Digital Personal Data Protection Act 2023 Navigating India’s Data Privacy Revolution [Read DPDP Act]
NEW DELHI: The Digital Personal Data Protection (DPDP) Act of 2023 is a major step forward in
India’s efforts to establish a strong data protection system. This law aims to protect the digital
personal data of individuals, while also balancing the right to privacy with the need for lawful data
processing.
The Legislative Journey of the DPDP Act,
2023
The DPDP Act of 2023 was developed from a draft version that was initially released for public
consultation in November 2022. After undergoing a series of revisions and extensive
consultations, the final bill was approved by the cabinet in July 2023, passed by both houses of
the Indian Parliament in August 2023, and subsequently received presidential assent, thus
becoming law.
Data Protection Act: Roles, Penalties, and
New Authority
The Indian Data Protection Act specifies the responsibilities of data fiduciaries, which can be
individuals, companies, or government entities involved in handling personal data. The Act also
defines the rights and duties of data principals, who are the individuals to whom the data
belongs. Additionally, the Act introduces financial penalties for any breach of these rights, duties,
and obligations. A significant aspect of India’s data protection framework under this Act is the
establishment of the Data Protection Board of India. This body acts as an adjudicatory authority,
responsible for resolving disputes related to data privacy.
Telecom Disputes Settlement and
Appellate Tribunal (TDSAT)
The Data Protection Board is an independent regulatory authority that will handle privacy-related
grievances and disputes. Its primary function is to assess compliance with the provisions of the
Act and impose penalties in case of any non-compliance. Additionally, the Act allows for the
creation of an appellate body that may be assigned to the Telecom Disputes Settlement and
Appellate Tribunal (TDSAT). This appellate body will be responsible for hearing appeals against the
decisions made by the Data Protection Board.
Financial Implications of Data Protection Non-
Compliance
The act has introduced strict financial penalties for non-compliance, with fines ranging up to INR
2.5 billion (approximately USD 30 million) depending on the nature of the violation. These
penalties cover a range of breaches, from failure to take reasonable security measures to
unauthorized sharing of children’s data.
Exemptions and Compliance, (DPDP Act)
The Data Protection and Privacy Act (DPDP Act) allows certain agencies to be exempted from its
provisions in cases involving national security, public order, research or statistical purposes, and
other similar scenarios. To comply with this act, companies should evaluate their data privacy
frameworks, update their data processing agreements, and establish methods for consent
management and data principal rights.
Also Read – What Are The Rights And Duties Of Data Principal Under DPDP Act 2023
The Act is seen as a historic step in aligning India’s data protection standards with global norms
like the European Union’s General Data Protection Regulation (GDPR). However, it has not been
without criticism. Concerns have been raised about potential government overreach and the
implications for privacy rights, with some critics arguing that it could grant the government
excessive access to personal data.
The Digital Personal Data Protection Act, 2023, represents a significant overhaul of India’s data
protection policies, aiming to protect individual privacy while allowing for lawful data processing.
As India continues to evolve as a digital economy, the DPDP Act is a crucial step towards ensuring
that data privacy and protection are prioritized, providing a framework that balances individual
rights with the needs of businesses and government agencies.