Skip to main content

Digital Personal Data Protection Act, 2023


v Introduction of DPDP Act

Digital Personal Data Protection Act, 2023 is an act of India to provide for the processing of digital personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto. Act received the assent of the president on the 11th August, 2023.

Important milestones in DPDP Act

v Aug-2017 – Supreme Court of India declares Right to Privacy as fundamental right.

v July-2018 – Draft Personal Data Protection (PDP) bill proposed

v Dec-2019 – PDP bill proposed in parliament and was referred to JPC (Joint Parliamentary Committee)

v Dec-2021 – JPC release report and new version of DPA (Data Protection Act)

v Nov-2022 – Draft DPDPB(Digital Personal Data Protection Bill) was shared and withdrawn PDP bill

v July-2023 – Cabinet approves DPDP bill

v Aug-2023 – The President of India assents to the bill to make DPDP an Act

DPDP Act is an important act of India which protect individual’s personal data privacy and implementation of appropriate data processing methodologies.  

It is a comprehensive data protection law in India that regulates collection, storage, processing and transfer of personal data. DPDP Act is applicable to all entities that process personal data of individuals of India, regardless of their location.

It’s applicable to all entities that offer goods or services to individuals in India, even though they are located outside of India. 

DPDP Act gives individuals right to access their personal data and to obtain a copy of it, right to rectification, erasure.

DPDP Act is not applicable to processing of personal purposes by individuals. DPDP Act is also not applicable for personal data that was made public by data principal.

v Key features

v Consent - DPDP Act requires organizations to obtain the consent of individuals before collecting, storing, processing, or transferring their personal data. Consent must be freely given, specific, informed, and unambiguous.

v Personal data - DPDP Act prohibits the collection and processing of personal data outside of specified purposes and limited the use of such personal data as is necessary for such specified purposes. Consent or notice provided for processing of data shall be free, specified, informed, unconditional and unambiguous with a clear affirmative action.

v Processing of personal data outside of India - Under DPDP act storing of personal data outside of India is permissible. Government of India to notify countries to which transfer is not permissible. 

v Data fiduciaries - DPDP Act creates the concept of data fiduciaries. Data fiduciaries are organizations that control or process personal data. Data fiduciaries have a number of obligations under the DPDP Act, including the obligation to protect the personal data that they process. A Data fiduciary means any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data. Government of India will classify Significant Data Fiduciary through notification under section 10 of DPDP act. 

v Data protection authority - DPDP Act establishes a Data Protection Authority to oversee the implementation of the law. The Data Protection Authority has the power to investigate complaints, issue orders, and impose penalties for violations of the law.

v Data Principal – It’s an individual to whom the personal data relates and where such individual is a child, includes the parents or lawful guardian of such a child, a person with disability, includes her lawful guardian, acting on her behalf.

v Data Processor – Any person who processes personal data on behalf of Data Fiduciary.

v She – DPDP Act refers she in relation to an individual includes the reference to such individual irrespective of gender.

v Consent Manager – means a person registered with the Data Protection Board of India, who acts as a single point of contact to enable a Data Principal to give, manage, review and withdraw her consent through an accessible, transparent and interoperable platform.

v Notice – Data fiduciary shall give Data Principal Option to access the contents of notice in English or any language specified in the Eight Scheduled to the Constitution.

v Children’s data – For processing of data for child means an individual who has not completed the age of eighteen years, consent from Parents/Guardians is required. Tracking or behavioural monitoring or targeted advertisements is prohibited.

v Legal use of processing of personal data without explicit consent –

v Voluntary disclosures by data principal;

v information shared for subsidy, benefit, service, certificate, license or permit by State or its instrumentalities notified by central government;

v Compliances with any judgement under any law;

v Interest of sovereignty and integrity of India or security of the State;

v Medical emergency;

v During epidemic, outbreak of disease or any other threat to public health;

v Safety during disaster or breakdown of public order.

v Benefits

Creation of DPDP Act is an important milestone in managing digital personal data of citizens of India. Implementation has number of benefits, including:

v Increased privacy - The Act gives individuals more control over their personal data by requiring businesses to obtain consent before collecting or processing personal data. Individuals also have the right to access, correct, and delete their personal data.

v Improved data security - The Act requires businesses to take steps to protect personal data from unauthorized access, use, or disclosure. This includes implementing appropriate security measures and conducting regular data audits.

v Reduced data breaches - The Act's data security requirements will help to reduce the risk of data breaches. This will protect individuals from the harmful consequences of data breaches, such as identity theft and financial fraud.

v Enhanced consumer trust - The Act's privacy and security protections will help to build consumer trust in businesses. This can lead to increased customer loyalty and revenue growth.

v Boosted innovation - The Act's focus on privacy and security can create a more conducive environment for innovation. Businesses will be more likely to develop new products and services that rely on personal data if they know that they can do so in a privacy-compliant manner.

Overall, DPDP Act is a positive development for individuals, businesses, and the government. It will help in innovation, protect national security and public order.

v Challenges in implementation

Like any new law, DPDP Act has some limitations, future amendment to act will take care of such challenges. DPDP rules or regulations should address all the challenges in its implementation including timelines.

v Broad Exemptions - As discussed above in key features of DPDP Act, there are various exempts of consents. While these are necessary exemptions, adequate safeguards are required for safe processing of personal data under these exemptions.

v Data Protection Board - Board needs to have more enforcement mechanism. With current version of law, DPB can initiate investigation based on complaint filed by data principals. This means that DPB is reliant on data principals to come forward and complaint, which may not always happen.

v Data Portability – DPDP Act needs to have more detail guidelines on data portability and data transfer between different data fiduciaries.

v Processing of Children’s data – Section 9 of act talks about prohibition of children’s data. However it doesn’t define what is considered as detrimental effect on the well-being of child. It creates an ambiguity in terms of processing the data.

By addressing this limitations and challenges, government can make the DPDP Act a more comprehensive and effective law for protecting the privacy of Indian citizens.

v Impact

DPDP Act has a wide-ranging impact on businesses and individuals alike.

v Obligations of Organizations

v Process data through Data Processor through valid contract.

v Provide clear, free, specified, informed, unconditional and unambiguous notice to Data Principals with a clear affirmative action.

v Special provisions of children’s personal data.

v Protection of data.

v Report data leak to Data Protection Board and Data Principals.

v Obligations of Significant Data Fiduciary

v Appoint a Data Protection Officer (DPO) based in India.

v Appoint an Independent Data Auditor

v Conduct Data Protection Impact Assessment (DPIA) and periodic audits.  

v Rights of individuals

v Right to Information – Data Principals have the right to inquire on how their data is processed, available in clear and understandable way.

v Right to correction and erasure

v Right to nominate

v Data Protection Board

v Task of enforcement

v Determination of non-compliances

v Imposing Penalties

v Issuing directions and mediations

DPDP Act increases accountability for data fiduciaries, gives greater control for individuals over their personal data, gives enhanced trust in digital economy.

v Comparison to other data privacy laws

India’s DPDP is a landmark legislation that aims to protect privacy of individual’s personal data. It is one of most comprehensive data privacy laws in the world. It can be compared with European Union’s General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

All three laws share a number of similarities

v Definition of personal data.

v Right to access, correct and erase personal data.

v Consent

v Data breach notification and obligations of organizations.

There are some key differences between different laws

v GDPR categorizes personal data into sensitive and non-sensitive. Current version of DPDP Act doesn’t categorize personal data in that way.

v GDPR has strict requirements for international data transfers. DPDP Act does not outline any specific requirements currently, but may be introduced in future regulations.

v Penalties under GDPR extend to 20 million euros, or 4% of firm’s worldwide revenue. DPDP penalties extend up to INR250 crore.

v GDPR parental consent age is 16 years (in some cases 13 years). DPDP parental consent is 18 years of age.

v Under GDPR data breach notification timeline is 72 hours. DPDP currently does not mention any such timeframe.

v Conclusion

Digital Personal Data Protection Act of India, 2023 (DPDP Act) is a comprehensive data privacy law that aims to protect the personal data of Indian citizens. It is one of the most comprehensive data privacy laws in the world, and is comparable to the General Data Protection Regulation (GDPR) of the European Union.

DPDP Act applies to all organizations that collect, process, or transfer the personal data of Indian citizens, regardless of whether the organization is located in India or abroad. It is also applicable to data collected online or collected offline which will be later digitized. The Act also applies to the Indian government, but with some exceptions.

References
bard.google.com
bing image creator
https://www.india.gov.in/
law app - https://play.google.com/store/apps/details?id=com.rachittechnology.lawapp
law app - https://itunes.apple.com/us/app/law-app/id1351638463?ls=1&mt=8
**This content was created with the help of AI.**

Popular posts from this blog

मराठी रीती रिवाज- महाराष्ट्रातील सण, देवस्थाने, पूजा, आरत्या आणि बरीच माहिती

मराठी रीती रिवाज या जगाच्या पाठीवर, कुठल्याही ठिकाणचे लोकजीवन खुलून येण्यासाठी मुख्यत्वे करून त्या संस्कृती मधले सण, त्यांचे उत्सव यांचा खूपच मोठा वाटा आहे. दैनंदिन आयुष्य जगताना माणूस हा नेहमीच काहीतरी नवीन घडण्याची वाट पहात होता. माणसाच्या या सतत नाविन्याच्या आणि बदलाच्या ओढीने तो समारंभासाठी निमित्ते शोधत गेला.  त्या शोधातूनच सणवारांची निर्मिती झाली. हे सण, उत्सव नेहमीच सर्वाना एकत्र बांधून ठेवण्यात,  त्यातून एकात्मता साधण्यात खूपच  महत्वाचं कार्य करत आले आहे. आपल्या भारतात आपले सण,  उत्सव यांना खूपच महत्व आहे. आपली प्राचीन भारतीय संस्कृती हि नेहमीच अध्यात्माशी निगडित होती. भारतातील तेहतीस कोटी देव, त्यांच्याशी निगडीत असलेल्या पौराणिक कथा, निसर्गात सतत घडणारे बदल, ऋतुमान या सर्वांशी सांगड घालून विविध सणवार यांची निर्मिती झाली. जीवनाला अध्यात्म , भक्तिभावाचा स्पर्श देण्यासाठी सर्व सण उत्सवांना देवकल्पना , पौराणिक कथा-कल्पनांची जोड दिली गेली.  विशिष्ठ देवतेचं अधिष्ठान , श्रद्धा , भक्तिभाव , पूजा ,  व्रत ,   नैवेद्य इत्यादींची जोड दिल्यामुळे सण धार्मिक भावनेने ,   श्रद्धेने साजरे केले
Read more

HOW MOBILE APP IS HELPFUL IN LEARNING LAW ?

Law App - A self-learning platform for Law . Technology has completely transformed our daily life in a best possible way. ‘ Mobile Phone ’ is a great example of such technology. With this Mobile, we can do so many activities, which were hard to believe few years back. In fact today’s generation prefers anything and everything handy i.e. on Mobile, because it is faster n absolutely easy to use. Majority of the businesses/sectors now use Mobile technology to keep pace with the highly competitive market. Mobile technology’s role in educational area is also very vital. Similarly entry of this technology in Legal space has very bright future. WHY YOU NEED A ‘LAW APP’ – THE LAW LEARNING APP : Average cost of Law book is bit expensive. Over the period of time these books needs to be updated & purchased again and again. These books are heavy & expensive as well. So, there has to be a better solution. That's where Rachit Technology steps in. Smart P
Read more

Unique Facts on Aadhaar number And Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016

          Unique Facts on Aadhaar number And Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016   Aadhaar is an individual identification number issued by the Unique Identification Authority of India (UIDAI) on behalf of the Government of India to individuals for the purpose of establishing the unique identity of every single person. Unique Identification Authority of India (UIDAI) is responsible for the processes of enrolment and authentication of Aadhaar Card under Aaadhaar Act, 2016.  Its objective is to collect biometric and demographic data of residents, store them in a centralized database.  First Aadhaar number was launched in Maharashtra in the village of Tembli, on 29 September 2010. Ranjana Sonawne: 782474317884 become the first Indian to get the (UID) number (termed as Aadhaar) Each resident of India will receive 12-digit unique identify number called as Aadhaar.  This number will serve as a proof of identity
Read more

The Real Estate (Regulation and Development) Act, 2016

  The Real Estate (Regulation and Development) Act, 2016 is an Act of the Parliament of India which seeks to protect home-buyers as well as help boost investments in the real estate industry. The bill was passed by the Rajya Sabha on 10 March 2016 and by the Lok Sabha on 15 March 2016 and received Presidents assent on 25 March 2016. The Real Estate Act 2016 to establish the Real Estate Regulatory Authority for regulation and promotion of the real estate sector and to ensure sale of plot, apartment or building, as the case may be, or sale of real estate project, in an efficient and transparent manner and to protect the interest of consumers in the real estate sector and to establish an adjudicating mechanism for speedy dispute redressal and also to establish the Appellate Tribunal to hear appeals from the decisions, directions or orders of the Real Estate Regulatory Authority and the adjudicating officer and for matters connected therewith or incidental thereto. This law vests
Read more

Internet Of Things

Internet of Things It’s all started back in 1960’s when internet started to get in shape. Advanced Research Projects Agency Network (ARPANET) was one of the world's first operational packet switching networks, the first network to implement TCP/IP, and one of the progenitors of what was to become the global Internet. The World Wide Web ("WWW" or simply the "Web") is a global information medium which users can read and write via computers connected to the Internet. Sir Timothy John "Tim" Berners-Lee best known as the inventor of the World Wide Web in early 1990’s. Internet continue to evolve, today it is mainly used for communication between 2 humans or also known as H2H (Human to human communication). It currently dominated by emails, chat services, various messengers, websites, shopping portals, entertainment websites. Today there are billions of devices that are connected to internet processing more than petabytes of data. So important
Read more

How Mobile App is helpful in preparing for Competitive Exams?

Competitive Exam Preparation – Mobile App (One stop solution) Technology has completely transformed our daily life in a best possible way. ‘Mobile Phone’ is a great example of such technology. With this Mobile, we can do so many activities, which were hard to believe few years back. In fact today’s generation prefers anything and everything handy i.e. on Mobile, because it is faster n absolutely easy to use.   Majority of the businesses/sectors now use Mobile technology to keep pace with the highly competitive market. Mobile technology’s role in educational area is also v ery vital. So, entry of this technology in Competitive Exam Preparation has very bright future. Why you need a ‘Competitive Exam Preparation’ Mobile App: In this extremely competitive world, students have to appear for some competitive exam or the other. Competition in the entrance exams for every sector such as Engineering, Medical, Civil Services, Management etc. is growing at a fast rate, so every aspirant must
Read more

Hidden Benefits of Crossword Puzzle

Crossword Puzzles are extremely entertaining. But very importantly, it is more than just a pass time activity. Since 1913, Crossword Puzzles have changed the way people utilize and enjoy words. Since then, the researchers are intensely working out to find the benefits of Crossword Puzzles. Being a boredom buster Crossword Puzzles are actually beneficial for our mental health. Many studies have shown the positive effects of Crossword Puzzles on one’s brain. It improves memory and brain function. It is also very much helpful in early Dementia. It helps in improving verbal skills, problem solving, deep thinking and productivity as well. Crossword Puzzles challenge us, as well as they help us to relax. This shift in consciousness comes with many benefits….... Though it is a great way to pass the time, let’s see what the Crossword Puzzles are good for and how it adds value to your life. Special Benefits of Crossword Puzzles – Improves Vocabulary Crossword Puzzles provide great educational o
Read more

How to Monitor Your Data Usage?

How to Monitor Your Mobile Data Usage? App to monitor your Internet ( 4G/3G/Edge/GPRS/Wifi ), Phone calls ( Incoming/outgoing ) & Call History reports. Worried about phone usage? Want to know total time spend on phone calls? Who is your frequent caller? Surprised by huge phone bill generated at end of the month? Try Phone Usage Monitor , a complete offline phone call and Internet usage monitor tool. Key features of ' Phone Usage Monitor ' - - Track your phone usage real time to avoid extra charges on your bill - View your Wifi and Internet Usage - Track historical data to understand your calling patterns - Detail reports as per your billing cycle - Intuitive reports available at single click - Generate Customized Reports - Share and print your report - No Internet connection required - Progress bar on top ( marked in green/ yellow/ red color ) displays current data/phone usage Once downloaded, the device doesn't need Internet conn
Read more

How Technology is Revolutionizing Legal research: An Insight into the Law App

  The legal field is one that has traditionally been slow to adopt new technologies. However, in recent years, there has been a growing trend of technology being used to revolutionize legal search. There are a number of ways in which technology is making legal research more accessible and efficient. For example, online databases make it possible for people to access legal research materials from anywhere in the world. Mobile apps allow lawyers and other legal professionals to research on the go. And artificial intelligence is being used to automate tasks, such as document review and research. Technology is also helping lawyers to be more productive. By automating tasks, lawyers can free up time to focus on more strategic and creative work. Additionally, technology is making it possible for lawyers to collaborate with colleagues and clients remotely. This can save time and money, and it can also improve communication and efficiency. Technology is improving the quality of legal r
Read more

How to protect your Android Phone from harmful Apps?

Most of smartphones are now used to book tickets online, make payment, access bank transactions, access emails. All this data is confidential and needs to be protected from hackers or harmful apps which shares your confidential data to third party without your knowledge. In May-2017, google identified 40 + famous apps (most of them were games) which were generating fake ad clicks within apps causing data loss to users and revenue loss to Google. How to protect your phone from such apps? Google has introduced Google Play Protect, ( https://www.android.com/play-protect/ ) a process which runs in background and it scans approximately one billion smartphones and over 50 billion apps daily. This also includes apps which are not included on your device. Google Play Protect service keeps on running in background to keep your device, data and apps safe.   When you install an app, check its status while installation. If app is already verified its marked as shown be
Read more