Digital Personal Data Protection Act, 2023

Background

The Digital Personal Data Protection Act, 2023 (DPDP Act) was passed by Parliament on August 9, 2023 and received Presidential assent on August 11, 2023. It is India’s first comprehensive data protection legislation, replacing the patchwork of rules under the IT Act, 2000.

Key Concepts

• Data Principal: The individual whose data is being processed
• Data Fiduciary: The entity that determines the purpose and means of data processing
• Significant Data Fiduciary: Large-scale processors designated by the Central Government with additional obligations (DPO appointment, data audits, DPIA)
• Consent Manager: Registered entity that manages consent on behalf of Data Principals

Constitutional Context

The right to privacy was declared a fundamental right under Article 21 by the Supreme Court in K.S. Puttaswamy v. Union of India (2017). The DPDP Act operationalises this right in the digital context.

UPSC Relevance

Prelims: Key provisions, Data Protection Board, penalties, exemptions Mains GS-2: Right to privacy, data governance, regulatory bodies Mains GS-3: Cybersecurity, IT regulation, digital economy