Abstract
Having been duly sanctioned from both the Houses of the Parliament of India, the “Digital Personal Data Protection Bill” was formally enacted by the President of India on August 11, 2023. After deliberations and debates spanning over 2 years, the Digital Personal Data Protection Act 2023 stands as the outcome of the fifth iteration of the proposed personal data protection legislation. As India’s first-ever cyber-privacy Act, it is designed to protect all Indians’ personal data. The enactment marks a significant milestone by establishing a devoted legal framework in the country. It draws attention to the significance of the Indian Data Protection Board, its main features, and the responsibilities and rights of both individuals and organizations. Non-personal data is not covered by the DPDP Act, which is focused on digital personal data. The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data of Information) Rules, 2011 and Section 43A of the Information Technology Act, 2000 will be superseded by the DPDP Act 2023 - once its provisions come into effect. The Act is applicable to the treatment of digital personal data in India regardless of whether the data is digitised after being collected offline or online. If such processing is done outside of India in order to supply services or products in India, it will also be covered. Only with an individual’s consent and for a legitimate reason personal data can be handled. Certain lawful uses, such as an individual’s voluntary data sharing or the State’s processing of data for licences, permits, benefits, and services, may not require consent. Data Fiduciaries will have a duty to ensure data accuracy, store data securely, and remove it after it has served its purpose.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call