Data Protection — Prelims Strategy

For Prelims, the strategy for Data Protection should focus on factual accuracy and conceptual clarity. Begin by thoroughly understanding the Justice K.S. Puttaswamy v. Union of India (2017) judgment – its year, the bench strength, and its core pronouncement on privacy as a fundamental right under Article 21.

Next, delve into the Digital Personal Data Protection Act, 2023 (DPDP Act). Memorize key definitions: 'Data Principal,' 'Data Fiduciary,' 'Significant Data Fiduciary,' and 'Personal Data.' Understand the rights of Data Principals and the obligations of Data Fiduciaries.

Pay close attention to the establishment and powers of the Data Protection Board of India (DPBI), including its role as an adjudicatory body and the maximum penalties it can impose.

Crucially, note the shift in the DPDP Act regarding data localization (flexible, 'notified countries') and the introduction of 'deemed consent' – these are common trap areas. Familiarize yourself with relevant sections of the IT Act, 2000, particularly Section 43A and 72A, and how the DPDP Act supersedes them.

Understand the basic differences between anonymization and pseudonymization. Keep an eye on current affairs related to the DPDP Act's implementation, such as the formation of the DPBI and the notification of specific rules.

Practice MCQs that test definitions, key provisions, and the constitutional basis, focusing on distinguishing between similar-sounding concepts and identifying incorrect statements.