Q10. Describe the context and salient features of the Digital Personal Data Protection Act, 2023.

Approach

Introduction

The Digital Personal Data Protection Act, 2023, marks a critical development in India's data protection framework, aimed at safeguarding the privacy and personal data of individuals while promoting innovation and economic growth. Originating from the 2017 Justice Srikrishna Committee's recommendations, the Act reflects years of consultations and revisions to address growing concerns around data security.

Body

Salient Features:

  • Applicability: The Act applies to digital personal data processed in India, whether collected online or offline and subsequently digitized, and also extends to entities outside India if they provide goods or services to individuals in India.
  • Data Principal and Data Fiduciary: The individual whose data is processed is the "Data Principal," while the entity controlling the data processing is the "Data Fiduciary."
  • Consent Based Processing: Processing personal data requires explicit and informed consent, which can be withdrawn by the Data Principal.
  • Rights of Data Principals: The Act provides rights such as data access, correction, and erasure, along with the right to be forgotten, ensuring user autonomy.
  • Obligations of Data Fiduciaries: Fiduciaries must implement robust security measures and ensure transparency in data processing, with severe penalties for noncompliance, including fines up to Rs 250 crore for security breaches.
  • Security Related Measures: Cross Border data transfers are allowed with adequate safeguards, while stringent penalties exist for data breaches. Entities must adopt industry standard security measures.
  • Data Protection Board: A dedicated Data Protection Board of India will handle compliance, grievances, and enforcement, with power to impose penalties.
  • Exemptions: Government agencies may be exempt from certain provisions for reasons like national security or public order.

The Digital Personal Data Protection Act, of 2023 has been widely praised for its efforts to regulate data privacy in India, but it has also faced some criticisms:

  • Exemptions for Government Agencies: The Act allows broad exemptions for government bodies, raising concerns over potential misuse and privacy violations.
  • No Data Localization Requirement: The Act lacks strict data localization mandates, sparking concerns about data sovereignty and security.

Conclusion

Nevertheless, the Digital Personal Data Protection Act, 2023, strikes a balance between protecting personal privacy and promoting a digital economy. As India implements this Act, both businesses and individuals must stay vigilant to ensure compliance, fostering a secure digital ecosystem.

Instant Mains Evaluation with SuperKalam

✅ Now that you have gone through the model answer, try practicing and writing it in your own words and evaluate it instantly with SuperKalam here - Evaluate Mains Answer instantly

Download Model Answer PDF for complete UPSC Mains 2024 GS3 Paper with analysis here - Download GS3 Model Answers