Skip to content

DPDP Bill 2023 Approved by the Union Cabinet: What’s Next?

Article by Tsaaro

7 min read

Introduction    

The new Digital Personal Data Protection Bill (DPDP Bill) aims to protect the personal information of Indian customers, major corporations, and consumers.    

The law proposes increasing accountability and responsibility for gathering, storing, and processing citizen data as part of the “Right to Privacy” by organizations, including internet service providers, mobile applications, and corporate houses.    

Once passed, several governmental and private organizations will require user consent before collecting and processing users’ data. As a result, each customer’s right to privacy will be cherished more highly than before, and their data will be better protected.    

This bill was approved in the Union Cabinet on 6th July, and as per sources, it will be introduced in the parliament for tabling in the upcoming monsoon session. In this blog, we will be discussing what will be the further steps in the process of getting approval from the parliament and what could possibly happen.     

The Digital Personal Data Protection Bill, 2022  

The current DPDP bill has been in the works for over five years. Following the Landmark Judgement of Justice K. S. Puttaswamy (Retd.) vs Union of India, holding that the Right to Privacy is a fundamental right, in 2017, a committee of experts, headed by Justice B. N. Krishna (retired Judge of the Supreme Court), to report on the issues of Data Privacy in India. Subsequently, in July 2018, the committee compiled and submitted its Report, which laid the foundation for the Personal Data Protection Bill 2019 (PDP Bill). However, the PDP bill has been through several iterations in the Parliament and faced major backlashes from large entities and stakeholders, resulting in the scrapping of the bill in August 2022. Mr. Ashwini Vaishnaw, the then Minister of Railways and Communications, claimed that it would be easier to introduce a new bill to incorporate all the proposed changes. This resulted in releasing the new Digital Personal Data Protection Bill in November 2022 for Public Consultation, which has now been approved for tabling in the upcoming Monsoon Session.  

Tabling in the Parliament    

Now that the union cabinet has approved the bill, it will be tabled in Parliament in the upcoming monsoon session scheduled to be held from July 20 to August 11. The draft was prepared considering the 21,666 suggestions received, and the bill proposes to fine up to 250 Cr on entities for violation of the norms of the bill.    

The bill will be introduced in the parliament, i.e., the Lok Sabha and the Rajya Sabha, by the ministers representing the Central Government. The first reading of the bill is most likely done by Mr. Ashwini Vaishav, the cabinet minister of the Ministry of Electronics and Information Technology, and no discussions shall take place at this stage; following this, the bill shall be published in the gazette.    

After the second reading, where the bill is circulated among all the MPs following debates and discussions about concerns, the bill will be referred to a parliamentary committee for detailed examination, and the MPs of other parties can gather their perspectives and make amendments but not change the underlying principles of the bill. The report of the committee’s findings and recommendations will be considered clause by clause.    

In the third reading, no more amendments can be made; the bill will either be rejected or accepted as a whole through voting and passed on to another house if the majority has voted for it. In the second house, the bill will go through the three stages again and be sent back to the first house for consideration of any amendments made.     

Presidential Assent   

The President’s assent holds significant constitutional importance. Just like every other bill, the DPDP bill will be presented to the President for his assent after the bill has been passed in both houses of the Parliament. This is also the most crucial stage in the legislative process for the bill to become law in India.    

The President can accept for it to become a law or reject the bill as a whole, and it ends there or send the bill back to the parliament for reconsideration. The houses shall reconsider the bill, may or may not make amendments, and send it back to the president for his assent. The President may consult legal and constitutional experts and seek advice from the Council of Ministers before making a decision.       

Gazette Notification   

The DPDP Bill would be delivered to the Ministry of Law and Justice for gazette notification after receiving the President’s approval. The Ministry draughts a formal notification that includes the complete wording of the passed legislation. The Indian Official Gazette is then updated with this notification. The gazette notification holds significance and importance as it is the official announcement of the enacted bill. Providing legal validity and notice to the concerned stakeholders, including government agencies, organizations, and individuals. Once the bill is notified in the gazette, it becomes a binding law that can be enforced.    

Implementation of the Bill  

While the Presidential Assent and the formal announcement of the Bill through the Gazette marks the passing of the Bill into an Act, the effect of the Act may only occur later. Sometimes, the act itself may specify a particular date for when it will occur. The rationale is to allow those affected to implement changes specified under an Act. Considering the stringent regulations and heavy penalties on regulated entities under the new DPDP Bill, it is likely that after the passing of the Bill, it would come into effect later to provide the regulated entities with sufficient time to become compliant with the new Act. Once the Act comes into effect on the date specified, it will be a binding law on all regulated entities.     

Conclusion  

After nearly six years of development, the highly anticipated Data Protection Bill has again made its rounds into the Parliament. This is undoubtedly a big step to ensure Data Protection in India. However, while the approval by the Union Cabinet and tabling for the Monsoon Session is worth celebrating, the Bill will still have to undergo several legislative procedures before finally becoming an Act in India. Under these legislative procedures, the DPDP bill is likely to raise several concerns and oppositions, which could hinder the passing of the Bill. In addition, should the bill be passed, it may only come into effect later. Therefore, while the approval of the DPDP bill is indeed a big step for Data Protection in India, several steps still need to be taken before the Bill can become the First dedicated Data Protection Act of India. Take the first step towards a secure your organization’s data by scheduling a call with our privacy expert team at Tsaaro Solutions today.

4 thoughts on “DPDP Bill 2023 Approved by the Union Cabinet: What’s Next?”

Comments are closed.

Tsaaro Consulting

Introduction The Digital Personal Data Protection Act (DPDPA), 2023 and the Draft DPDP Rules, 2025 have ushered in a new …

Tsaaro Consulting

Introduction  The Digital Personal Data Protection Act, 2023 (DPDPA), along with the Draft Digital Personal Data Protection Rules, 2025 (DPDP …

Tsaaro Consulting

Introduction  Singapore’s Personal Data Protection Act (PDPA) is the cornerstone of the country’s data protection framework, ensuring that organizations manage …

Tsaaro Consulting

“It was invigorating to have a new competitor… DeepSeek’s model is impressive, particularly around what they’re able to deliver for …

Tsaaro Consulting

Introduction The Digital Personal Data Protection Act 2023 (DPDP Act) provides that consent is a prerequisite to process the personal …

Recent Comments

SHARE THIS POST

Would you like to read regular updates from Tsaaro.
Subscribe to our newsletter

Our Latest Blogs

Read what the latest hapennings in the cyber world are and learn what the
experts have to say about them

Call Our Experts:

+91 95577 22103

small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png

We’d love to help your organization achieve your Data Protection goals!

Schedule a complimentary consultation with our Team of Experts.