Data Protection Act

The Supreme Court on Monday issued a notice to the Centre on a plea challenging the constitutional validity of several provisions of the Digital Personal Data Protection (DPDP) Act, 2023. The plea, moved by The Reporters' Collective and renowned journalist Nitin Sethi, argues that the new data regime severely dilutes the Right to Information (RTI) Act and grants the Centre "sweeping powers" over personal data. A bench comprising Chief Justice Surya Kant and justices Joymalya Bagchi and Vipul M Pancholi, while agreeing to examine the legal complexities of the Act, refused to grant an interim stay on the impugned provisions. Representing the petitioners, advocate Vrinda Grover said that the Act lacks surgical precision in its attempt to protect privacy. "Instead of using a chisel, (the legislature) has used a hammer, and has thus rendered a body blow (to RTI), " the senior lawyer said. The petition said the DPDP Act creates a blanket bar on the disclosure of personal information, ..

The new DPDP rules will be introduced over the next 18 months to give organisations time to adapt to the guidelines.

India's DPDP rules have set a framework for a more accountable digital economy through clear consent standards, data safeguards, with the goal to arm individuals with greater control over their personal data in the world's fourth largest economy. Here is what it means for businesses and individuals: First things first. These subordinate rules to the principal legislation -- Digital Personal Data Protection Act -- spell out operational norms for entities in collection and handling of personal data, and protects the rights of individuals. In simple terms, 'data fiduciaries' refer to entities that decide the purpose and means of processing of individual's data while 'data principals' are individuals or users (of a particular service) to whom personal data belongs. Consent notice to individuals: Companies must give clear, plain-language notice seeking informed consent with itemised data description, processing purpose, complaint mechanisms, and easy consent withdrawal process where eas

Implementation planned in phases over 12-18 months

DPDP Act may also ask intermediaries to keep detailed meta data records

New data protection rules boost transparency, yet compliance gaps persist

The Act and the Rules refer to individual digital users as "data principals", and the Act is expected to offer individuals greater control over their personal information

The Ministry of Electronics and Information Technology has urged tech firms to adopt advanced methods for obtaining parental consent while allowing them to determine the best practices independently

Tech giants Google, Meta, YouTube, and Snap are concerned over India's new Digital Personal Data Protection Act's restrictions on behavioural tracking of children as they may compromise child safety

Drafting of rules under the data protection legislation is in advanced stage with industry-wide consultations slated soon, Union Minister Ashwini Vaishnaw said on Saturday, asserting that India will also look at doubling electronics production and adding jobs under the Modi 3.0 government. At the same time, the Minister for Electronics and IT assured that regulatory work will see "good continuity" and that the agenda on digital regulatory framework remains "intact". The timelines for semiconductor plants of Micron and Tata Group too are on track. The process of implementation of the Digital Personal Data Protection (DPDP) Act will be based on 'digital-by-design' principle, paving the way for a new way of working, and the work on creating this 'digital by design' platform is also moving in parallel. Such a platform or portal will be created in-house by the likes of NIC and DIC. The Parliament had passed the DPDP Act in August last year. The key piece of legislation aims to protect th

The notification of the rules to India's data privacy law have been long awaited

BSA, which represents the global software industry, wants companies to get at least 72 hours to report data breaches

The task force is expected to submit the report within a period of 1 month from the issuance of the order

As India's first-ever dedicated legislation for digital privacy, the DPDP Act provides broad principles of collection and processing of personal information in digital form

While the rules that would provide exact processes of the DPDP Act are yet to be notified, the government has consistently claimed that large organisations must not require much time to comply

It follows Meta's talks to launch a similar plan in the European Union (EU) to conform with its privacy concerns

Invoking UAPA against a news outfit is overreaction

Only 2 out of the 100 analysed websites provided consent in multiple regional languages

Only 17% of Indian organisations have listed the email IDs of customer care or other functions for queries with respect to data protection

The stakeholders also said that implementation of eKYCs may create an immense cost burden for startups and smaller organisations, considering that the number of users is in millions