Impact of Globalization on the Indian Economy Indian Constitution: Features and Relevance Role of Judiciary…
Multiple-choice questions (MCQs) with answers on “Data Privacy and Protection Laws in India” tailored for Civil Services Examination preparation
1. What is the primary legislation governing data privacy in India as of 2024?
A) Information Technology Act, 2000
B) Personal Data Protection Bill, 2019
C) Digital Personal Data Protection Act, 2023
D) Cybersecurity Act, 2018
Answer: C) Digital Personal Data Protection Act, 2023
2. Under which section of the Information Technology Act, 2000, are rules for data protection specified?
A) Section 43A
B) Section 66
C) Section 72
D) Section 79
Answer: A) Section 43A
3. The Digital Personal Data Protection Act, 2023, provides for the establishment of which authority?
A) Data Protection Authority
B) Information Commission
C) Cyber Security Authority
D) Digital Privacy Council
Answer: A) Data Protection Authority
4. Which of the following is a key principle of data processing under the Digital Personal Data Protection Act, 2023?
A) Data minimization
B) Data commodification
C) Data aggregation
D) Data replication
Answer: A) Data minimization
5. What is the maximum fine that can be imposed under the Digital Personal Data Protection Act, 2023, for non-compliance?
A) ₹5 crore
B) ₹10 crore
C) ₹15 crore
D) ₹25 crore
Answer: D) ₹25 crore
6. The term “personal data” under the Digital Personal Data Protection Act, 2023, refers to data that:
A) Identifies a specific individual
B) Is available in the public domain
C) Is encrypted
D) Is collected for statistical purposes
Answer: A) Identifies a specific individual
7. Which entity is responsible for approving the cross-border transfer of personal data under the Digital Personal Data Protection Act, 2023?
A) Reserve Bank of India
B) Ministry of Electronics and Information Technology
C) Data Protection Authority
D) Central Bureau of Investigation
Answer: C) Data Protection Authority
8. Under the Digital Personal Data Protection Act, 2023, which of the following is NOT a lawful basis for processing personal data?
A) Consent
B) Contract
C) Public interest
D) Business profitability
Answer: D) Business profitability
9. What right does the Digital Personal Data Protection Act, 2023, grant individuals regarding their personal data?
A) Right to access
B) Right to ignore
C) Right to retain
D) Right to monetize
Answer: A) Right to access
10. The concept of “data portability” under the Digital Personal Data Protection Act, 2023, allows individuals to:
A) Transfer their data to any service provider
B) Sell their data
C) Permanently delete their data
D) Share data with foreign governments
Answer: A) Transfer their data to any service provider
11. The IT Act, 2000, provides for penalties related to data protection under which specific rules?
A) Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
B) Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
C) Information Technology (Security Practices) Rules, 2005
D) Information Technology (Data Privacy) Rules, 2022
Answer: A) Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
12. The term “sensitive personal data” includes which of the following?
A) Name
B) Contact number
C) Financial information
D) Age
Answer: C) Financial information
13. Which of the following is a primary objective of the Data Protection Authority under the Digital Personal Data Protection Act, 2023?
A) Enforcing data protection laws
B) Issuing licenses for data collection
C) Conducting data audits
D) Overseeing data-driven business strategies
Answer: A) Enforcing data protection laws
14. Under the Digital Personal Data Protection Act, 2023, which data processing activity requires explicit consent from the data subject?
A) Data anonymization
B) Data collection
C) Data storage
D) Data aggregation
Answer: B) Data collection
15. The term “data breach” under the Digital Personal Data Protection Act, 2023, refers to:
A) Unauthorized access to personal data
B) Loss of data
C) Data corruption
D) Deletion of data
Answer: A) Unauthorized access to personal data
16. Which of the following is a key feature of the Personal Data Protection Bill, 2019, before it was superseded by the Digital Personal Data Protection Act, 2023?
A) Creation of a Data Protection Authority
B) Data protection for government agencies
C) Restriction on cross-border data transfers
D) Mandatory data encryption
Answer: A) Creation of a Data Protection Authority
17. What is the main purpose of data anonymization under the Digital Personal Data Protection Act, 2023?
A) To enhance data accuracy
B) To protect personal data from identification
C) To increase data storage capacity
D) To facilitate data sharing
Answer: B) To protect personal data from identification
18. Under the Digital Personal Data Protection Act, 2023, data subjects have the right to:
A) Erase their personal data
B) Transfer their data across borders
C) Demand compensation for data breaches
D) Oversee the processing of their data
Answer: A) Erase their personal data
19. Which of the following entities is exempt from the provisions of the Digital Personal Data Protection Act, 2023?
A) Government agencies
B) Private corporations
C) Non-profit organizations
D) International organizations
Answer: A) Government agencies
20. The Digital Personal Data Protection Act, 2023, mandates that personal data should be:
A) Stored in India only
B) Transferred to foreign countries
C) Processed transparently
D) Deleted after one year
Answer: C) Processed transparently
21. The IT Act, 2000, Section 72A, deals with:
A) Unauthorized disclosure of information
B) Cybercrime and electronic fraud
C) Digital evidence management
D) Online harassment
Answer: A) Unauthorized disclosure of information
22. Which principle under the Digital Personal Data Protection Act, 2023, emphasizes the need for data accuracy?
A) Data integrity
B) Data minimization
C) Data security
D) Data transparency
Answer: A) Data integrity
23. Under the Digital Personal Data Protection Act, 2023, which term refers to the process of transforming personal data into a non-identifiable form?
A) Data masking
B) Data encryption
C) Data anonymization
D) Data pseudonymization
Answer: C) Data anonymization
24. The “right to be forgotten” allows individuals to:
A) Request the deletion of their personal data
B) Access their data from any provider
C) Alter their data for accuracy
D) Prevent the collection of their data
Answer: A) Request the deletion of their personal data
25. The Data Protection Authority’s role includes:
A) Conducting data protection audits
B) Managing data breaches
C) Drafting data protection policies
D) Enforcing data protection compliance
Answer: D) Enforcing data protection compliance
26. Which of the following statements is true about the Digital Personal Data Protection Act, 2023?
A) It requires data controllers to appoint Data Protection Officers
B) It allows unrestricted cross-border data transfers
C) It mandates data protection impact assessments
D) It excludes private sector entities from its scope
Answer: C) It mandates data protection impact assessments
27. What is the primary purpose of data protection impact assessments under the Digital Personal Data Protection Act, 2023?
A) To identify potential risks to data subjects
B) To assess the financial implications of data processing
C) To evaluate data processing technology
D) To enhance data collection methods
Answer: A) To identify potential risks to data subjects
28. The term “data fiduciary” under the Digital Personal Data Protection Act, 2023, refers to:
A) A person or entity responsible for managing data
B) An individual who requests data
C) A government official overseeing data protection
D) A third-party data processor
Answer: A) A person or entity responsible for managing data
29. The Digital Personal Data Protection Act, 2023, aims to align India’s data protection framework with:
A) European Union’s GDPR
B) US Privacy Shield Framework
C) China’s Cybersecurity Law
D) ASEAN Data Protection Regulation
Answer: A) European Union’s GDPR
30. Which of the following is NOT a responsibility of data processors under the Digital Personal Data Protection Act, 2023?
A) Ensuring data security
B) Handling data breach notifications
C) Determining data processing purposes
D) Assisting data controllers in compliance
Answer: C) Determining data processing purposes
These MCQs provide a comprehensive overview of key aspects of data privacy and protection laws in India, suitable for Civil Services Examination preparation.
