The Digital Personal Data Protection Act, 2023: A New Era of Privacy Protection in India

Author: Ridhima Lohat (BA LL.B)

College: Noida International University 

 

ABSTRACT:

 

The Digital Personal Data Protection Act, 2023 is a historic piece of legislation designed to safeguard people’s personal information inside the digital ecosystem. It ensures accountability and openness by establishing guidelines for the gathering, processing, storing, and removal of personal data.

 

The Act gives people a number of rights, such as the ability to access information, request that data be corrected or erased, designate another person to exercise rights, and submit complaints against organisations. In addition, companies must take appropriate security measures, get legitimate consent before processing personal data, and notify any breaches.

 

The Data Protection Board of India is also established by the law to look into complaints and enforce adherence. Depending on the type and seriousness of the infraction, non-compliance may result in fines of several hundred crore rupees.

 

The Act has been praised for improving digital privacy, but issues with government exemptions, international data transfers, and operational difficulties still need to be addressed. However, it is a big step toward fostering innovation and economic expansion while establishing a safe digital environment.

 

TO THE POINT:

 

The first comprehensive law controlling the gathering, processing, storing, and safeguarding of personal data in India is the Digital Personal Data Protection Act, 2023 (DPDP Act). The Act aims to strike a balance between an individual’s right to privacy and the government’s and organisations’ justifiable need to process personal data for legitimate reasons. It creates the Data Protection Board of India for enforcement, imposes duties on data fiduciaries, and gives rights to data principals.

 

USE OF LEGAL JARGON:

 

● Data Principal

● Data Fiduciary

● Significant Data Fiduciary

● Consent Manager

● Personal Data

● Processing of Data

● Legitimate Use

● Data Breach

● Fiduciary Duty

● Due Diligence

● Right to Grievance Redressal

● Penalty

● Compliance

● Regulatory Framework

 

THE PROOF:

 

Digital transactions, internet banking, e-commerce, and social media usage all saw substantial increases in India. As a result, worries about identity theft, cyber fraud, and the abuse of personal information grew.

 

The Supreme Court ruled in Justice K.S. Puttaswamy (Retd.) v. Union of India (2017) that Article 21 of the Constitution guarantees the right to privacy. In response to this historic ruling, Parliament passed the Digital Personal Data Protection Act, 2023 to establish a legal framework for safeguarding citizens’ personal information.

 

The Act encourages more robust cybersecurity procedures and responsible data governance by imposing severe financial penalties on companies that fail to protect personal data.

 

CASE LAW:

 

1. Union of India v. Justice K.S. Puttaswamy (Retd.) (2017)

 

● The right to privacy is a fundamental right under Article 21, according to a unanimous ruling by the Supreme Court.

 

● This ruling served as the basis for India’s data protection legislation.

 

2. Union of India v. Anuradha Bhasin (2020).

 

● The Court underlined that limitations must pass the proportionality test and that having access to the internet is necessary for enjoying basic rights.

 

● The ruling made clear how crucial it is to defend digital rights.

 

3. Union of People for Civil Liberties (PUCL) v. Union of India(1997)

 

● The Supreme Court established protections against arbitrary surveillance and acknowledged the right to privacy during phone conversations.

 

● The notion of informational privacy was reinforced by this case.

 

CONCLUSION: 

 

India’s digital legal system underwent a radical change with the passage of the Digital Personal Data Protection Act, 2023. It encourages both public and commercial organisations to handle personal data responsibly while acknowledging privacy as a valuable right. The Act gives people more control over their personal data, improves accountability, and fortifies cybersecurity. The law creates a solid basis for a safe, open, and reliable digital environment in India, despite some implementation issues still existing.

 

FAQs:

 

Q1. What is the objective of the Digital Personal Data Protection Act, 2023?

To control personal data processing while upholding people’s right to privacy.

 

Q2. Who is a Data Principal?

The person to whom the personal data pertains is known as a Data Principal.

 

Q3. What rights are provided under the DPDP Act?

Information access, data correction and erasure, grievance resolution, and nomination are among the rights.

 

Q4. What is a Data Fiduciary?

A person, organization, or government agency that chooses how and why to process personal data.