Join Now / Sign In

Digital Personal Data Protection Act 2023

Data Protection Act 2023

What is digital personal data

Digital personal data refers to any information that is associated with an individual and can be stored, processed, or transmitted electronically. This data can include a wide range of information, both directly and indirectly identifiable, that pertains to an individual’s identity, characteristics, behaviours, and interactions. Examples of digital personal data include: Basic Identifying Information, Biometric Data, Financial Information, Health Information, Online Behaviour and Preferences, Location Data, Employment and Education Information, Social and Demographic Data, Communication Data, Biographical Data.

Connect with an expert lawyer for your legal matter

Digital Personal Data Protection Act 2023

The Digital Personal Data Protection Act was granted approval by the President of India on August 12, 2023. This paves the path for the act to become effective once it is officially announced by the central government. This act holds the distinction of being India’s inaugural legislation pertaining to data processing, and it introduces numerous changes to the Right to Information Act and the Information technology act framework. The legislation is relevant to the handling of digital personal information within India in scenarios where this information is either:

Consult with Experienced Lawyer for your legal issue
  • collected through online means, or
  • collected through offline channels and subsequently converted into digital format.

Furthermore, this legislation will also be applicable to the processing of personal data beyond India’s borders, provided it is connected to offering goods or services within the country. Personal data is outlined as any information concerning an identifiable individual that can be linked to or associated with that data. Meanwhile, processing is defined as a completely or partially automated action or series of actions conducted on digital personal data. This encompasses activities such as gathering, storing, utilizing, and sharing of such data.

Consult with Supreme Court Lawyer

Key features of the Digital Personal Data Protection Act 2023

  • The legislation will be applicable to the handling of digital personal information within India. This encompasses cases where such data is collected online, or collected offline and later digitized. Furthermore, the law will extend its jurisdiction to instances of such processing occurring outside of India if it pertains to offering goods or services within the country.
  • Personal data can only undergo processing if there is a legitimate reason for it, and this can only occur with the individual’s consent. Some specific lawful uses, like voluntary data sharing by the individual or State processing for permits, licenses, benefits, and services, might not necessitate explicit consent.
  • Entities entrusted with data (data fiduciaries) must ensure that the data is accurate, securely maintained, and erased when its intended purpose is fulfilled.
  • The legislation confers specific rights to individuals, including the right to access information, request corrections and deletions, and avail mechanisms for addressing grievances.
  • In certain cases, government agencies might be exempted from adhering to the law’s provisions for reasons such as safeguarding the state’s security, maintaining public order, and preventing offenses.
  • To oversee compliance with the legislation, a Data Protection Board of India will be established by the central government. This board will address instances of non-compliance with the act’s stipulations.

Object behind enactment of Digital Personal Data Protection Act 2023

The main objective behind the enactment of the Digital Data Protection Act is to safeguard and regulate the handling of personal data in the digital realm. This legislation aims to address the growing concerns related to privacy, data security, and the responsible use of personal information in the age of technology and online interactions. Key objectives of the Digital Data Protection Act in India include:

  • Protection of Privacy: The primary goal is to ensure that individuals have control over their personal data and that their privacy is respected. The act aims to give individuals more transparency and control over how their data is collected, processed, and used.
  • Data Security and Integrity: The act seeks to establish standards for data security to prevent unauthorized access, breaches, and cyberattacks that could lead to the exposure of sensitive personal information.
  • Consent and Fair Use: The act emphasizes obtaining informed consent from individuals before their data is collected and processed. It aims to ensure that data is used for legitimate and fair purposes and that individuals have the right to know how their data is being used.
  • Regulation of Data Processing: The legislation intends to regulate the activities of entities that collect, store, process, and transmit personal data. It outlines rules and responsibilities for data fiduciaries (those who manage personal data) to ensure responsible and ethical data handling.
  • Individual Rights: The act grants individuals specific rights, such as the right to access their data, correct inaccuracies, and even request the deletion of their data in certain cases. It provides mechanisms for individuals to exercise these rights.
  • Cross-Border Data Flow: The legislation aims to regulate the cross-border transfer of personal data, ensuring that data sent outside India is protected in a manner consistent with domestic standards.
  • Accountability and Enforcement: The act establishes mechanisms for enforcing its provisions, including penalties for non-compliance. It holds data fiduciaries accountable for adhering to the principles and guidelines set out in the legislation.
  • Promoting Trust in Digital Services: By setting clear rules for data protection and privacy, the act aims to build trust between individuals and organizations, fostering a more conducive environment for digital interactions and services.
  • International Alignment: The legislation also seeks to bring India’s data protection framework in line with global standards, promoting interoperability and collaboration with other countries that have similar regulations.

Issues with the Digital Personal Data Protection Act 2023

  • Exemptions to data processing by the State, citing reasons like national security, could result in the accumulation, manipulation, and retention of data beyond what is essential. This has the potential to infringe upon the basic right to privacy.
  • The Digital Personal Data Protection Act does not effectively oversee the potential risks associated with the processing of personal data.
  • The rights to data portability and the right to be forgotten for individuals are not granted under the provisions of the Act.
  • The Act permits the transfer of personal data to foreign countries, except those identified by the central government. This approach might not guarantee a comprehensive assessment of data protection standards in the recipient nations where the data transfer is permitted.
  • Members of the Data Protection Board of India will be appointed for a term of two years, with the possibility of reappointment. The short tenure combined with the option for reappointment could impact the independent functioning of the Board.

Conclusion

Overall, the Digital Data Protection Act in India aims to strike a balance between technological advancements, data-driven innovations, and the fundamental rights of individuals to privacy and control over their personal information. It reflects the need to adapt legal frameworks to the digital age and address the challenges and opportunities presented by the digital economy.

Connect with nearby lawyer
Join Us On What's App Channel For Latest & Fastest Update

Frequently Asked Questions(FAQ'S)

The Digital Personal Data Protection Act was granted approval by the President of India on August 12, 2023. This paves the path for the act to become effective once it is officially announced by the central government. This act holds the distinction of being India’s inaugural legislation pertaining to data processing, and it introduces numerous changes to the Right to Information framework.

The Information Technology Act primarily focused on issues related to electronic transactions, digital signatures, cybercrime, and electronic governance, but it did not have comprehensive provisions specifically dedicated to personal data protection. For comprehensive personal data protection, India has enacted the Personal Data Protection Act,” which was aimed at regulating the processing of personal data in the digital realm, addressing privacy concerns, and establishing guidelines for responsible data handling.

The digital protection law is governed by Digital Personal Data Protection Act, 2023 and it represents the result of years of collaborative work between the government and industry to establish a distinct data protection regulation in India. Its purpose is to oversee all types of personal data acquired, managed, and stored in digital form, with applicability extending to entities based outside India as well. It introduces fundamental terms like Data Fiduciary and Data Principal, underlining the significance of securing user consent prior to data processing.

The new act protects data (i) collected through online means, or (ii) collected through offline channels and subsequently converted into digital format. The legislation safeguards digital personal information (which refers to data enabling an individual’s identification) through the Defining responsibilities of Data Fiduciaries (entities such as individuals, corporations, and government bodies that handle data) when it comes to data processing (comprising activities like collection, storage, and other data operations), Specifying the rights and responsibilities of Data Principals (the individuals to whom the data pertains), Imposing monetary fines for violations of rights, responsibilities, and obligations.

Digital rights, intricately tied to both the liberty to express oneself and personal privacy, encompass the entitlements enabling individuals to reach, employ, produce, and share digital content. Additionally, they encompass the authorization to approach and utilize computers, electronic gadgets, and communication networks. These rights reflect an expansion of human rights tailored to the era of the Internet. Cyber-rights acknowledge the entitlement of individuals to avail themselves of, manipulate, generate, and distribute digital content, as well as the entitlement to gain entry to the essential computers, electronic devices, and communication networks to effectively exercise these privileges.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Bursting the Common Misconceptions around Alimony Laws in India

From Likes to Lawsuits: What Indian Law Says About Your Social Media Activity

Income Tax India E-Filing for Freelancers and Consultants

Recent Posts

Xperts Legal is a platform providing listing opportunities for lawyers based on their expertise and the courts they practice regularly

Email Us:connect@xpertslegal.com 
Call Us:+91 93559 99104
Prefered Time To Call:Monday to Saturday (10am to 6pm)

Company

Quick Links

Copyright 2023 © Xperts Legal. All Rights Reserved

Linkedin Facebook Twitter Youtube Instagram