Reviewing the Privacy Implications of Indias Digital Personal Data Protection Act (2023) from Library Contexts

Abstract

The study reviews the provisions and privacy implications of the India’s Digital Personal Data Protection Act, 2023 (referred to as “DPDP Act” in this study) from the library context. The immense nature of personal data breaches prompted the government to enact the DPDP Act on 11th August 2023. Through the DPDP Act, this study addresses the privacy concerns in the library by articulating the eleven (11) privacy principles, viz., data collection & notice; data retention; data processing; data sharing; users consent; children’s data; user’s rights; users security; reporting; accountability and compensation. These principles can act as privacy guidelines for libraries when negotiating with library vendors; these principles will further guide e-vendors into creating an online environment where user’s privacy rights are protected. Also, this study aims to address the online privacy gaps in libraries by providing additional corrective measures and examples, such as - setting up an itemised privacy policy, a simple policy that is easily accessible, reducing the use of web tracking technologies, encouraging the use of privacy-enhancing technologies, de-identification of patron’s data, and emphasising on user’s right in the web environments. The study may also empower the government and online businesses by preserving the privacy rights of users.