The President of India Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill, 2023 (DPDP Bill) after it was passed by both the houses of the parliament.
The DPDP bill was passed unanimously by the Rajya Sabha on August 9 while the Lok Sabha passed the bill on August 7 by voice-vote even as opposition leader opposed it.
The Bill aims to manage digital personal data by balancing individuals’ right to safeguard their data with the need to lawfully process such data for relevant purposes.
“A Bill to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto,” the Bill’s text says.
The Bill applies to digital personal data processing in India, including online and digitized offline data. It extends to processing outside India for offering Indian goods or services.
Personal data needs consent for lawful processing, with exceptions like voluntary sharing or state-related processing.
Data fiduciaries will bear the responsibility of maintaining data accuracy, ensuring data security and deleting data once its intended purpose has been fulfilled.
The Bill bestows certain rights upon individuals, encompassing the right to access information, request data correction and erasure and seek resolution for grievances.
Under certain circumstances, government agencies may be exempted by the Central government from adhering to the provisions of the Bill. These circumstances typically revolve around specific grounds, such as safeguarding the state’s security, maintaining public order and preventing offences.
To oversee compliance with the Bill’s provisions, the Central government will establish the Data Protection Board of India, which will be tasked with adjudicating cases of non compliance.
Concerns have been raised regarding the potential violation of the fundamental right to privacy due to exemptions granted for data processing by the State, particularly under the grounds of national security. These exemptions could potentially result in data collection, processing, and retention beyond what is deemed necessary.
It has also been pointed out that the Bill does not regulate risks of harms arising from processing of personal data.
Notably, the Bill is the first law in India to use she/he pronouns while referring to all genders.
The Bill’s “Interpretation” provision clarifies that the pronouns “her” and “she” in the proposed legislation have been used for an individual, irrespective of gender.
Name –Priya Dubey , College-Lloyd law college , Semester-3rd
0 Comments