THE DIGITAL PERSONAL DATA PROTECTION ACT 2023

by | Jan 14, 2024

INTRODUCTION OF THE DIGITAL PERSONAL DATA PROTECTION ACT 2023

In an era dominated by digital advancements and technological innovation, the importance of protecting personal data has become paramount. The year 2023 marks a significant milestone in the evolution of data protection laws, as governments and regulatory bodies around the world continue to adapt to the changing landscape of information management. The Digital Personal Data Protection Act  2023 is founded on safeguarding individual privacy in the digital era, building upon earlier frameworks to address evolving technological challenges. It enhances individual rights, giving users more control over their data, and emphasizing access, rectification, and erasure. The law imposes stricter consent mechanisms, requiring explicit and informed consent with clear purposes and retention periods. It emphasizes data minimization and purpose limitation to curb excessive data collection and retention. Accountability measures, including comprehensive policies and Data Protection Officers, hold organizations responsible. The law also provides guidelines for secure cross-border data transfers, crucial in our interconnected global environment.

KEY FEATURES OF THE DIGITAL PERSONAL DATA PROTECTION ACT 2023

  • Introduction:

    • Indian Parliament passed the Digital Personal Data Protection (DPDP) Act, 2023, in early August.
    • It’s the first comprehensive law on personal data protection in India after years of deliberation.
  • Legislative Evolution:

    • The 2023 act is the second version, following the 2019 bill and a 2022 draft.
    • The drafting process involved expert committee, public feedback, and parliamentary committee reports.
  • Applicability:

    • Applies to Indian residents and businesses collecting Indian residents’ data.
    • Also applies to non-citizens in India using digital goods/services from providers outside India.
  • Data Processing Purposes:

    • Allows data processing for lawful purposes with explicit consent or “legitimate uses.”
    • Legitimate uses defined include voluntary data provision, government services, sovereignty, security, legal obligations, emergencies, and disasters.
  • User/Consumer Rights:

    • Users have rights to access, correction, redress, and data nomination.
    • Data fiduciaries must appoint a data protection officer and adhere to security measures.
  • Significant Data Fiduciaries (SDFs):

    • Certain entities designated as SDFs based on volume, sensitivity, and risks.
    • SDFs have additional obligations, including appointing a data protection officer.
  • Data Localization:

    • Reverses data localization requirements from the 2019 bill.
    • Allows the government to restrict data flows to certain countries for national security reasons.
  • Exemptions:

    • Exemptions for legal rights enforcement, court processing, non-Indian residents’ data, and specific purposes/entities.
    • Government can exempt certain classes of data fiduciaries, including startups, from some provisions.
  • Regulatory Structure:

    • Establishes the Data Protection Board of India (DPB) instead of an independent regulatory agency.
    • DPB oversees data breach prevention, conducts inquiries, and issues penalties.
  • Penalties and Appeals:

    • DPB can impose monetary penalties up to 250 crore rupees.
    • Appeals go to the Telecom Disputes Settlement and Appellate Tribunal (TDSAT).
    • Allows voluntary undertakings as a form of settlement.
  • Government Authority:

    • Section 37 allows the government, based on DPB reference, to block public access to information from data fiduciaries with repeated penalties.
  • Concerns:

    • Reduced obligations for businesses but grants unguided discretionary powers to the central government.
    • Wide exemptions and potential issues with broad government powers for exemptions.
    • Novel provision allowing the government to block access based on DPB recommendations after repeated penalties

CONCLUSION

As the Data Protection Law 2023 takes centre stage, individuals and organisations alike must proactively adapt to the new regulatory landscape. By prioritising transparency, accountability, and respect for individual privacy rights, businesses can navigate the complexities of data protection laws and build trust with their users. In this evolving digital era, compliance with these regulations not only safeguards personal data but also fosters a responsible and ethical approach to data management.

SOURCE – PRS

READ – NEW CRIMINAL LAW ACT 2023

Written By Nancy Sharma

I am Nancy Mahavir Sharma, a passionate legal writer and , a judicial service aspirant who is interested in legal researching and writing. I have completed Latin Legum Magister degree. I have been writing from past few years and I am excited to share my legal thoughts and opinions here. I believe that everyone has the potential to make a difference.

Related Posts

THE AYODHYA DISPUTE

THE AYODHYA DISPUTE

Introduction: The Ayodhya dispute has revolved around the Babri Mosque and the disputed land, causing prolonged contention. Construction of Babri Mosque...

DRINKING AND DRIVING LAWS

DRINKING AND DRIVING LAWS

According to a National Crime Records Bureau (NCRB) report, Uttar Pradesh leads in cases of drinking and driving incidents involving drug-impaired drivers. In...

NEW CRIMINAL LAW BILLS, 2023

NEW CRIMINAL LAW BILLS, 2023

Introduction Of New Criminal Law Bill, 2023 : In a landmark move, the Centre has introduced three new criminal law bills aimed at overhauling India's Criminal...