Apni Pathshala

Menu

7878158882

(Mon - Sat| 10 AM - 6 PM)

Menu

7878158882

(Mon - Sat| 10 AM - 6 PM)

Menu

7878158882

(Mon - Sat| 10 AM - 6 PM)

Menu

7878158882

(Mon - Sat| 10 AM - 6 PM)

Menu

7878158882

(Mon - Sat| 10 AM - 6 PM)

Login
Menu

7878158882

(Mon - Sat| 10 AM - 6 PM)

Login

Digital Personal Data Protection (DPDP) Act, 2023

Why in News? 

The Government of India has drafted rules under the Digital Personal Data Protection (DPDP) Act, 2023. The Ministry of Electronics and Information Technology prepared the draft. According to the draft, social media accounts for minors will require parental consent. The government seeks public suggestions to finalize the rules.

Introduction of Digital Personal Data Protection (DPDP) Act, 2023

The Digital Personal Data Protection (DPDP) Act, 2023 is a landmark legislation that safeguards individuals’ rights over their personal data while enabling its processing for legitimate purposes. 

  • This law was passed by the Indian Parliament in October 2023. This is India’s first comprehensive data protection framework.
  • It applies to all forms of personal data, whether collected online or offline and later digitized to ensure robust privacy protections in the digital age.
  • The genesis of the DPDP Act lies in the Puttaswamy judgment of 2017, where the Supreme Court of India declared privacy as a fundamental right under the Indian Constitution. 
  • Following this decision, the government formed Justice B.N. Srikrishna Committee to draft a strong data protection framework, culminating in the creation of the DPDP Act.
  • The law establishes clear guidelines for the collection, storage, and processing of personal data
  • According to the draft rules of the Digital Personal Data Protection Act 2023 (DPDP), children will need parental consent to access social media in India. Under the law, a child is defined as any user below the age of 18.
  • By balancing data privacy with legitimate data processing needs, the DPDP Act marks a significant step toward protecting citizens in an increasingly digital world. 

Key Provisions and Principles of Digital Personal Data Protection (DPDP) Act, 2023:

The Digital Personal Data Protection (DPDP) Act, 2023 introduces a comprehensive framework to safeguard personal data while promoting lawful and ethical data processing. It seeks to balance individual privacy rights with the needs of businesses and government entities. 

  • Protection of Personal Data: The Act acknowledges the right of individuals (referred to as Data Principals) to safeguard their personal data. It mandates that data must only be processed for legitimate and specific purposes to prevent misuse.
  • Applicability: The DPDP Act applies to digital personal data. It covers data processing activities related to India, including foreign entities dealing with Indian users. With over 700 million internet users (as per TRAI, 2023), this Act impacts a significant portion of the population and strengthens India’s position as a global digital leader.
  • Roles and Responsibilities:
    • Data Principals: Individuals must provide accurate information, avoid impersonation, and refrain from filing false complaints. For example, a user signing up for an e-commerce platform like Amazon is responsible for providing valid details.
    • Data Fiduciaries: Organizations processing data (e.g., Paytm or Zomato) must ensure that personal data is collected, stored, and processed in a secure and ethical manner.
  • Rights of Data Principals:
    • Right to Consent: Data Fiduciaries must obtain clear and explicit consent from users before processing their data. For instance, WhatsApp cannot share user data with third parties without obtaining user approval.
    • Right to Rectification and Erasure: Individuals can request corrections or deletion of their personal data. For example, users can ask Google to delete old browsing records.
  • Establishment of a Data Protection Board: The Act introduces a Data Protection Board to oversee enforcement and resolve grievances:
    • Grievance Redressal: Individuals can approach the Board if their data rights are violated, such as in cases of data leaks. The Board ensures timely and effective resolution, strengthening trust in the system.
    • Autonomy: Modeled after the Data Protection Authority (DPA) in the UK, the Board operates independently to impose penalties, monitor compliance, and uphold the principles of the Act.
    • Cross-Border Data Transfers: The Digital Personal Data Protection (DPDP) Act, 2023 permits cross-border data transfers to countries with adequate safeguards, aligning with global frameworks like the GDPR. 

Responsibilities of Data Fiduciaries and Penalties for Violations 

The Digital Personal Data Protection (DPDP) Act, 2023 sets out clear responsibilities for Data Fiduciaries to ensure ethical and secure handling of personal data. These obligations are complemented by stringent penalties for non-compliance, making the Act a robust framework for data protection in India.

  • Obligations of Data Fiduciaries
    • Data Security: Data Fiduciaries are required to implement strong data protection measures to safeguard personal information.  
    • Purpose Limitation: Personal data must only be used for its intended purpose and nothing beyond. 
    • Retention Limits: Organizations are prohibited from retaining personal data longer than necessary. This principle aligns with global standards like the General Data Protection Regulation (GDPR).
  • Penalties for Non-Compliance: To ensure accountability, the Digital Personal Data Protection (DPDP) Act, 2023 imposes strict penalties on Data Fiduciaries that fail to meet their obligations:
    • Financial Fines: Serious violations can attract fines of up to ₹250 crore, this serves as a deterrent against lax data practices.
    • Graded Penalties: Lesser violations incur proportionate fines on a sliding scale to ensure fairness in enforcement while encouraging corrective measures for minor infractions.
  • Exemptions: The Act enforces strict compliance, it provides certain exemptions to balance privacy with operational needs:
    • Public Interest: Government agencies can process data without consent in matters of national security, public safety, or health emergencies. 
    • Small Businesses: Startups and small enterprises, particularly in rural areas, are granted exemptions to reduce compliance costs. This encourages digital innovation in emerging sectors without undue regulatory burdens.

Impact on Social Media and Minors

The Digital Personal Data Protection (DPDP) Act, 2023 brings significant changes to the way social media platforms handle data, particularly concerning minors. These provisions aim to ensure greater accountability for social media companies.

  • Parental Consent for Minors: The Act mandates verifiable parental consent before processing the personal data of minors under the age of 18. To comply, social media platforms must:
    • Validate the identity and age of the parent through voluntarily submitted identity proof.
    • Ensure the person identifying as the parent is an adult and legally authorized to provide consent.
  • Data Fiduciary Liability: Social media platforms are held responsible for verifying the authenticity of the individuals claiming to be guardians of minors. This creates a legal obligation for platforms to adopt stringent verification mechanisms to prevent misuse or fraudulent claims.
  • Data Deletion Requirements: The Act introduces data retention limits for social media platforms. Inactive user data must be deleted after three years to reduce the risk of misuse or breaches involving outdated information. This provision aligns with global best practices and encourages responsible data management.
  • Reporting of Data Breaches: To enhance transparency and accountability, the Act requires data breaches to be reported within 72 hours

Way Forward for DPDP Act

The Digital Personal Data Protection (DPDP) Act, 2023 marks a significant milestone in India’s journey toward establishing a robust framework for data privacy and security. The effective implementation and evolution of the Act require a clear roadmap. 

  • Strengthen Awareness and Compliance: The government and organizations must prioritize educating individuals and businesses about their rights and responsibilities under the Act. 
  • Enhance Technological Infrastructure: Investment in secure data storage and advanced technologies is essential to meet the Act’s requirements. Innovations in AI and encryption can further bolster data protection frameworks.
  • Establish Global Collaboration: By aligning with international data privacy standards and facilitating cross-border partnerships, India can strengthen its digital economy while maintaining stringent safeguards for personal data.

Explore our Books: https://apnipathshala.com/product-category/books/

Explore Our test Series: https://tests.apnipathshala.com/

Share Now

Share Now ➤

Do you need any information related to Apni Pathshala Courses, RNA PDF, Current Affairs, Test Series and Books? Our expert counselor team will not only help you solve your problems but will also guide you in creating a personalized study plan, managing time and reducing exam stress.

Strengthen your preparation and achieve your dreams with Apni Pathshala. Contact our expert team today and start your journey to success.

📞 +91 7878158882

हमारे काउंसलर से बात करें

Related Posts

Telegram Youtube Facebook X-twitter Instagram

About Us

Apni Pathshala” is an online educational platform and career portal. This is a venture of Avasthi Consultancy, Alwar.

The web portal Ankit Avasthi is a leading educational portal endowing aspirants of India with high quality, valuable, relevant and meaningful content for Current Affairs and General Knowledge.

Quick Links

Menu

Contact Us

Youtube Telegram X-twitter Instagram
Menu
Scroll to Top

Menu

Menu
Facebook Twitter Youtube