Prof Niraj Dubey
India, the most populous country in the world with more than 1.4 billion people, is the largest democratic country to pass a comprehensive personal data protection law – The Digital Personal Data Protection Act, 2023 (DPDP Act) was formally passed in August 2023 after being reworked several times since 2018. The long-awaited implementation of such act in India is one step closer to reality with the MHA – India approval. Once implemented, the Act will empower consumers with greater control over their data while fostering a robust data protection framework for the country. The Ministry of Electronics & Information Technology (MEITY) is now set to release the draft rules for public consultation, setting the stage for their eventful notification and phased implementation. The new law marks a seminal moment in the nation’s legislative landscape, establishing a comprehensive framework that serves to protect the personal data of its citizens. Given the Act’s all-encompassing scope, it promises to bring about significant changes in how organisations handle, process, and safeguard personal data.An Act to provide for the processing of digital personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto.Framed with simplicity and clarity, the rules are designed to empower citizens in a rapidly growing digital economy. They seek to protect citizens’ rights in accordance with the DPDP Act, while achieving the right balance between regulation and innovation, so that the benefits of India’s growing innovation ecosystem are available to all citizens and India’s digital economy. They also address specific challenges like unauthorised commercial use of data, digital harms and personal data breaches.With the rapid proliferation of smartphones, cheap internet connectivity, and a significant young digital native population, Indian society has witnessed widespread digitalization. This exponential growth of digital interactions and transactions has created a large digital trail of users. It is crucial to safeguard this digitally generated consumer Personal Identifiable Information (PII). Under theDPDP Act, the Data Fiduciaries may process personal data based on consent from data principles which is required to be:free, specific, informed, unconditional, and unambiguous, provided through clear affirmative action, and limited to the personal data that is necessary for the specified purpose.
The basic key features of the new rules:
User Control:’ Individuals gain enhanced control over their personal data, including:’
a) Right to Access: Easily access their personal data held by companies.
b) Right to Correction: Correct any inaccuracies in their personal data.
c) Right to Erasure: Request the deletion of their personal data under certain circumstances.
d) Right to Data Portability: Transfer their personal data between different service providers.
Full Proof Data Security:
Stronger Security Measures: Companies are mandated to implement robust security measures to protect personal data from unauthorized access, breaches, and misuse.
Data Breach Notifications: Companies are required to promptly notify individuals and authorities in case of any data breaches.
Focus on Children’s Privacy:
‘Parental Consent Feature:- Stricter rules for collecting data from children, requiring verifiable parental consent before allowing children to create online accounts.
Accountability for Companies:
Data Protection Officers: Companies are required to appoint Data Protection Officers to oversee data protection compliance.
Penalties for Violations: Significant penalties are imposed on companies that violate the rules, including hefty fines and potential legal action.
Major Benefits of the New Rules:
Enhanced Privacy: Protects individual Privacy by giving them greater control over their personal data by using latest cryptographic mechanism.
Increased Trust: Builds trust between individuals and businesses by ensuring responsible data handling practices.
Stimulates Innovation: Fosters a more secure and predictable data environment, encouraging innovation in the digital economy.
Protects National Security: Helps safeguard national security by ensuring responsible data sharing with government agencies.
The Future Course of Action:
The successful implementation of these rules will require collaboration between the government, businesses, and individuals. Continuous monitoring, adaptation, and enforcement will be crucial to ensure the effective protection of personal data in the rapidly changing era of Cyber Security Ecosystem under the digital age.
(The author is Cyber Security Warrior – J&K-UT)
Follow our WhatsApp channel
