Under the Digital Personal Data Protection Act, 2023, personal data processing is only permitted when a user has given their consent for the same. Companies can also process personal data without consent when for “legitimate uses” under the Act—including epidemics, disasters, or State functions under any law. Companies should provide users with a “notice” when seeking their consent for data processing. Notably, if a user has consented to data processing before the law’s enactment, the company should serve notice as soon as “reasonably practicable”.
“It is respectfully submitted that when faced with a similar situation in the European region, where the General Data Protection Regulation i.e. GDPR had been enacted, but had not come into force, WhatsApp had submitted an undertaking to the authorities in Europe that till the GDPR comes into force, they shall not transfer any WhatsApp User data to any other Facebook company on a controller-to-controller basis for any purpose,” the petition said, MoneyControl reported.
The petitioners also requested that users be given the option to delete data stored on the platform prior to the law’s enactment and that WhatsApp appoint a data protection officer as required by the data protection law.
STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!
- Summary: India’s Digital Personal Data Protection (DPDP) Bill, 2023