The DPDP 2023 Act represents a significant step towards data privacy protection in India
Privacy is a fundamental right that establishes boundaries to protect against interference, allowing us to define ourselves and interact with the world. Privacy is vital in the modern world to protect against arbitrary power use.
India welcomes DPDP 2023, a comprehensive and transparent data privacy act that, aims to safeguard data privacy and autonomy in a digitally evolving society. Privacy in India has historical roots, with early mentions in texts like “Hitopadesha” in the 8th century. However, India has yet to fully embrace privacy principles due to its socially oriented nature and adherence to traditions. Privacy is not just a technical issue but a psychological one, tied to societal attitudes.
The DPDP 2023 Act is designed to create a cross-sectoral legal framework for data protection. It covers private companies, government entities, and individuals processing data across various sectors. The law aims to regulate data collection, processing, and storage. Concerns arise regarding data protection, especially in financial institutions. Data protection laws require organisations to ensure compliance, with potential penalties for failure. India, among other countries, is looking to align with GDPR principles.
That Act has come at a very interesting time when we are seeing the faster trend of technology, which moves much faster than regulation, and implementing regulation effectively and speedily is a challenge. Take the case of the growth of digital transactions through UPI in India. Similarly, generative AI ChatGPT, Bard, etc. have already made similar laws and regulations obsolete or incomplete in parts of the world.
The data-driven economy’s growth raises concerns about data handling and protection. The act will now push organisations to adapt business models and practices to comply with data protection laws. Personally, I am happy to see measures around the personal data processing of children, especially guiding data fiduciaries to not track or undertake behavioural monitoring or advertising to secure their digital privacy.
The Act certainly raises challenges, including the need for individuals to understand the data they’re sharing. But it is essential to bridge the gap between data fiduciaries and data principals to ensure informed consent and protect privacy rights. The worry arises that data principals may not comprehend their data’s consequences or recall consent. Data fiduciaries, who have profited from data, need regulations to ensure fairness and control over data usage.
The importance of data protection ties into India’s economic objectives, like financial inclusion. As India becomes more digitised, businesses shift to data-driven models, emphasising the need for robust data protection measures, and the DPDP Act 2023 complements the need to have such an act.
However, implementing a comprehensive data protection framework in compliance with the DPDP Act would pose various challenges:
1. Technological Upgrade: Organisations may need to invest in technology and infrastructure to ensure compliance with data protection standards.
2. Cross-Border Data Flow: Balancing data protection with cross-border data flows, especially for global companies, might require negotiations and agreements with other countries.
3. Regulatory Complexity: Ensuring compliance with the Act’s provisions and coordinating with the Data Protection Authority could be complex, especially for organisations operating across different sectors.
4. Public Awareness & Education: There may be a need for public awareness campaigns to educate individuals about their data protection rights and how to exercise them.
5. Data breach handling: Establishing protocols for reporting and responding to data breaches would be essential to maintaining the security and integrity of personal data.
Chief Industry Relations & Regulatory Officer – India,
Discover Financial Services
While the DPDP 2023 Act has touched on every possible avenue to address the need for data protection, the biggest worry is about the source of the data, the Data Principal herself. That poor person is not even aware that something is being designed to protect her interest in privacy. While the Act has every provision from identification of data to penalization for the data breach, where is the provision to let the person know why he or she needs to exercise their right to privacy before giving consent? Therefore, to ensure a successful data privacy regime, it’s crucial to consider the common man’s perspective. India’s progress depends on safeguarding data sovereignty, and data-driven economies require stringent data protection.
Overall, the DPDP 2023 Act represents a significant step towards data privacy protection in India, addressing concerns surrounding data usage, consent, and protection. Data protection is pivotal in an increasingly digital world and essential for the nation’s progress.
