The Digital Personal Data Protection (DPDP) Bill 2023 has been passed in both the houses. It was passed in the Lok Sabha on 7th August 2023 and in the Rajya Sabha on 9th August 2023. The Digital Personal Data Protection Act 2023 came into force from 11 August 2023.
According to Article 21 of the Indian Constitution “Right to privacy is a fundamental right” and it says that “no person shall be deprived of his life or personal liberty except according to procedure established by law”.
“The Act provides for the processing of digital Personal Data in a manner that recognizes both the rights of the individuals to protect their Personal Data and the need to process such Personal Data for lawful purposes and matters connected therewith or incidental thereto”.
The digital data protection Act is related to the right to privacy. The Act is based on the judgement by the Supreme Court in the Puttaswamy judgment of 2017. The Act aims to protect the privacy of person by handle how their personal data is collected, processed, stored and transferred by various organism, both private and government. The Act also grants several rights to people over their personal data, like right to access, correct, erase storage and restrict their data. People have the right to withdraw their consent or object to the processing of their personal data, unless the law excluded. But they cannot hide their data or refuse to give consent if required by law.
The Act is related to the processing of digital personal data in India, collecting by online or offline. It also applies to outside of India where the purpose is to provide products or services in India. It simply excluded the processing of personal data for certain limit like prevention of crime, inquiry, or court case, personal, domestic, media purposes, and state liability. But such processing needs to have a clear, defined, and legal purpose as well as a few security measures. For example, if they want to show their assets and liabilities, criminal records, educational qualifications, etc. as per the Representation of the People Act, 1951, they cannot hide or refuse to give consent. Similarly, if person sign a contract with a service provider and they request to share personal data, that time no one will able to hide or refuse to provide consent.
The Act excluded government agency (Ministry of defence, finance, external affairs and many more) for purposes of national security, public order, India’s sovereignty and integrity, good relations with foreign governments. This could give the government wide powers to access and use personal data of MPs and MLAs without their consent or mistake. This could result in MPs and MLAs receiving different treatment based on their political party.
Every person who holds assets in trust for a beneficiary must appoint a data protection officer who will be in charge of protect rules in the law and coordinating with the data protection authority, according to the bill. It means MPs and MLAs will have to appoint such officers for their offices or constituencies and ensure that they follow the authority’s rules and standards. This could allow MPs and MLAs to exercise these rights over their own data.
“An interesting aspect of the Act is its unique feature of using she/her pronouns when referring to individuals, a notable development in India’s legislative landscape.”
After the Digital Personal Data Protection Act 2023, a person has below rights over the information