………………………….

Digital Personal Data Protection Act, 2023

Digital Personal Data Protection Act, 2023

Right to Privacy has been the integral right to every citizen of India given under the Constitution of India. Personal data has been the most sought-after data in recent years. The personal data such as our names, contact details, email ID, address etc. that we share on various platforms and applications are the confidential information that the respective platforms and applications should keep secured, however, in absence of any strict law, such data is being used or shared with other processors for various unwarranted reasons.

“Have you ever got a call from a Credit Card Service Provider or Loan Facilitator or Person impersonating as a Banker offering you Loan or Credit Card etc” If yes, then please be aware that your Personal Data has been leaked / Sold / Shared Without Your Consent by someone with whom you had shared such data consciously.

India had introduced Information Technology Act in Year 2000 which laid down foundation guidelines for Information Technology, Security Procedures, Data Sharing, Data Storage etc. With the advancement of technology usage in everyone’s day-today lives, there came the need for having a separate law which should specifically deal with the Personal Data and its related controls one should exercise

The Digital Personal Data Protection Act, 2023 has its roots from way back in Year 2019, when the first Draft Bill was introduced in Rajya Sabha. The same went into various discussions and iterations and later on re-introduced as Digital Personal Data Protection Bill 2022 which became the Law on 11th August 2023 after having assent of Honorable President of India.

The Digital Personal Data Protection Act, 2023 deals with various Personal Data related aspects which needs to be taken care of by the Data Fiduciary (One who is taking Personal Data from Individuals) or Data Processors (One who is processing Personal Data on behalf of Data Fiduciary).

The situation of sharing and processing of Personal Data is explained through an example below –

Mr. A (Individual) wants to create his account on an e-commerce website named XYZ Fashions (owned by company XYZ Pvt Ltd). For creating the account, the application asks Mr. A, his name, phone number, email, residential address.

XYZ Fashions creates the account of Mr. A in the application based on the information shared by him.

In the above transaction, following are the important guidelines under the Digital Personal Data Protection Act, 2023:

  • Data Principal: A owner of the personal data is called as ‘Data Principal’ who shares the same with XYZ Fashions.
  • Data Fiduciary: XYZ Fashions (owned by XYZ Pvt Ltd) is called as ‘Data Fiduciary’ who collects the data for a purpose i.e. opening and maintaining the account of Mr. A in its application.
  • Consent: Data Fiduciary is required to take a clear and unambiguous Consent from Data Principal, also required to give Important Information through a Notice.
  • Data Security Controls: XYZ Pvt Ltd is required to implement necessary security controls to ensure that Personal Data of Mr. A is kept secured.
  • Data Usage: XYZ Pvt Ltd is required to ensure that personal data of Mr. A is not used for any purpose other then creating and maintaining the account in the application. If it is required, then a separate consent is required to be taken from Mr. A.

Hefty Penalties upto Rs. 250 Crore have been laid down for non-compliance with the Provisions of this Act, thus, it is imperative for the Data Fiduciaries to implement the required control procedures and ensure compliance with the Act at all times.

 

This act is to be read and understood not only by Data Fiduciaries, but also by Data Principals. Data Principals should be aware about their Rights and Duties while sharing their Personal Data with anyone. Also, there are provisions through which Data Principals can withdraw their Consent or Request to Erase their Personal Data held by Data Fiduciaries.

Disclaimer: The information contained in this Article is intended solely for personal non-commercial use of the user who accepts full responsibility of its use. The information in the article is general in nature and should not be considered to be legal, tax, accounting, consulting or any other professional advice. We make no representation or warranty of any kind, express or implied regarding the accuracy, adequacy, reliability or completeness of any information on our page/article. 

To stay updated Subscribe to our newsletter today

Explore other Legal updates on the 1-Comply and follow us on LinkedIn to stay updated 

Schedule A Demo