GK Question

Answer: True

Data protection and privacy rights: (a) Puttaswamy (2017): Recognized informational privacy as part of Article 21; state/corporate data processing subject to proportionality test, (b) DPDP Act, 2023 operationalization: (i) Lawful purpose: Data processing must have legitimate aim, (ii) Consent: Free, specific, informed, unconditional, withdrawable consent required (with exceptions for state functions), (iii) Data minimization: Collect only necessary data, retain only as long as needed, (iv) Security safeguards: Technical, organizational measures to prevent breaches, (v) Individual rights: Access, correction, erasure, grievance redressal, right to nominate, (c) Institutional mechanism: Data Protection Board of India for adjudication, enforcement, penalties (up to ₹250 crore), (d) Exemptions: State functions (security, public order, research), personal/domestic use, (e) Applications: (i) Digital governance: Aadhaar, UPI, DigiLocker must comply with DPDP principles, (ii) Corporate compliance: Tech companies, banks, healthcare providers adapt data practices, (iii) Citizen empowerment: Awareness of rights, consent mechanisms, redressal procedures, (f) Challenges: (i) Implementation: Rules under consultation; Board not yet constituted, (ii) Balance: Innovation, security vs. privacy rights; proportionality ensures calibrated approach, (g) Illustrates rights operationalization: Constitutional principle (privacy under Article 21) translated into statutory framework (DPDP Act) with institutional mechanisms for enforcement.