Passage 3
There are some advantages of the digital Personal data Protection Act (dPdPA), 2023. For instance, for the first time, personal data belonging to or identifying children will have to be classified separately, with such data carrying a greater degree of security and privacy. The law also seeks to reduce the rate and impact of data breaches targeting indian businesses. The digital Personal data Protection law, however, goes a step beyond by imposing penalties for cases where data is breached as a result of a lack of implementation of adequate security controls. However, it could be said that the law isn’t balanced, because it provides wide exemptions to the processing of personal data to the government. For instance, data can be processed “in the interest of prevention, detection, investigation or prosecution of any offence … in india.” these kinds of exemptions are dangerous as they stand to legitimise widespread and unwarranted collection of data under the guise that such collection and processing may ultimately be useful for preventing or deterring a crime. Security agencies will have significant authority to collect and retain any data whatsoever, as is typically the case with exemptions relating to the maintenance of sovereignty, integrity, security of the state, preservation of public order, prevention of offences, and incitement to
commit offences. the law also exempts processing of personal data held outside of india. The government is also exempt from being required to delete any data that it possesses, regardless of the purpose it may have been collected for, on the request of an individual, or by way of a prescribed data retention period.
The government is not bound by purpose limitations, allowing data collected for one specified purpose be used for a new, incompatible purpose, which stands in contrast to the regulations imposed on businesses

1. Mr. Lal was suffering from a rare disease and the data relating of that was collected by the government. Suppose the dPdPA, 2023 provides exemptions for the government relating to data deemed “necessary for research, archiving or statistical purposes” if the personal data is not to be used to take any decision specific to a data principal and such processing is carried on in accordance with such standards as may be prescribed.
Which of the following is most appropriate?
(A) the personal data of mr. Lal can be preserved by the government till the research on rare disease is complete.
(b) the data can only be used for taking any decision regarding mr. Lal.
(C) the personal data of mr. Lal’s health conditions and his personal data can be preserved by; the private hospital forever and used for research by them without his consent.
(d) All of the above.

2. Suppose the dPdPA, 2023 provided exemption for the processing of personal data for the purpose of ascertaining the financial position of any person who has defaulted in payment of amount due on loan taken from a nationalised bank. mr. X Commits a default in repayment of emi of loan taken from a nationalized bank.

(A) the bank can demand access to and process the personal data of mr. X relating
to family history of ailments from which mr. X or his family was suffering.
(b) the bank can process the personal data of mr. X viz., the particulars of the family,wife, children, brothers etc.
(C) the bank can process the data of mr. X for the purpose of ascertaining the assets and liabilities of the defaulter.
(d) All of the above.

3. Suppose mr. Y, a citizen of india, is working in an mNC in New Zealand since 2021. the mNC has obtained personal details of the employee for the purpose of recovering the amount of indemnity bond if mr. Y left the job within three years of joining.

(A) Mr. Y can file an application in India for protection of his digital personal data under the dPdPA if he leaves the job in September 2023, and returns to India.
(b) mr. Y, being a citizen of India, can claim protection against the MNC for misuse of his personal data even while serving in New Zealand.
(C) the dPdPA 2023 is not applicable since the data is held outside India.
(d) the dPdPA 2023, is not applicable since the data has been obtained before the enactment of dPdPA.

4. If personal data is defined as any data about an individual who is identifiable by or in relation to such data, which of the following shall be classified as the personal data?

(A) Name of the Person.
(b) Full residential Address.
(C) Aadhar Number.
(d) All of the Above.

5. In which of the following cases, the access to personal data shall be granted and the person whose data is accessed and processed cannot claim personal data protection?

(A) mr. Z has committed many robberies and police wants to access his Aadhar details and fingerprint data for the purpose of tracing Mr. Z.
(B) It is apprehended that a person identified as Mr. G would spread hatred among various communities which would lead to riots and Police intends to use the mobile number and other personal details of mr. G for the purpose of preventing such crimes.
(C) both (A) and (b).
(d) Neither (A) nor (b).

6. Which of the following is correct?
(A) Personal data collected by a health service provider can be sold to an insurance agency by the service provider without the consent of the concerned person.
(b) Personal data collected by the government can be used for whatever purpose.
(C) Personal data collected by the insurance company can be sold to mobile
companies for mobile marketing without the consent of the concerned person.
(d) All of the above