A Critical Analysis Of The Issues And Practical Challenges In The Digital Personal Data Protection Act, 2023

Prakhar Dwivedi, Barkatullah University, Bhopal

Rohit Kumar Chaturvedi, Barkatullah University, Bhopal

ABSTRACT

India's first comprehensive legal framework for controlling the processing of personal data is the Digital Personal Data Protection Act, 2023 (DPDPA). The Act aims to create a consent-based data protection framework and was enacted following the Supreme Court's recognition of the right to privacy as a fundamental right in Justice K.S. Puttaswamy (Retd.) v. Union of India. This study contends that although the DPDPA represents a formal advancement, its ability to safeguard rights is undermined by significant and fundamental flaws by means of a doctrinal examination of important clauses, such as Sections 7, 8, 9, 17, 20, and 37. This paper shows that the Act increases the power of the executive to make decisions, weakens the independence of regulatory bodies, and gets rid of important protections for transparency, such as the public interest override that was possible under the Right to Information Act.

The State's extensive exemptions, the lack of impartial oversight of enforcement, and the unbridled authority to block digital platforms are all highlighted in particular. Based on constitutional principles and comparative frameworks like the General Data Protection Regulation (GDPR) of the European Union, the paper argues that the DPDPA does not meet the necessary, proportional, and accountable thresholds required by Indian constitutional jurisprudence. The report concludes by suggesting changes to the law that would restore democratic protections and bring India's data protection laws into compliance with international standards.

Keywords: Data privacy, Right to Information, Transparency, accountability, Data fiduciary, Public interest, etc.