Temples using facial recognition technology can raise significant data privacy concerns

Dr. Pavan Duggal  
Chairman- International Commission On Cyber Security Law   

“Recent reports indicate that temples are now using facial recognition technology to monitor all visitors. When you go to a temple to pray, cameras capture your face, raising significant data privacy concerns. From an Indian perspective, the transformation over the past 20 years has been remarkable. Since the commercial introduction of the internet on August 15, 1995, the landscape has changed dramatically, making data privacy a critical issue.

Cybersecurity attacks are increasingly frequent, targeting personal data. In the event of a data breach, the costs can be substantial. India has faced historical challenges due to the lack of a dedicated data protection law, relying instead on the Information Technology Act of 2000. This 24-year-old legislation has provided a foundation for the growth of electronic commerce and governance. However, there has been a growing demand for a dedicated data protection law, leading to various efforts.

The Digital Personal Data Protection (DPDP) Act, passed by the Parliament on August 11, marks a significant milestone. Although not yet implemented, the DPDP Act defines personal data as any information that can identify an individual. A breach of personal data is also a breach of data privacy, as individuals expect privacy regarding their generated data.

The DPDP Act introduces three key concepts that every Chief Information Security Officer (CISO) must understand: 1) Data Principal: Individuals whose data is being collected. 2) Data Fiduciary: Entities determining how data will be processed. 3)Data Processor: Entities processing data on behalf of the Data Fiduciary.