Digital Personal Data Protection Bill, 2023: A Comprehensive Overview

The Digital Personal Data Protection Bill, 2023, was introduced in the Lok Sabha on August 3, 2023, with the primary objective of safeguarding personal data and ensuring people’s privacy. The Digital Personal Data Protection Bill, as it is known, intends to grant the government led by Prime Minister Narendra Modi extensive decision-making authority. The proposed powers would empower the government to exempt select data fiduciaries, including startups, from compliance with the requirements when deemed appropriate. Furthermore, they would have the authority to authorize the processing of children’s data if the fiduciary can demonstrate adequate safeguards.

Under the provisions of the Digital Personal Data Protection Bill, the government is now empowered to designate countries where the transfer of users’ personal data is forbidden, marking a change from the previous draft. The original suggestion was to permit data transfers to “notified countries and territories.” Furthermore, the new legislation provides legal immunity to the Central Government, the data protection board, and its members, including the Chairperson, shielding them from future legal proceedings.

Individuals have the ability, according to the Act, to approach the data protection board if their data protection concerns are not appropriately addressed by the data fiduciary within seven days. The measure also requires the public to provide accurate personal information and prohibits impersonation. Individuals who fail to comply with the bill’s duties may face fines of up to $121 (10,000 Indian rupees). In contrast, significant fines of up to $30 million (250 crores Indian rupees) can be imposed on data fiduciaries found to be in breach of the legislation. The data protection board’s rulings can be challenged by requesting a review at the Telecom Disputes Settlement and Appellate Tribunal within 60 days, as specified in the bill.

One major change from the previous draft is the elimination of the “deemed consent” clause, which allowed platforms to acquire personal data willingly submitted by users, particularly when using public services. Personal data may also be accessed by the government to provide subsidies or fulfill legal responsibilities. However, experts like Kamesh Shekar of The Dialogue, a public policy think tank, emphasise the need to strike a balance between data controllers’ interests and data principals’ fundamental rights.

India’s approach to data privacy differs from that of Europe’s GDPR and the United States’ CCPA, as it does not involve harsh fines and grants the federal government the authority to modify regulations in certain instances. IT Minister Rajeev Chandrasekhar praised the measure, considering it a significant step forward in the development of the global cyber legal framework, emphasising themes such as data minimization, protection, accountability, correct storage, and required breach notification.

The journey towards data protection began in 2017, with the first bill arriving in 2019. However, it faced scrutiny and criticism, leading to its withdrawal. The introduction of the new law addresses concerns about data abuse by platforms and corporations, focusing on preserving individuals’ rights and fostering an innovative ecosystem within a legal framework.

The plan still needs approval from the Indian Parliament’s upper house and the Indian President before becoming law. Nevertheless, political parties have raised objections, citing the central government’s extensive powers. Critics believe that the measure fails to address critical concerns and does not fully uphold informational privacy standards. The government has faced criticism for not releasing the results of public consultations on the measure. Organisations like the Internet Freedom Foundation have warned that the law might result in increased governmental monitoring and a weakening of the Right to Information Act.

The Digital Personal Data Protection Bill, 2023, has faced criticism and opposition from various stakeholders who believe it falls short of safeguarding the Right to Privacy. They argue that it should be revised before enactment to address the recurring problems and recommendations raised by civil society stakeholders.

-Hrishika Tripathi

Team Profile

Hrishika TripathiContent Writer

Latest entries

• News4 September 2023ISRO’s Strategic Approach: Enhancing Efficiency and Scientific Discovery with Pragyan Rover on the Moon
• News4 September 2023India’s Solar Space Observatory and Sun Exploration Mission, Aditya-L1
• News3 September 2023KARNATAKA’S GRUHA JYOTI SCHEME: Providing Relief and Savings to Household Consumers Amid Rising Energy Demand
• News2 September 2023A Significant Development in Indian Education: NCERT’s Designated University Status