The Digital Personal Data Protection Act, 2023 (also known as DPDP Act or DPDPA-2023) is an act of the Parliament of India to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto.
With the entrance of the digital age, and where personal data to become the most wanted currency in the e-universe, India is giving ample consideration to digital privacy rights of the citizens. Visible in the centre of this movement is the so-called Data Protection Bill or DPDP Act shortly (Data Protection and Privacy Bill). Viewed as a complete set of rules which, with the aim of supervising the collection, processing and storage of personal data, the DPDP Act indeed is to bring the new digital era of data protection in India.
Understanding the Need
The soaring of digital technology has overhauled information-processing processes by changing the way people gather, send and use data. The fast expansion of digital world brought us in few words unimaginable ease of use and connection; though, the same evolution is engaging people in an active process of personal data usage discussion since the process is interconnected with safety issues. As an example, data breaches, unauthorized surveillance, and improper use of personal information have caught the data protection attention. People’s data have always been at stake, which made it imperative to implement strong measures regarding data protection legislation.
Awareness of the existing challenges, the Indian government began its journey of mapping a legal structure that not only caters the contemporary scenario’s but also conforms with the globally adopted strategies. When we consider India having the DPDP Act, we realize that this country is resolved to protect the digital privacy rights of its citizens against deterioration in an ever more interconnected global village.
The adoption of the DPDP Bill in the Parliament comes 6 years after Justice K.S. Puttaswamy v Union of India, a landmark case in which the Supreme Court of India recognized a fundamental right to privacy in India, including informational privacy, within the “right to life” provision of India’s Constitution. In this judgment, a nine-judge bench of the Supreme Court urged the Indian Government to put in place “a carefully structured regime” for the protection of personal data. As part of India’s ongoing efforts to create this regime, there have been several rounds of expert consultations and reports, and two previous versions of the bill were introduced in the Parliament in 2019 and 2022.[1]
Key Provisions
For the sake of enacting Personal Data Protection Act (DPDP Act) a set of legal instruments and rules has been put into people’s hands to bring in more responsibility and transparency into the field of personal data management, as well as introduce in the companies and institutions very tight rules and terms of data protection. Here are some key highlights of the bill: Below is some of the monthly bill highlights:
- Consent Mechanism: The act clearly outlines individual’s right to privacy through a consent contract and the introduction of the clear notification system of non-disclosure of sensitive personal information. This consent-based mechanism constitutes the critical principle that the individual should own their data and they should have the will power to decide how the data is used, shared and stopped in case they so desire.
- Data Localization: In the wake of the need to guard the data sovereignty and boost the security of sensitive personal information, the newly proposed Data Protection and Privacy Act (DPDP) compels to locate storage of some sensitive personal data inside the territory of India. This regulation indeed implying the prevention of the unauthorized traffic of confidential information in and putting bearing guidance in communications among nations which is a subject matter of data exchange.
- Data Protection Authority: The Act shall be passed to set up a Data Protection Authority which is the main supervisory body under the authority of DPDP Act and charged with the responsibility of observation of the implementation of the provisions of the legislation. The obvious task of the DPA is to verify the conformity to data protection principles, launch investigations into personal data breaches, and fine persons/organisations if the requirements are not complied with.
- Data Processing Principles: The DPDP Act provides for the codification of some of the fundamental principles that define the collection and processing of data and these comprise data minimization, purpose limitation, transparency, and accountability respectively. The fundamental aspects are a compass, containing the true order of the data which is processed by each of the stakeholders of the data.
- Rights of Individuals: Firstly, the law differentiates in non-transferable nature of the private data of every individual as thus, exceeding individual’s rights are accordingly, the subject of: access to one’s data, rectification, to be forgotten and data portability. Rights to individuals’ personal data and information a user can fully exercise these rights so as to take hold of how data controllers are utilizing them.
Challenges and Opportunities
Alongside the Data Protection Regulation Act of India that unquestionably heralds a great epoch in the Indian information security realm, some difficulties and complexities also prevail. One of the greatest concerns revolves around the question of how to it appears well between encouraging continuous developing and protecting privacy rights. The piece of legislature must successfully pass the challenges associated with regulating an economy centred around data without dissuading innovation or impeding progress with innovations.
Along with this, the efficient implementation of the DPDP Act will be developed based on competent enforcement mechanisms, capacity building classes and public awareness programs. Generating an environment of data privacy awareness needs conjoint efforts from all the actors along the whole field beginning from government agencies to the non-governmental ones, private companies, civil society organizations, and every individual citizen.
Besides these challenges exist incessant possibilities for India to emerge as world class in set data protection norms and regulatory laws. A Country like India which promote a data-driven ecosystem by practicing ethical data management will increase its economic digital attraction for foreign investors and upgrade its economy through innovation. Adding the element of high data protection standards to the norm can certainly serve to increase our standing in the international arena and promote contracting parties the ability to mutual adequacy agreements with others jurisdictions.
Conclusion
Enforcing the Data Protection and Privacy Act kick-starts a new web governance system in India wherein citizens will be provided with protection of their information and data. With the DPDB Act the dream of Indian digital-empowered society and knowledge economy is achieving a new life because for a certain duration data subjects have their data rights to control and the trust and accountability in digital innovation are maintained.
[1] https://fpf.org/blog/the-digital-personal-data-protection-act-of-india-explained/
Author: Rohan Patil, ISBR College
Please contact us at info@origiin.com to know more about our services (Patent, Trademark, Copyright, Contract, IP Licensing, M&A of companies)
Subscribe to YouTube Channel HERE
Join LinkedIn Group: Innovation & IPR