“Digital Personal Data Protection Act”—A Strudel Served Raw!

Abstract

The good news is that personal data privacy law has become a reality in India. The bad news is 95% of the public is ignorant of the same, 3% do not know what it entails and the rest 2% are voraciously engaged in an intellectual feud. Privacy as a concomitant of natural or inalienable rights has been recognized in the western hemisphere since the 18th century. In India, the legislative history of the doctrine can be traced to the trilogy of cases during the 1950’s. It was only post 1978, that the apex court of the country passed a slew of judgements recognizing the right to privacy as an essential part of the right to “protection of life and personal liberty” embodied under the Indian Constitution and thereby bestowing the fundamental right status. On August 24, 2017, a nine-judge Constitution bench of the Supreme Court of India (Puttaswamy judgment) re-wrote history as it not only recognized and reconfirmed the fundamental right status of “ right to privacy” but also laid the foundation of data protection law in the country. August 11, 2023, marks a historic date in the legislative annals of digital India, as the country enacted the Digital Personal Data Protection Act, 2023 (“DPDP Act” or “Act”) after more than half a decade of deliberations. At a time when technology has become the defining paradigm of every business, the DPDP Act seeks to lay the foundation for developing a strong data privacy regime in the country. The Act in its new avatar is quite different from its predecessors proposed earlier. Ironically, the regulations themselves have set ajar a host of challenges, issues and steeplechases, which can barely be fathomed at this moment. In addition, the DPDP Act is yet to be notified or implemented by the Central Government. The key question this paper discusses is whether this seemingly endless period of deliberations culminated into a robust and comprehensive law or is it simply a Strudel served raw! To answer this question, the paper first charts the history of the concept with a chronological approach on a global platform. The second part of the paper charts the pre-DPDP era in India. The third part recapitulates the DPDP Act (in the present form) in a nutshell, while the fourth part dissects the DPDP Act highlighting certain potentially problematic features of this law. Lastly, the paper will examine what can be done to influence the development of a robust and sustainable data protection regime in the country in the years to come. Keywords: Data Privacy, DPDP Act, Indian Privacy Law, Origin of Privacy Laws