Definitions and Application

Written By BareMinLaw

Section 2. Definitions

(a). Appellate Tribunal

  • Appellate Tribunal refers to a statutory appellate authority.

  • It means the Telecom Disputes Settlement and Appellate Tribunal (TDSAT).

  • The Tribunal is established under Section 14 of the Telecom Regulatory Authority of India Act, 1997.

(b). Automated

  • Automated refers to a digital process.

  • This process is capable of operating automatically, without continuous human intervention.

  • It works in response to instructions, whether pre-programmed or otherwise given.

  • The objective of such operation is to process data.

(c). Board

  • Board refers to the Data Protection Board of India.

  • This Board has been set up by the Central Government.

  • This Board is established under section 18 of the Act.

(d). Certain Legitimate Uses

  • Certain Legitimate Uses are the uses specifically mentioned in section 7.

(e). Chairperson

  • It means the Chairperson of the Board.

(f). Child

  • It refers to a person below eighteen years of age.

(g). Consent Manager

  • Consent Manager refers to a person who is registered with the Board.

  • They act as a single point of contact for the Data Principal.

  • They help the Data Principal give, manage, review, and withdraw consent.

  • This is done with the help of an accessible, transparent, and interoperable platform.

(h). Data

  • Data is the representation of information such as facts, concepts, opinions, or instructions.

  • This representation must be suitable for communication, understanding, or processing by humans or automated systems.

(i). Data Fiduciary

  • It refers to any person acting alone or with others.

  • They decide the purpose of processing personal data.

  • They decide the method of processing personal data.

(j). Data Principal

  • Data Principal refers to the individual to whom the personal data relates.

    1. (i). If such individual is a child, it also includes the parents or lawful guardian of that child.

    2. (ii). If such individual is a person with disability, it also includes her lawful guardian acting on her behalf.

(k). Data Processor

  • It refers to any person who processes personal data on behalf of a Data Fiduciary.

(l). Data Protection Officer

  • It refers to an individual appointed by a Significant Data Fiduciary.

  • This appointment is made under section 10(2)(a).

(m). Digital Office

  • It refers to an office that uses an online system.

  • All proceedings are carried out in online or digital mode.

  • This includes steps from receiving information, complaints, references, directions, or appeals.

  • It also covers the final disposal of such matters.

(n). Digital Personal Data

  • It refers to personal data that exists in digital form.

(o). Gain

  • Gain refers to benefit or advantage obtained in different forms.

  • (i).

    1. It includes a gain in property or supply of services, whether temporary or permanent.

  • (ii).

    1. It also includes an opportunity to earn remuneration or higher remuneration.

    2. Such opportunity may involve gaining a financial advantage.

    3. This applies where the advantage is not earned through legitimate remuneration.

(p). Loss

  • Loss refers to harm or disadvantage suffered.

  • (i).

    1. It includes a loss in property or an interruption in the supply of services, whether temporary or permanent.

  • (ii).

    1. It also includes a loss of opportunity to earn remuneration or higher remuneration.

    2. Such loss may involve losing a financial advantage.

    3. This applies where the advantage is not obtained through legitimate remuneration.

(q). Member

  • Member refers to a member of the Board and also includes the Chairperson.

(r). Notification

  • Notification refers to a notification published in the Official Gazette.

  • The terms “notify” and “notified” are to be understood in the same manner.

(s). Person

  • Person covers a wide range of entities.

    1. (i). It includes an individual.

    2. (ii). It includes a Hindu undivided family.

    3. (iii). It includes a company.

    4. (iv). It includes a firm.

    5. (v). It includes an association of persons or a body of individuals, whether incorporated or not.

    6. (vi). It includes the State.

    7. (vii). It also includes every artificial juristic person not covered under the earlier categories.

(t). Personal Data

  • Personal data refers to any data about an individual.

  • The individual can be identified directly from the data.

  • The individual can also be identified in relation to the data.

(u). Personal Data Breach

  • Personal data breach refers to any unauthorized processing of personal data.

  • It also covers accidental disclosure, acquisition, sharing, use, alteration, destruction, or loss of access to personal data.

  • Such breach results in harm to the confidentiality, integrity, or availability of personal data.

(v). Prescribed

  • Prescribed refers to anything laid down by rules made under this Act.

(w). Proceeding

  • Proceeding refers to any action taken by the Board under the provisions of this Act.

(x). Processing

  • Processing, in relation to personal data, refers to operations carried out wholly or partly by automated means.

  • It includes one or more actions performed on digital personal data.

  • Such actions include collection, recording, organization, structuring, and storage.

  • It also includes adaptation, retrieval, use, alignment, or combination of data.

  • It further includes indexing, sharing, disclosure by transmission, dissemination, or otherwise making data available.

  • It also covers restriction, erasure, or destruction of data.

(y). She

  • She is used in relation to an individual, applies irrespective of gender.

(z). Significant Data Fiduciary

  • Significant Data Fiduciary refers to a Data Fiduciary or a class of Data Fiduciaries notified by the Central Government under section 10.

(za). Specified Purpose

  • Specified purpose refers to the purpose stated in the notice given by the Data Fiduciary to the Data Principal.

  • Such notice must be in accordance with this Act and the rules made under it.

(zb). State

  • State refers to the State as defined under Article 12 of the Constitution.

Section 3. Application of the Act

  • Subject to the provisions of this Act:

  • (a).

    1. This Act applies to the processing of digital personal data within the territory of India.

    2. This includes cases where the personal data is collected in digital form.

    3. It also includes cases where the personal data is collected in non-digital form and digitised later.

  • (b).

    1. This Act also applies to the processing of digital personal data outside the territory of India.

    2. Such application arises when the processing is connected with offering goods or services to Data Principals within India.

  • (c).

    1. The Act does not apply to:

    2. Personal data processed by an individual for personal or domestic purposes.

    3. Personal data that is made or caused to be made publicly available.

      1. (A). This includes personal data made publicly available by the Data Principal herself.

      2. (B). It also includes personal data made publicly available by any other person who is legally required to do so under any law in force in India.

Illustration:

  • When an individual publicly shares her own personal data on social media while blogging then the provisions of this Act do not apply.

BareMinLaw https://bareminlaw.com
Next

Obligations of Data Fiduciary