top of page

All about the Digital Personal Data Protection Bill 2023 and the key highlights associated with it

The Ministry of Law and Justice, Government of India had tabled the Digital Personal Data Protection Bill 2023 before the Parliament of India which was prepared with the aim to protect the privacy and regulate the transfer of personal data within and beyond India. So, in this blog, we will try to investigate the understanding the Bill in a detailed manner.

About the Bill in Details

The Bill introduces significant obligations upon business enterprises for collecting data into their own account, called as ‘Data Fiduciaries’ which sets broad rules for processing data for being used and retained. It also prescribes specific regulations for consent, purpose limitations, data accountability, transparency, and accuracy. This Bill provides specific parental consent requirements for processing data by restricting these data fiduciaries from tracking or monitoring targeted advertisements directed at any individual. However, the introduction of this Bill comes to be held at a time following a significant shift in the policy, whereby the bill widens the scope for cross-border data flow by making relaxations in data localization requirements.

There are concerns that have been raised over the potential violation of the fundamental rights to privacy resulting from exemptions granted under the Bill for Data Processing, as well. Finally, this Bill has been debated and passed in the Lok Sabha (the Lower House) of the Indian Parliament under the name of the Digital Personal Data Protection Bill of 2023. This legislation also primarily sets out its emphasis on the responsibilities of entities handling and processing digital data. Also, this bill aims to introduce substantial penalties ranging from a minimum amount of INR 50 crores to a maximum amount of INR 250 crores for those who will be found to violate its provisions.

Thus, the primary objective of the Digital Personal Data Protection Bill 2023 has been oriented toward establishing a comprehensive framework for the protection of personal data. In terms of its Jurisdiction, this Bill will cover issues concerning the collection of both online and offline personal data within India, provided with the fact that if data processing occurs outside India, it will offer goods and services to individuals within the country, where the regulations of the bill will itself apply.

Key Highlights of the Digital Personal Data Protection Bill 2023

Some of the important highlights of the Digital Personal Data Protection Bill 2023 have been mentioned as

Data Security- In this place, all entities dealing with user data are required to protect personal data, even when stored with third-party data processors.

Data Breach Notification- In case of a Data Breach, the companies are mandated to promptly inform the Data Protection Board and its users.

Special Provisions for Children and Physically Disabled Persons- Processing data of minors and individuals with guardians needs to be done only with the consent of the guardians.

Appointment of a Data Protection Officer- All the firms need to appoint a Data Protection Officer to share their contact details with all users.

Government Authority of Transfer of Data- This Bill also empowers the Central Government to regulate the transfer of personal data to foreign countries and territories beyond India.

Appeal Mechanisms- All appeals against the Data Protection Board’s decisions will be adjudicated under the Telecom Disputes Settlement and Appellate Tribunal.

The Digital Personal Data Protection Bill 2023 has kept several features that trace its origin to the past version of the Bill released in 2022. One of the major standalone provisions in this bill has been seen as the introduction of a negative list approach for the cross-border transfer of personal data. As per this provision, personal data could be transferred across all jurisdictions unless they are prohibited.

However, this Bill is an important feature that makes data fiduciaries largely responsible for the activities of data processors who are being engaged, which requires all business enterprises to look at the contractual arrangements being undertaken in terms of data processing.

Sources referred




Follow LexTalk World for more news and updates from International Legal Industry




bottom of page