The Digital Personal Data Protection Act, 2023 (hereinafter referred to as the “DPDP Act”) is a landmark piece of legislation that aims to protect the privacy and security of digital personal data in India. The Act was passed by the Parliament of India on 9th August, 2023 and came into force on 11th August, 2023.
Key Features of the DPDP Act
The DPDP Act has a number of key features, including:
- Definition of personal data: The Act defines personal data as any data that relates to a natural person who is directly or indirectly identified or identifiable, in respect of his or her physical, physiological, psychological, financial, cultural or social identity.
- Consent: The Act requires organizations to obtain the consent of individuals before collecting, using, or disclosing their personal data. The consent must be specific, informed, and freely given.
- Data protection principles: The Act sets out a number of data protection principles that organizations must comply with when processing personal data. These principles include fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, security, and accountability.
- Rights of individuals: The Act gives individuals a number of rights in relation to their personal data, including the right to access, correct, erase, and restrict processing of their personal data. Individuals also have the right to object to the processing of their personal data for certain purposes, such as direct marketing.
- Exemptions: The Act provides for a number of exemptions from its provisions. For example, the Act does not apply to the processing of personal data for the purposes of national security, law enforcement, or the administration of justice.
Enforcement of the DPDP Act
The DPDP Act is enforced by the Data Protection Board of India (DPB), which is a statutory body established under the Act. The DPB has the power to investigate complaints, issue orders to organizations, and impose penalties for violations of the Act.
Impact of the DPDP Act
The DPDP Act is expected to have a significant impact on the way that organizations collect, use, and disclose personal data in India. Organizations will need to comply with the requirements of the Act in order to avoid penalties and reputational damage. The Act is also expected to increase the awareness of individuals about their privacy rights and to give them more control over their personal data.
Conclusion
The DPDP Act is a welcome step towards protecting the privacy and security of digital personal data in India. The Act is comprehensive and well-drafted, and it is expected to have a significant impact on the way that organizations collect, use, and disclose personal data.