Download This PaperFrom Pixels to Policies: Analysing the Provisions and Navigating the Complexities of the Digital Personal Data Protection Act, 2023
14 Pages Posted: 25 Mar 2024 Last revised: 27 Mar 2024
Date Written: August 22, 2023
Abstract
After receiving approval from the Union Cabinet on July 5, 2023, the latest iteration of the Digital Personal Data Protection Bill, 2023 was officially introduced to the Lok Sabha on August 3, 2023, and was passed on August 7, 2023. The bill finally got the assent of the President on August 11, 2023, and will be called the 'Digital Personal Data Protection Act, 2023 (referred to as DPDP) This updated version of the bill (which is now an act) builds upon its previous version, which was introduced in November 2022 (known as the 2022 Bill). While retaining its fundamental concepts, the new version incorporates strategic modifications.
While minor adjustments have been made across various aspects, the more significant alterations encompass the establishment and composition of the Data Protection Board, the Central Government's authority to formulate regulations, and the conditions under which entities might be exempted from the provisions of the act. Through this recent rendition, the legislation has introduced robust responsibilities concerning notification and consent obligations 'certain legitimate uses for processing personal data without explicit consent, established an 'Appellate Tribunal,' and heightened the obligations of data fiduciaries in relation to handling children's data, among other provisions.
The primary scope of the DPDP is directed toward safeguarding personal data in the digital realm. A significant issue arises from the various clauses within the DPDP that are reliant on decisions made by the Central Government. This situation gives rise to concerns about the possibility of unregulated and discretionary rule formulation.
Keywords: Digital Personal Data Protection Act, Data Privacy, Right to Privacy
Suggested Citation: Suggested Citation