Home » Blog » The Digital Personal Protection Act of 2023: A Brief Overview

The Digital Personal Protection Act of 2023: A Brief Overview

By /

Authored By: Rishabh Krishan

Amity University Jharkhand

Introduction

Confidential information is a precious commodity in an increasingly information-based world. Solid data security measures have become more important in recent years as people trust digital services and online platforms with their personal information. Implemented in 2023, the nation’s Digital Personal Data Protection Act (DPDPA) attempts to establish an adequate structure for safeguarding information about individuals in India.[1]

On August 7, 2023, the Lok Sabha gained approval for its Digital Personal Data Protection Bill, the year 2023, which was introduced by the Department of Electronics and Information Technology on August 3, 2023. On August 9, 2023, the Rajya Sabha passed the bill, and on August 11, 2023, the President approved the bill.

In light of several developments and issues with privacy placement, transparency, compliance, and other aspects, the country’s government (CG) withdrew the prior protection of personal data Bills of 2019 and 2022. In the case of Justice K.S. Puttaswamy versus Union of India[2] (2017), the Supreme Court affirmed the “Right to Privacy” as a component of the most fundamental right, the “Right to Life,” which is protected by the provisions of Article 21 within the Indian Constitution. The Court additionally advised that the Central Government implement a law or policy to protect personal data. This led to the creation of the cited Bill.

The 2023 Bill is the fourth overall and second edition of the evaluation to be put forward in Parliament. In 2018, an advisory group of specialists created a preliminary draft and distributed it for comments from the public. The administration’s version of the law, the Personal Data Privacy Law, 2019, was next introduced in the Assembly in 2019. A legislative panel examined the above version and released its recommendations in December 2021. However, the government retracted this bill and presented a new draft, known as the Digital Private Data Protection Bill, 2022, for comments from the public in November 2022. In contrast to the earlier drafts, this one was quite different. This proposal serves as a major underpinning for the 2023 law.[3]

What is the 2023 Digital Data Personal Protection Acts?

A historic law, the Indian Digital Personal Data Protection Act of 2023 (DPDPA), attempts to guarantee individuals’ confidentiality in the digital communication age. The Act, which officially went into force on September 1, 2023, applies23 to all entities that oversee confidential information belonging to Indian citizens.

The custody and processing of identifiable information about individuals used by government agencies and enterprises to provide goods and services are covered under the Digital Personal Data Protection Act, of 2023. By modifying marketing purposes, altering services, and making suggestions for goods, this data optimizes user experience. Unrestrained use of personal data yet can violate security, a basic right, and result in negative outcomes including financial damages, harm to an individual’s public image, or unfair characterization.

The Evolution of Indian Law Regarding Data Protection

With improvements to the IT Act of 2000, India’s data protection framework began in 2008. Businesses were required to put security policies and protections in place to safeguard sensitive personal data. The Specifications established minimum standards for data protection (Fair Reason Privacy Rules and Procedures and Particularly Delicate Individual Details or Knowledge) Regulations of 2011. However, shortcomings in the current regulations have been highlighted by a fractured body of laws and developing innovations. The foundation for the privacy laws was established in by 2017, K.S. Puttuswamy against the Union of India[4] judgment.

The proposed Personal Information Protection Bill was initially put forward to the Rajya Sabha in 2019 after its creation by the Sri Krishna Committees in 2018. A national data protection regulator, individual rights, compliance standards, and data localization demands for sensitive data are all elements of the anticipated PDPB revision of India’s regulatory structure for exchanging information under confidential contracts. However, the Joint Committee within the Parliament (JPC) reviewed the PDPB in 2019 due to shortcomings in execution. In January 2021, the committee published an updated NPD Report that clarified the role of the PDPB and its proposed Not private Data Protection Framework and prohibited the amount and intent of sharing non-private information.

Major modifications were made to the DPB, which became the Data Protection Bill 2021. These encompassed a certification process for digital and Internet of Things devices, stricter reporting requirements for breaches of information, control of hardware producers, and an extension of the DPB’s purview to include either personal or non-personal data. The DPB was supposed to be presented to the House in February of 2022, but stakeholders’ strong opposition and criticism have cast doubt on its credibility. A broad data management system will be implemented in the coming weeks, according to the Indian government’s aims for the public sector’s data-sharing framework and the modification of the IT Act.[5]

The purpose and application of the Act

The Act seeks to establish an exhaustive structure for the processing and safeguarding of sensitive information in India, notably digitally preserved offline and online data. It emphasizes the necessity to oversee data for acceptable reasons and the privileges of individuals to have information protected. It covers the use of data in India, on and off the internet, and it additionally involves the processing of services or products outside of India.

 Furthermore, it establishes the foundation for further laws such as the Digital India Act, and specific to a sector safeguarding data and privacy regulations. The act could facilitate collaboration between Indian and foreign companies while protecting confidential data. It is the initial national regulation in India that describes people utilizing the pronouns she or he.[6]

Vital Features of the 2023 DPDP Act

  1. Indian citizens and firms that harvest data are accountable to the DPDP Act, as are foreign nationals residing within India whose data handling occurs outside of India and harms Americans.
  2. The 2023 legislation authorizes the processing of confidential data for legitimate uses or through consent. Free, clear, informed, and unambiguously consent is required. Data should only be used for what is required. Customers have the power to revoke authorization and must be made mindful of their privileges and complaints processes.
  3. Users have rights and responsibilities concerning data-related items and services under the DPDP Act. These consist of capacities to identify process data, view data summary updates, accurately, remove, and resolve critiques, and specify data recipients.
  4. In India, the job of acquiring, storing, and utilizing digitized personal data lies with data trustees. As part of their duty, they must preserve security, guarantee data accurateness, notify the National Data Protection Authority India of breaches of data, wipe data on approval lapse or withdrawal, designate an officer to protect data and secure parental or guardian authorization for youngsters under the eligibility age of 18. Vast and unplanned exemptions yet can be detrimental.
  5. The 2023 act alters the norms for data localization and enables the government authority to warn certain nations to limit travel, especially for national security reasons. Interventions done by specific industry companies, such as the RBI of India, remain unaltered by this shift.[7]

The Act 2023’s positives and negatives

Positive aspects:

  1. Boosted Information Safety: It provides users with ownership of their details and guarantees their approval before it is applied.
  2. Visibility for Firms: It helps firms avoid errors and motivates them to stick by the law with clear guidelines on how to utilize personal data.
  3. Global Coherence: India may run a business worldwide simply because this law complies with foreign data protection regulations.
  4. Individual Rights: People have more control over their data, specifically a capacity to alter or eradicate flaws.

Negative aspects:

  1. Charges of Enforcement: Tiny firms’ daily activities may be impacted by the new laws’ financial and administrative obstacles.
  2. Independence-related frets: It can be alleged that the government’s installation of Data Protection officials limits the board’s ability to make decisions with fairness.
  3. Quality of enforcement: nobody has managed to check the actual use of fines beneath this statute, nor has it shown that these penalties are executed uniformly.[8]

Conclusion

The DPDP Act, which emerged as the fruit of extensive debate following its first draft, represents an exceptional dedication of India to preserving sensitive information. In front of the growing proportion of online users, the creation of data, and worldwide trade, this info protection law is a significant milestone in protecting personal data.

The DPDP Act, on its whole, represents India’s distinct stand on contemporary data protection, bolstered by lengthy post-draft debates. It requires significant changes in the way Indian firms protect privacy and personal info, even though its standards are less comprehensive than those of rules like GDPR.

Reference(s):

[1] ‘What Data is Protected by the India Digital Personal Data Protection Act 2023? A Comprehensive Guide to the India Data Privacy Law’ ( 29 May 2024) < https://secureprivacy.ai/blog/india-digital-personal-data-protection-act-2023-guide-protected-data > accessed date 21 January 2025

[2] K.S. Puttaswamy vs Union of India (2017) 10 SCC 1

[3] Anirudh Burman ‘Understanding India’s New Data Protection Law’ ( 03 October 2024) < https://carnegieendowment.org/research/2023/10/understanding-indias-new-data-protection-law?lang=en > accessed date 21 January 2025

[4] ibid

[5] Shruti Dvivedi Sodhi ‘The Journey of India’s Data Protection Jurisprudence’ < https://www.lexology.com/library/detail.aspx?g=57720842-f709-4dd4-947b-44c3c6e4ed10 > accessed date 23 January 2025

[6] Ishwar Ahuja and Sakina Kapadia ‘Digital Personal Data Protection Act, 2023 – A Brief Analysis’ ( 22 Aug 2023 ) < https://www.barandbench.com/law-firms/view-point/digital-personal-data-protection-act-2023-a-brief-analysis > accessed date on 24 January 2025

[7] ibid

[8] Annapoorna ‘Digital Personal Data Protection Bill 2023: DPDP Act Summary, Highlights & Key Points’ ( 26 June 2024)

< https://cleartax.in/s/digital-personal-data-protection-bill > accessed date 27 January 2025

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top