In the world of fast-growing digitisation, where information flows and interacts at an unprecedented speed, personal data security has always been a great concern for people. Over time, technology has taken a great place in people’s lives. In the digital age, people are greatly involved in interaction with websites, apps, and services, leaving their identifiable information or personal health information. These data of the users might be used for inappropriate purposes. These increasing activities introduced the Digital Personal Data Protection Act, of 2023(DPDP Act). DPDP Act is a great initiative in India’s journey to establish a framework for the protection of citizens’ digital and personal data. The attempt at digital protection not only redefines the boundaries of data privacy but also enhances the way data is shared with individuals, businesses, and governments. However, the Digital Data Protection Act, of 2023 wasn’t the first attempt to safeguard citizen’s data with data privacy law before this initial attempt was drafted in 2018. Let’s take a moment to understand the brief history of the DPDP Act.
Later in 2017, a decision was passed by the Supreme Court of India to establish the right to privacy as a fundamental right, suggesting a broader right to life and liberty. The judgement especially highlights the right to informational privacy as a part of citizen’s fundamental rights, including the protection of digital data and the practical framework and mechanisms needed to impose it. The journey of data privacy began in 2018, led by the Srikrishna Committee, inspired by international regulations like the General Data Protection Regulations(GDPR). A year after 2018, the government of India presented its first bill on the protection of citizen’s data, highlighted by parliamentary reviews which resulted in a committee report in 2021. Surprisingly, the first bill on the protection of personal data was withdrawn, and a new draft proceeds in the form of Digital Personal Data Protection which brings to a conclusion of 2023 law(Digital Personal Data Protection Act, 2023).
The Digital Personal Data Protection bill is the refined version of the 2019 bills which has reduced obligations for business and protection for consumers. The regulatory framework of the 2023 bill is simple but reserved potential power for the central government in some cases. Some other features of the bill are highlighted below.
Digital Personal Data Protection applies to all the Indian residents and businesses collecting data and the non-residents living in India, who collect the data of Indian residences. The act is not only confined to the Indian territory but also extends outside India if any goods or services are being offered to the Indian citizens.
Purpose of Data Collection and Processing
The act involves the sharing of any personal data for any lawful purpose. It can be done either by taking individual consent for legitimate uses, that the law explains. But it must be considered that the consent should be free, specific, informed, unconditional, and with a clear affirmative. This defines the user's rights to take a complete summary of the collected data and the sharing details. Furthermore, a request can be also raised by individuals for any corrections, or updates.
The whole responsibility of collecting, storing, and processing digital data has been given to the data fiduciaries who are obligated to secure citizen's information and inform the authorities in case of data breaches. These entities include maintaining the security of users, ensuring the accuracy of personal data, and information on data breaches to the Data Protection Board of India(DPB).
Violation of the Digital Personal Data Protection Act offers heavy penalties. The penalties are offered for non-compliance with the fiduciaries provision and penalties can be up to INR 250 crore.
All penalties imposed by the Board under certain violations of the DPDP Act are credited to the consolidated fund of India. These penalties serve a broader purpose and drive the nation toward financial resources. However, compliance with the DPDP Act is strongly recommended to remain unaffected by any penalties.
DPDP Act has a pivotal role in transforming India into a robust data protection framework. The 2023 act aims to safeguard citizens' digital data with the establishment of data privacy laws and regulations. The DPDP Act is often described as a culmination of more than 5 years of debate and deliberation, ensuring India’s commitment to data protection and setting a foundation of digital trust in the modern landscape. we at Skyquest provide complete services for foreign investment transactions and effective advice to comply with all regulatory frameworks. Our highly dexterous team takes care of every documentation of clients to minimise the penalty issue and ensure the best business growth.
Book an appointment with the Best FEMA Consultant in Delhi.