Abstract

Today, personal data in the hands of various actors has become a highly sought-after commodity in the global digital economy. When something is desired, it is also essential to have regulatory laws to collect, process, and transfer personal data. In essence, these laws govern data fiduciaries or data controllers, who are considered to be the ones with a duty of care towards the personal data of data subjects. This paper aims to analyze the history of data fiduciary obligations in the context of a comparison of some significant and influential regimes in the protection of personal data in the European Union's General Data Protection Regulation (GDPR), India's Digital Personal Data Protection Act (DPDPA), China's Personal Information Protection Law (PIPL), and several laws from states in the United States, including the California Consumer Privacy Act (CCPA) and the Utah Consumer Privacy Act (UCPA). Essentially, the study seeks to outline the basic definitions, legal responsibilities, and standards of accountability required by data fiduciaries operating within such jurisdictions. It also elucidates crucial tenets like grounds for lawful processing, consent models (opt-in versus opt-out), minimization of data, transparency obligations, security measures, the appointment of Data Protection Officers, and the rights of data subjects. Added to that, the paper further describes the areas of disagreement over the differences of scope and extraterritoriality of the laws, with a particular focus on cross-border data flows." The study further proceeds to examine the impact of the tension created by the rights-centered approaches that define GDPR and PIPL against the commercial-mindedness of U.S.-state law, which indicates some areas of convergence and divergence within international privacy standards. This then provides a solid anchor for global businesses, regulators, and policymakers to navigate the complexities of data protection around the world, underlining the need for harmonization in defining personal liability and transparency and protecting individual rights within the framework of our interlinked digital ecosystem.

Keywords