Digital Personal Data Protection Act, 2023

 In Justice K. S. Puttaswamy vs Union Of India (2017), On 24 August 2017 Supreme

court held that the Right to Privacy is a fundamental right protected under
Article 21
 Recommended by Justice B.N. Srikrishna Committee
 This is the first Act of the Parliament of India where "she/her" pronouns were
used unlike the usual "he/him" pronouns
 Personal data - the data by which a person may be identified
 Data Fiduciaries - is, persons, companies and government entities who process
data
Application
 The Bill will apply to the processing of digital personal data within India.
 It will also apply to the processing of personal data outside India, if it is for
offering goods or services or profiling individuals in India.

The Bill provides for following rights to the individuals:

 The right to access information about personal data processed;
 The right to correction and erasure of data;
 The right to grievance redressal; and
 The right to nominate a person to exercise rights in case of death or incapacity.

Obligations on the data fiduciary:

 To have security safeguards to prevent personal data breach;
 To intimate personal data breaches to the affected Data Principal and the Data
Protection Board;
 To erase personal data when it is no longer needed for the specified purpose;
 To erase personal data upon withdrawal of consent;
 To have in place grievance redressal system and an officer to respond to
queries from Data Principals;
 To fulfill certain additional obligations in respect of Data Fiduciaries notified as
Significant Data Fiduciaries, such as appointing a data auditor and conducting
periodic Data Protection Impact Assessment to ensure higher degree of data
protection.

Personal data of children also.

 The Bill allows a Data Fiduciary to process the personal data of children only
with parental consent.
 The Bill does not permit processing which is detrimental to well-being of
children or involves their tracking, behavioural monitoring or targeted
advertising.
Data Protection Board
 To give directions for remediating or mitigating data breaches;
 To inquire into data breaches and complaints and impose financial penalties;
 To refer complaints for Alternate Dispute Resolution and to accept Voluntary
Undertakings from Data Fiduciaries;
 To advise the Government to block the website, app etc. of a Data Fiduciary who
is found to repeatedly breach the provisions of the Bill.
Exemptions
 Prevention and investigation of offences
 Enforcement of legal rights or claims.
 Processing by government entities in the interest of the security of the state and
public order, and
 Research, archiving, or statistical purposes

Penalty
 Rs 200 crore for non-fulfilment of obligations for children,
 Rs 250 crore for failure to take security measures to prevent data breaches