Introduction:
The Digital Personal Data Protection Act, 2023, was enacted to establish a comprehensive framework for the protection of personal data in India. It aims to regulate the processing of digital personal data, ensuring privacy and accountability, while fostering innovation in the digital economy.
Context:
- With the rise of digital services, concerns about data privacy and misuse of personal information have grown. The Act aligns with India’s Supreme Court ruling in the Puttaswamy case (2017), which recognized privacy as a fundamental right.
Salient Features:
- Consent-Based Data Processing: Personal data can only be processed with the explicit consent of the individual (data principal).
- Data Fiduciaries: Organizations handling data (data fiduciaries) must ensure transparency, data security, and provide mechanisms for data correction or deletion.
- Data Protection Board: A Data Protection Board will be established to oversee compliance and address grievances related to data breaches.
- Cross-Border Data Transfer: Data can be transferred to trusted countries as notified by the government.
- Penalties: Non-compliance can result in penalties up to ₹250 crore, ensuring strict accountability.
- Rights of Individuals: Data principals have rights to access, correct, and erase their data.
Conclusion:
The Digital Personal Data Protection Act, 2023, aims to safeguard personal data, balance the interests of stakeholders, and foster a secure digital environment for individuals and businesses alike.
Legacy Editor Changed status to publish October 16, 2024