Legal Analysis of the Digital Personal Data Protection Act 2023,

in Light of Article 21 of The Indian Constitution

Pravin V. Rodge 1

“The right to privacy is protected as an intrinsic or original part of the right to life and
personal liberty under Article 21 and as a part of the freedoms guaranteed under Part III of the
Constitution...”

Need of the Study :

Privacy rights help to maintain social boundaries. Everyone has the right to live with
dignity. Therefore the personal data and information shall remain protected.
There is a moral value of privacy that stems from being a shield to protect the individual
against scrutiny, prejudice, pressure, exploitation, and judgment of others. So, by enabling
individuals to have freedom and independence, the importance of privacy is clearly manifested.

Problems in Research:-
Whether the Personal Digital Data Protection Act is completely satisfying in nature and
absolute as far as the protection of privacy of personal data of citizens.

Objectives: -
The objective of the study is to the analysis of Article 21 with respect to the Digital
Personal Data Protection Act 2023 and whether it is competent to protect personal rights.

Hypothesis:-
H1:- The right to Privacy is one such right that has gone into existence in the wake of stretching
out the extent of Article 21.

H2:- The Personal Digital Data Protection Act, 2023 is having control over/restricting access to
one's personal information.
Keywords:-
Personal Digital Data Protection Act, 2023, Privacy, Article 21...

1
Pravin V. Rodge- Researcher, LLB III Years 5th Sem. Dr. PDCL, Amravati

1
INTRODUCTION:-
The Digital Personal Data Protection Act, 2023 (DPDP) is a law that aims to regulate and
protect the collection, use, storage, and sharing of personal information of individuals stored in
digital form. The act is also applicable to cases where data is collected in non-digital form and
subsequently digitized. With the rise of technology and the internet, personal data is more
vulnerable than ever before. The act comes at a time when cybercrime and data breaches are on
the rise and there is a growing concern among the public about the use of personal data by
companies and government. The act provides guidelines for how data should be collected, stored,
and processed to ensure it is done securely and with the explicit consent of the
individual. The act is essential in safeguarding individual privacy and preventing data breaches,
which could have devastating consequences for individuals and businesses alike.
It is popularly said, “Data is the new oil”. If we want to get into the genesis of this
statement, we need to go back in time, when mineral oil was the most lucrative commodity and
almost every nation was running for it. Data has replaced oil to become the most valuable
commodity in the 21st century. This is evident from the fact that 5 of the most valuable companies
in the world, namely, Amazon, Google, Apple, Microsoft, and Facebook belong to the data sector.
Data can be broadly classified into public data and personal data. Public data is that which
is accessible to the public at large, such as Court records, birth records, death records, and basic
company details. On the other hand, private data is personal to an individual/ organization and
cannot freely be disseminated by anybody without the prior permission of the subject. It includes
financial details, family details, browsing details, preferences, psychological characteristics,
locations and travel history, behavior, abilities, photographs, aptitudes, and the like. It could also
be a combination of these features or even inferences drawn from the refined data.
At the moment, India does not have specific legislation enacted primarily for data
protection. India’s regulatory mechanism for data protection and privacy is the Information
Technology Act, 2000 (“the IT Act”) and its corresponding Information Technology (Reasonable
Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“the
IT Rules”).2
In addition to this, personal data is also protected under Article 21 of the Indian Constitution
which guarantees to every citizen, the Right to Privacy as a fundamental right. The Supreme Court
has held in a number of cases that information about a person and the right to access that
information by that person is also covered within the ambit of the right to privacy.

2
https://www.lexology.com/library/Dr Mohan Dewan/Personal Data Protection Laws in India

2
CASE LAWS :-
K.S. Puttaswamy V/S Union Of India
In the year 2015, Justice K.S. Puttaswamy3, a retired judge of the Hon’ble High Court of
Karnataka filed a petition before the Hon’ble Supreme Court of India challenging the
constitutional validity of the Aadhar Card Scheme for infringing the privacy of an individual. A 9-
judge bench of the Hon’ble Supreme Court vide Judgement dated 24.08.2017 unanimously
recognized the right to privacy as a fundamental right under Article 21 of the Constitution of
India.
The bench also recognized the need for legislation protecting individual privacy and hence
the Sri Krishna committee chaired by Justice B.N. Srikrishna was constituted in 2017. The
committee presented the draft Personal Data Protection Bill, 2018 to the Ministry of Electronics
and Information Technology (MeitY) which was further amended to draft the Personal Data
Protection Bill, 2019.
The draft bill when presented before the Joint Parliamentary Committee (JPC) for their
input was further amended and a new draft Personal Data Protection Bill, 2021 was recommended
in the form of a report. On August 03, 2023, Digital Personal Data Protection Bill, 2023 was
introduced in Lok Sabha. The bill was passed by Lok Sabha on August 07, 2023, and Rajya
Sabha on August 07, 2023.
The bill received the President’s assent on August 11, 2023, and thereafter published in the
official gazette.
Prior to the DPDP Act, 2023; digital data was governed by Sensitive Personal Data or
Information (SPDI) Rules. SPDI Rules are a set of regulations under Information Technology
(Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules,
2011 issued by MeitY.
Section 43-A which was inserted by Information Technology (Amendment) Act, 2008 and
provided for compensation for negligence in implementing and maintaining SPDI rules stands
omitted by Clause 44 (2) (a) of the DPDP Act, 2023.

SPECIAL PROVISION FOR THE PROTECTION OF CHILDREN

It is assumed that children are more vulnerable to crimes and hence to protect children and
provide them with a safe and secure environment promoting growth and development, the act
requires the data fiduciary to obtain consent from the parent of such child or lawful guardian of a
disabled person before processing any information relating to a child (below the age of 18). Data
3
Writ Petition (C) No. 494 SC 2012 https://indiankanoon.org/doc/127517806
https://main.sci.gov.in/supremecourt/2012/35071/35071_2012_Judgement_26-Sep-2018.pdf

3
Fiduciaries are not allowed to process any such information about a child that may have a
negative effect on the child's well-being.4

JURISDICTION AND SCOPE

The DPDP Act not only applies to the processing of digital personal data within India but
also applies to any data processing outside India if the data pertains to a Data Principal within
India. The DPDP Act applies to all organizations, whether they are based in India or not, that
collect and process personal data of Indian residents. The DPDP Act further empowers the Central
Government to restrict the transfer of personal data outside India for processing.
The DPDP Act applies to all organizations that process personal data, including
Government Agencies, Businesses, and Non-Profit organizations.

CONCLUSION:-
The Digital Personal Data Protection Act 2023 is a positive step taken by the Indian
Government toward the protection of the personal data of individuals available online and to
ensure that the personal data held by businesses is appropriately safeguarded to prevent any data
breaches. Viz-viz, the right to privacy embedded under Article 21 is also protected.
The Act would evolve in phases. More clarity would come once the Central Government
releases Rules under the Act.

4
https://www.latestlaws.com/articles/digital-personal-data-protection-act-2023-an-overview/