In a significant development, President Droupadi Murmu of #India has granted her assent to the Digital Personal Data Protection Bill, 2023 (#DPDP Bill) after its passage through both houses of parliament. The unanimous approval from the Rajya Sabha on August 9 and the Lok Sabha’s voice-vote passage on August 7, despite opposition objections, marks a critical step towards regulating the management of digital personal data in the country.

The central objective of the DPDP Bill is to establish a harmonious equilibrium between an individual’s right to safeguard their digital personal data and the legitimate necessity of processing such data for lawful and relevant purposes. The essence of the bill lies in its capacity to facilitate the processing of digital personal data while ensuring the protection of individual privacy rights.
Described as “A Bill to provide for the processing of digital personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto,” the bill embodies a comprehensive framework for data management.

This legislative endeavor encompasses a wide ambit, governing the processing of digital personal data within the borders of India. It applies to both online and digitized offline data processing. Significantly, the bill also extends its reach beyond the national boundaries, encompassing data processing that occurs outside India, provided it pertains to offering Indian goods or services.

The cornerstone of the bill’s provisions rests upon the requirement of obtaining consent for the lawful processing of personal data. Exceptions to this rule exist, permitting voluntary data sharing and state-related data processing. Data fiduciaries, entities responsible for handling personal data, are entrusted with several crucial responsibilities. These include ensuring data accuracy, upholding data security, and the eventual deletion of data once its intended purpose has been achieved.

Furthermore, the DPDP Bill introduces an array of rights vested in individuals. These rights span from the right to access information and request data correction to the right to seek data erasure and redressal of grievances stemming from data mishandling.
Nevertheless, certain provisions within the bill have spurred concerns. Notably, government agencies could potentially be exempted from adhering to the bill’s provisions under specific circumstances, a prerogative granted by the Central government. While these circumstances generally revolve around national security, public order, and offense prevention, they have sparked debates over potential breaches of individuals’ fundamental right to privacy. Critics argue that such exemptions might inadvertently lead to the excessive collection, processing, and retention of personal data, transcending what is genuinely necessary.

Another area of contention pertains to the bill’s handling of risks associated with the processing of personal data, where concerns have been raised regarding its potential inadequacy in regulating potential harms stemming from data processing activities.
A unique aspect of the DPDP Bill is its use of gender-neutral pronouns. For the first time in Indian legislation, pronouns like “her” and “she” are utilized to refer to individuals regardless of their gender. The bill’s “Interpretation” provision explicitly elucidates this linguistic approach, clarifying the intent behind the usage of these pronouns.

In conclusion, the assent granted by President Murmu to the Digital Personal Data Protection Bill, 2023 represents a significant stride towards safeguarding digital personal data in India. While the bill aims to strike a balance between data privacy and lawful processing, it also evokes pertinent debates surrounding exemptions, privacy infringements, and regulatory comprehensiveness. As the bill’s provisions take effect, they are poised to reshape India’s digital data landscape and influence discussions on data protection worldwide.

Enactia can be tailored to address the needs of businesses to address their data protection governance and compliance challenges.

Privacy #DataProteciton #India #Digital #Personal #DataProtection