Skip to content
Schedule a Call
Call Now

The DPDP Act 2023: Why We Needed a Data Privacy Law?

Article by Tsaaro

7 min read

Introduction

India has needed a standalone comprehensive privacy framework for the longest time. The wait is over now with the enactment of the Digital Personal Data Protection Act. The Right to privacy and formulation of privacy framework in the Indian context have evolved over a longer period and underwent several changes in contrast to other Jurisdictions. Indian Courts had a considerable role in reading the Rights as part of Article 21 of the Constitution of India. Now the legislature has also finally complemented the courts with a law that intends to balance the need for privacy protection with the importance of data processing.

Also, read DPDP v. GDPR.

Right to Privacy in India

The Courts in India developed and led the regime for privacy rights. The concept of the right to privacy in India being a fundamental right was initially opposed by the Supreme Court. There is no basic right to privacy, the Supreme Court of India declared in the 1962 case of Kharak Singh v. State of Uttar Pradesh ((1964) 1 SCR 332). Later, in Justice K.S. Puttaswamy (Retd.) vs. Union of India & Ors. Judgement (2017) 10 SCC, the Supreme Court of India reversed the 1962 decision. 1. The Puttaswamy ruling recognised the Indian Constitution’s Article 21’s Fundamental Right to Privacy.

Need for a Data Privacy Law in India

A remarkable amount of data is available in India. India is expected to have 1 billion smartphone users by 2026. By 2025, Approximately 1 billion individuals in India will have access to the Internet. India continues to be the main growth market for social media goliaths, who get their value from the data they collect. It boasts several domestic unicorns in the e-commerce, fintech, and edu-tech sectors.

The necessity to safeguard citizens’ private information and make data usage clear is urgent, given the rise of digital platforms. India consistently experiences one of the highest rates of data breaches, and both private and public websites are affected. Since 2004, there have reportedly been 962.7 million data items leaked, principally names and phone numbers, affecting an estimated 18 of every 100 Indians. A recent data breach exposed over 28 crore Indian citizens’ online EPFO (Employees’ Provident Fund Organisation) registration information. 

According to IBM’s 2023 report on the Cost of a Data Breach, the average total cost of a breach is now around 4.45 Million USD. Further, this cost even increases by USD 470,000 in cases where law enforcement was not involved. This reflects the importance of the State’s regulatory intervention and laws to sustain and facilitate the data-driven economy.

Tracing the History of this Act

Over a decade has passed as numerous drafts and committees have been formed to develop a comprehensive data protection law in India. The procedure began in 2011 when the Ministry of Personnel, Public Grievances, and Pensions started working on earlier drafts of a Privacy Bill. These early drafts covered parts of both data privacy and surveillance reform, but they didn’t move past this point. The release of a comprehensive study on global and domestic privacy standards by the Expert Committee on Privacy, headed by Justice A.P. Shah and working under the former Planning Commission, on 12th October 2012, marked a significant turning point in 2012

On 16 December 2021, the Joint Committee on the Personal Data Protection Bill 2019 released its findings after over two years and numerous extensions. A new version of the law known as “The Data Protection Bill, 2021” (DBP, 2021) was also included in the report.

Another twist came in formulating India’s Data privacy law when the IT minister announced the withdrawal of the 2021 Data Privacy Bill. The release of the Draft Digital Personal Data Protection Bill, 2022 (DPDPB, 2022), for public comment in November 2022 followed this

The 2023 version of this Bill was made public on 27th July 2023. Subsequent to that, it was introduced and approved in Both houses of the Indian Parliament by 9th August. This Bill was enacted into law on 12th August after it received Presidential Assent and got notified in the Gazette.

DPDP Act, 2023: A Step in the Right Direction?

The following aspects of this Act reflect how it is a good starting point for India to enter the privacy regulation realm:

Obligations of Data Fiduciaries:

Data fiduciaries are required to comply with the following obligations: (i) make reasonable efforts to ensure the accuracy and completeness of the data; (ii) put in place reasonable security safeguards to prevent a data breach; (iii) notify the Data Protection Board of India and any affected individuals in the event of a breach; and (iv) erase personal data as soon as the purpose has been achieved and retention is no longer required for legal purposes.  The Right of the data principal to erasure and storage restrictions does not extend to government organisations.

Rights and obligations of Data Principals:

The “data principal,” or the person whose data is being processed, possesses the following rights: (i) the right to access information about the processing; (ii) the right to delete personal data; (iii) the right to designate a substitute for themselves to exercise rights in the event of death or incapacity; and (iv) the right to grievance redressal. The obligations of data principals include refraining from: (i) filing a fictitious or baseless complaint; (ii) providing any false information; or (iii) impersonating another individual in certain circumstances. Duty violations are penalised by fines of up to INR 10,000.

Centralised Regulatory Authority: Data Protection Board of India

The effective execution of the Indian privacy framework depends on the Data Protection Board (DPB). It carries out a number of significant tasks, including as keeping track of how well data fiduciaries, consent managers, and intermediaries abide by local laws and enforcing penalties when they don’t. The DPB prioritises using digital processes while conducting investigations and making decisions. It adheres to the ideas of natural justice. According to the Code of Civil Procedure, 1908, it has authority comparable to a Civil Court.

Penalties:

The Act empowers the DPB to impose penalties based on its Schedule. The Bill imposes punishments for certain Data Fiduciaries’ transgressions. Failure to implement adequate security safeguards may result in a penalty of up to Rs. 250 crores if it breaches personal data. Failure to notify the Board and the impacted Data Principals of a violation and failure to comply with additional obligations about Children may result in a punishment of up to 200 Crores. Significant Data Fiduciaries may also be fined up to Rs. 150 crores for breaching their obligations. If Data Principals break Section 15’s rules, they might be fined up to Rs 10,000. Penalties under Section 32 apply to any voluntary commitment the Board has agreed to.

Also read DPDP Bill, 2023: What Changed from its 2022 Version.

Conclusion

The DPDP Act is a huge milestone in the Indian Data Privacy regime. After years of attempts and multiple drafts, Indian Citizens finally have a law that will protect their personal data from threats in cyberspace. This Act will also aid and facilitate the new age data-driven economy of India. The Role of the central regulatory authority, i.e., the Data Protection Board of India, is going to be crucial for the effective implementation of this Act. Legislative remedies for personal data breaches are now available to Indian citizens, allowing them to exercise their right to privacy without having to resort to the courts.

Stay updated with the developments in the privacy realm of multiple jurisdictions by getting in touch with Tsaaro. Our Team of dedicated professionals will aid in simplifying your compliance and fully prove the strategy as well. Contact us at info@tsaaro.com. 

1,120 thoughts on “The DPDP Act 2023: Why We Needed a Data Privacy Law?”

  372. hrgcefmch

    With better graphics and more advanced computers, poker enthusiasts are discovering the value of poker on the PS5. When playing real money video poker online, one of the best strategies is to shop around for the highest-paying game. The rules, paytables, and bonus rounds can vary slightly from one machine to another, significantly affecting the RTP. We now know that “OtB_RedBaron” is the PokerStars online handle belonging to Belgian poker pro Jonas Mols. According to Statname, Mols is up $1.7 million at PokerStars over the course of his career. Again though, that sample doesn’t represent all hands played by Mols at all stakes across all poker sites. Video poker isn’t the easiest casino game to play, but it does have one of the best odds of winning. The odds are different for each variation, and there are a lot of variations to choose from. Choosing the video poker games with the best odds will give you the best chances of winning. Believe it or not, picking the game with the best Return to Player ratio will ensure that, on average, you can expect to win more than you than lose, a quality that’s rare in casino games.
    https://dadosabertos.ufersa.edu.br/user/apeanruno1989
    After Night Falls is probably one of the best paying BetSoft slots not only because of the RTP of 97.2%, but also because of its great number of winning opportunities. The game features 5 reels, 30 paylines, moving and collapsing wilds, multiple free spins and last but not least, an appealing jackpot which hits frequently. The slots developer has given themselves the title of “The innovator and leader in true cinematic 3D gaming”, and we have to say its true. Their animators have brought the wooden boy back to life in the Pinocchio slot. The Dr Jekyll and Mr Hyde slot comes through a ferociously intense storyline that will have you examining your own inner monster. When it comes to 3D slot innovation, there really is no one that has the same experience and high-quality production that Betsoft does. If being immersed in the 3-dimensional games is your favorite kind of gaming, look no further than Betsoft.

Leave a Reply

Your email address will not be published. Required fields are marked *

Eu Ai act
First Rules of the EU AI Act Come into Effect: What Does it Mean?
Harmeet Singh

First Rules of the EU AI Act Come into Effect: What Does it Mean?

The evolving digital landscape in the 21st century have placed a challenge for governments and organizations as they attempt to …

March 7, 2025
Digital Personal Data Protection (DPDP) Act
Exemptions Under the Digital Personal Data Protection (DPDP) Act, 2023  
Harmeet Singh

Exemptions Under the Digital Personal Data Protection (DPDP) Act, 2023  

Introduction  The Digital Personal Data Protection (DPDP) Act, 2023, and the Digital Personal Data Protection Rules, 2025 establish a comprehensive …

February 27, 2025
cybersecurity,
WHAT DRIVES CYBERSECURITY: A COMPREHENSIVE OVERVIEW 
Harmeet Singh

WHAT DRIVES CYBERSECURITY: A COMPREHENSIVE OVERVIEW 

In today’s interconnected world, cybersecurity plays a crucial role in protecting our digital lives. From protecting personal data to safeguarding …

February 21, 2025
Transfer Impact Assessments
Understand Transfer Impact Assessments: Insights from CNIL’s Practical Guide 
Harmeet Singh

Understand Transfer Impact Assessments: Insights from CNIL’s Practical Guide 

Introduction  A Transfer Impact Assessment (TIA) is a critical evaluation conducted under the General Data Protection Regulation (GDPR) to assess …

February 20, 2025
Draft DPDP Rules
The DPDP Act, 2023 and the Draft DPDP Rules, 2025: What Do They Mean for India’s AI Start-Ups?
Harmeet Singh

The DPDP Act, 2023 and the Draft DPDP Rules, 2025: What Do They Mean for India’s AI Start-Ups?

Introduction The Digital Personal Data Protection Act (DPDPA), 2023 and the Draft DPDP Rules, 2025 have ushered in a new …

February 12, 2025
Recent Comments

SHARE THIS POST

Would you like to read regular updates from Tsaaro.
Subscribe to our newsletter

Our Latest Blogs

Read what the latest hapennings in the cyber world are and learn what the
experts have to say about them

© 2024 Tsaaro Consulting. All rights reserved.
Linkedin Instagram Youtube

About Tsaaro

Resources

Other Links

Tsaaro Netherlands Office

Regus Schiphol Rijk Beech Avenue 54-62, Het Poortgebouw, Amsterdam, 1119 PW, Netherlands

Tsaaro Pune Office

Tech Centre, Rajiv Gandhi Infotech Park, Hinjewadi, Pune, Maharashtra

Tsaaro Noida Office

302, Tower C, ATS Bouquet, Noida Sector – 132, Uttar Pradesh, India

Tsaaro Bengaluru Office I

Manyata, Embassy Business Park, Outer Ring Road, Bengaluru, Karnataka

Tsaaro Bengaluru Office II

Second State, CMH Road, Indiranagar, Bengaluru, Karnataka

Call Our Experts:

+91 95577 22103

small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png
small_c_popup.png

We’d love to help your organization achieve your Data Protection goals!

Schedule a complimentary consultation with our Team of Experts.