for misuse of personal data through
excessive surveillance or unauthorized collection raises critical ethical and
legal questions about the balance between technological innovation and privacy.
The infamous Facebook-Cambridge Analytica scandal is a testament to the
far-reaching consequences of data exploitation, where manipulation of personal
data resulted in interference with democratic processes.
Thus, the Digital Personal Data Protection Act 2023 must evolve to meet these
challenges, ensuring that privacy remains an inviolable right in an era
dominated by digital interactions. The convergence of legislative reform,
corporate responsibility, and individual awareness is essential to mitigating
the risks associated with personalized marketing and protecting the personal
autonomy of every digital user in India. The future of data privacy hinges on
this balance, requiring both proactive legal safeguards and a vigilant, informed
public.
Written By: Bhavya Kotadia
Please Drop Your Comments