Vijay Kumar Verma, Research Scholar, Teerthanker Mahaveer University, Moradabad, Uttar Pradesh, India, and Dr. Radhey Shyam Jha, Professor, Uttaranchal University, Dehradun, Uttarakhand, India.
ABSTRACT
The Digital Personal Data Protection Act of 2023 marks a significant milestone in India’s evolving data governance framework, aiming to strike a balance between the fundamental right to privacy and the legitimate need for data processing in a digital economy. The Act, enacted in August 2023, establishes a comprehensive legal regime governing the collection, storage, processing, and transfer of digital personal data by introducing key concepts such as “data principal,” “data fiduciary,” and a consent-based processing mechanism, emphasizing individual autonomy over personal data. It grants individuals rights such as access to information, data correction and erasure, grievance redressal, and the ability to withdraw consent, while also requiring data fiduciaries to ensure lawful processing, data security, and breach notification, with significant penalties for noncompliance. Despite its progressive goal, the Act has faced criticism due to worries about extensive exemptions offered to government agencies, the Data Protection Board’s limited independence, and the potential erosion of openness rules. This study critically examines the structural framework, key provisions, and implications of the Act, highlighting both its strengths in enhancing data protection and its limitations in ensuring robust accountability. It also evaluates it in light of global standards such as the GDPR, emphasizing the need for stronger safeguards, clearer regulatory mechanisms, and effective enforcement to ensure meaningful data privacy protection in India’s rapidly digitizing society.
Keywords: Digital Personal Data Protection Act, 2023; Data Privacy; Data Protection; Consent; Data Fiduciary; Data Principal; Right to Privacy; Cyber Law; India; Data Governance; Information Technology Law
