- 27-Jun-2025
- Cyber and Technology Law
With the increasing collection and processing of personal data in the digital world, protecting individuals’ privacy rights has become crucial. Data subjects (individuals whose personal data is collected or processed) are granted specific rights under data protection laws such as the General Data Protection Regulation (GDPR) in the EU and the Personal Data Protection Bill (PDPB), 2019 in India. These rights empower individuals to have greater control over how their data is used, ensuring transparency and accountability in the handling of their personal information.
Data subjects have the right to request and obtain confirmation on whether their personal data is being processed. They can access their personal data held by the data controller, as well as details about the purpose of the processing, the categories of data being processed, and the recipients of their data.
GDPR: Under Article 15, individuals have the right to access their data free of charge once per year, and this includes the right to receive a copy of the data.
India: Similar rights are proposed under the Personal Data Protection Bill, 2019, where individuals can request access to their personal data and the purposes of its processing.
Data subjects have the right to correct any inaccurate or incomplete personal data. If data is incorrect, the data subject can request the data controller to update or rectify it.
GDPR: Under Article 16, individuals can request the rectification of inaccurate data without undue delay.
India: Under the PDPB, individuals can seek rectification of inaccurate data maintained by data fiduciaries.
This right allows individuals to request the deletion of their personal data under certain circumstances. For example, when the data is no longer needed for the purposes for which it was collected, or if the data subject withdraws their consent.
GDPR: Under Article 17, data subjects can request the erasure of their data, commonly known as the right to be forgotten, particularly when the data is no longer necessary or when the data subject withdraws consent.
India: The PDPB also proposes the right to erasure, allowing data subjects to request deletion of data when it is no longer needed or when consent is revoked.
Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and transfer it to another service provider if desired.
GDPR: Under Article 20, individuals can request their data in a format that allows them to transfer it to another service provider easily.
India: While the PDPB does not explicitly define this right, it is a crucial component in global data protection laws. It is expected that future regulations may incorporate data portability rights similar to the GDPR.
In some cases, individuals can request the restriction or suspension of their data processing. This right is applicable when the data subject contests the accuracy of the data or when processing is unlawful.
GDPR: Under Article 18, individuals can restrict processing when they object to it or if it is found to be unlawful.
India: The PDPB also includes provisions to allow individuals to request the restriction of processing under certain circumstances.
Data subjects have the right to object to the processing of their data, particularly in cases of direct marketing or profiling. If the data is being processed for purposes of legitimate interests, individuals can object to it.
GDPR: Under Article 21, individuals can object to data processing for marketing purposes, and data controllers must stop processing data for such purposes.
India: The PDPB proposes the right for individuals to object to the processing of their personal data, especially in cases involving sensitive data.
Data subjects have the right to withdraw consent at any time if they had previously given it for the processing of their data. Once consent is withdrawn, the data processing must cease, although it may not affect prior processing based on consent.
GDPR: Under Article 7, individuals can withdraw their consent at any time, and the processing must stop unless another lawful basis exists.
India: Similar provisions under the PDPB allow individuals to withdraw consent for processing their personal data.
Data subjects have the right not to be subject to decisions based solely on automated processing, including profiling, which significantly affects them.
GDPR: Under Article 22, individuals are protected from decisions made solely through automated processing that could impact their legal rights.
India: While the PDPB does not explicitly mention automated decision-making, the Indian law aims to regulate the use of sensitive personal data and automated processing.
If a user signs up for a music streaming service and provides personal details such as name, email, and location, they are considered a data subject. If the service starts sending excessive promotional emails based on their data, the user can:
Data subjects have several rights under data protection laws, including the right to access, rectify, erase, and port their personal data. These rights are designed to give individuals more control over their personal information, protect their privacy, and ensure that their data is used responsibly by organizations. In India, the Personal Data Protection Bill, 2019 aims to provide similar protections as the GDPR, empowering individuals to safeguard their data and privacy.
Answer By Law4u Team
Discover clear and detailed answers to common questions about Elder & Estate Planning law. Learn about procedures and more in straightforward language.
