What is the Digital Personal Data Protection Bill 2023?

New Delhi: On Thursday, the Digital Personal Data Protection Bill (DPDPB) 2023 was introduced in the Lok Sabha. 

The Opposition requested that the bill be referred to a standing committee for further review. However, after a voice vote, it was accepted for consideration, allowing for discussions in the house. Here are some important highlights of the bill that will be included.

Key Highlights of the Digital Personal Data Protection Bill 2023:

1. Addressing India’s Unique Needs: The DPDP Act has been designed to cater specifically to India’s requirements and challenges while aligning with the European Union’s General Data Protection Regulation (GDPR). Grant Thornton Bharat’s Garkel notes the Act’s thoughtful tailoring to suit India’s context.

2. Swift Grievance Resolution: The bill sets clear deadlines for the Data Protection Boards and the Appellate Tribunals, inspiring hope for expeditious grievance resolution, according to Garkel.

3. Inclusivity: The Act aims to be inclusive by allowing access to personal data in English and 22 regional languages, ensuring that even the less privileged, illiterate, and vulnerable can benefit, as highlighted by Garkel.

4. Embracing Digital: The Act introduces digital operations and techno-legal measures for Data Protection Boards, removing geographical and logistical barriers for complainants and authorities. This infusion of technology streamlines processes and reduces human intervention for more effective complaint handling.

5. Industry-Friendly: The DPDPB is being hailed as a minimally disruptive law, aligning sectoral laws with data processing outside India for Indian subjects. It retains the “opt-out” right rather than following international “Opt-In” standards, as explained by Balasubramanian from Agama Law Associates.

6. User-Friendly: The bill employs illustrations and examples to provide clarity on its provisions, drawing parallels with the Indian Contract Act and IPC, making it more accessible to the public, according to experts.

7. Children’s Data Protection: The Act includes special provisions for protecting children’s personal data. Data fiduciaries are guided not to track or undertake behavioral monitoring or advertising, ensuring digital privacy for children.

Challenges and Misses of the Digital Personal Data Protection Bill 2023:

1. Absence of Distinction: Unlike earlier drafts, the bill lacks a clear distinction between non-sensitive and sensitive personal data, a point highlighted by experts.

2. Vague Areas: The bill leaves some crucial aspects unaddressed, deferring rule formulation for later stages. This includes a “blacklist” mechanism that could impact data transfers to foreign countries, as mentioned by Vikramjeet Singh from BTG Legal.

3. Increased State Power: The bill grants exemptions to the Government and delegates numerous powers to the Executive through Rules, which deviates from global data protection norms, as pointed out by Software Freedom Law Center’s Choudhary.

As the bill proceeds to discussions in the house, its merits and shortcomings will be thoroughly examined, considering the potential implications it may have on India’s data protection landscape.