The Digital Personal Data Protection Act, 2023: A Critical Assessment

Preksha Nagpal, Rajiv Gandhi National University of Law, Punjab

ABSTRACT

The Digital Personal Data Protection Act, 2023: A Critical Assessment examines and analyses the recent legislation passed by the Government of India on August 11, 2023. The act has been ordained after the Supreme Court laid guidelines for data protection in the landmark case of Justice K.S. Puttaswamy and Anr. v. Union of India & Ors. The act got passed after various discussions, public consultations, meetings held by Joint Parliamentary Committee and Standing Committee to incorporate the needs of citizens, companies and the government. This Legislative Comment deals with the provisions of the Act and analyses it by pointing the issues which can potentially harm the data security of data principal.

The Act’s key element is consent, it encapsules the provisions of giving of consent and withdrawal of consent provided that the consent is of legitimate uses such as license, benefits, permits, security of the nation etc., the word ‘legitimate uses’ is very unclear and is seemed as coerced consent. The act provides arbitrary and wide exemptions to the government on the ground of “instrumentality of the State” which leads to abuse of power and lack of accountability. Another significant issue in the Act is sending data to foreign countries which violates the individual’s fundamental right to privacy under Article 21 of the Constitution and could harm an individual’s data which can potentially fall into the wrong hands especially in countries which do not have their own legislation to govern data protection. The act also excludes right to portability and right to be forgotten.

Conclusively, the Act marks India’s dominance in taking lead towards protecting its citizen’s personal and sensitive data.