Digital Personal Data Protection Act, 2023

From Bharatpedia, an open encyclopedia
Digital Personal Data Protection Act, 2023
Parliament of India
Territorial extentIndia
Enacted byLok Sabha
Passed7 August 2023
EnactedRajya Sabha
Passed9 August 2023
Signed byPresident of India
Legislative history
Introduced byAshwini Vaishnaw Minister of Electronics and Information Technology, Minister of Communications, Minister of Railways
First reading3 August 2023
Keywords
Consent, Data privacy, Data breach
Status: Not yet in force

The Digital Personal Data Protection Act, 2023 (also known as DPDP Act or DPDPA-2023) is an act of the Parliament of India to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto.[1] This is the first Act of the Parliament of India where "she/her" pronouns were used unlike the usual "he/him" pronouns.[2]

The Minister of Electronics and Information Technology Ashwini Vaishnaw has informed that the Central government is setting up the Data Protection Board of India which will be an independent body. It will monitor compliance and imposition of penalties, direct data fiduciaries to take necessary measures in the event of a data breach and hear grieevances made by affected persons.

Background[edit]

On 24 August 2017, the Supreme Court of India gave the Right to Privacy verdict. In the case of Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Ors. the Supreme court held that the Right to Privacy is a fundamental right protected under Article 21 and Part III of the Indian Constitution.[3]

Summary[edit]

  • The Digital Personal Data Protection Act frames out the rights and duties of the citizen (Digital Nagrik) on one hand and the obligations to use collected data lawfully of the Data Fiduciary on the other hand. The Act is based on the following principles around the Data Economy:
    • The act will establish the comprehensive legal framework governing digital personal data protection in India. The act provides for the processing of digital personal data in a manner that recognizes the right of individuals to protect their personal data, societal rights and the need to process personal data for lawful purposes.[1]
  • The bill was passed by Lok Sabha on 7 August 2023.[4]
  • The bill was passed by Rajya Sabha on 9 August 2023.[5]

Provisions[edit]

  • Right to access she/her personal data
  • Right to correction and erasure
  • Right to revoke consent
  • Special provisions for the protection of data related minors (under 18 children)
  • Minimum penalty for breach is 50 crore INR
  • The terms and conditions and information related to collection of data should be made available in all the 22 languages in the 8th schedule of the Indian constitution
  • Right to grievance redressal
  • Right to nominate a consent manager to manage their data related requests on behalf of a data principle

Exemptions[6][edit]

The Act has made exemptions from the regulations related to the Act, they are:

  • The processing of personal data is necessary for enforcing any legal right or claim
  • The processing of personal data by any court or tribunal or any other body in India which is entrusted by law with the performance of any judicial or quasi-judicial or regulatory or supervisory function, where such processing is necessary for the performance of such function
  • Personal data is processed in the interest of prevention, detection, investigation or prosecution of any offence or contravention of any law for the time being in force in India
  • Personal data of Data Principals not within the territory of India is processed pursuant to any contract entered into with any person outside the territory of India by any person based in India
  • The processing is necessary for a scheme of compromise or arrangement or merger or amalgamation of two or more companies or a reconstruction by way of demerger or otherwise of a company, or transfer of undertaking of one or more company to another company, or involving division of one or more companies, approved by a court or tribunal or other authority competent to do so by any law for the time being in force
  • The processing is for the purpose of ascertaining the financial information and assets and liabilities of any person who has defaulted in payment due on account of a loan or advance taken from a financial institution, subject to such processing being in accordance with the provisions regarding disclosure of information or data in any other law for the time being in force

See also[edit]

References[edit]

  1. 1.0 1.1 "The Digital Personal Data Protection Bill 2023 PDF" (PDF).
  2. "Draft data protection Bill uses 'she' and 'her' to refer to all individuals". The Hindu. 2022-11-18. ISSN 0971-751X. Retrieved 2023-08-09.
  3. "Wayback Machine" (PDF). web.archive.org. Retrieved 2023-08-09.
  4. "Data protection bill passed by Lok Sabha, next stop Rajya Sabha". Moneycontrol. 2023-08-07. Retrieved 2023-08-07.
  5. Chishti, Aiman J. (2023-08-09). "Parliament Passes Digital Personal Data Protection Bill". www.livelaw.in. Retrieved 2023-08-09.
  6. "Digital Personal Data Protection Act 2023 TEXT" (PDF).
Information red.svg
Scan the QR code to donate via UPI
Dear reader, We kindly request your support in maintaining the independence of Bharatpedia. As a non-profit organization, we rely heavily on small donations to sustain our operations and provide free access to reliable information to the world. We would greatly appreciate it if you could take a moment to consider donating to our cause, as it would greatly aid us in our mission. Your contribution would demonstrate the importance of reliable and trustworthy knowledge to you and the world. Thank you.

Please select an option below or scan the QR code to donate
₹150 ₹500 ₹1,000 ₹2,000 ₹5,000 ₹10,000 Other


Retrieved from "https://en.bharatpedia.org/index.php?title=Digital_Personal_Data_Protection_Act,_2023&oldid=404927"