India’s approach to privacy and data protection is about to undergo a significant transformation with the introduction of the Digital Personal Data Protection Act 2023. This new law has important rules for businesses that handle a lot of personal data, especially major tech companies like Google, Meta (the parent company of WhatsApp and Instagram), and others.
These companies will have extra responsibilities, such as naming a data protection officer, hiring an independent data auditor, doing assessments to protect data, and following other rules. All of these changes are aimed at making sure your data is safer online, which is especially important considering recent incidents of data breaches and misuse.
Read More: Claiming A Term Insurance: Steps To Follow After Policyholder’s Death
One of the most crucial things this act addresses is protecting the personal information of kids and young adults, who are a big group of customers for major tech companies in India. The act says these companies have to get permission from parents or legal guardians before they use the personal info of people under 18. It also stops companies from using data in ways that could harm a child. The act gives some flexibility, so the government can decide to let companies process data from younger kids if it’s safe to do so. This is done to making sure that data of users of big tech products is handled more carefully.
Supratim Chakraborty, Partner at Khaitan & Co. said, “The impending enactment of the Digital Personal Data Protection Act 2023 is poised to bring about a profound transformation in India’s privacy and data protection compliance landscape. A pivotal facet of this legislation revolves around bolstering obligations for enterprises engaged in the processing of substantial volumes of personal data, and thereby likely to be designated as ‘significant data fiduciaries’.”
Read More: Petrol, diesel prices on August 15: On 77th Independence Day, check latest rates for your city
He further explained big tech companies will also fall into the ambit of the new law,” Consequently, major tech conglomerates are likely to fall within this classification and will be responsible for enhanced responsibilities. Foremost among these new obligations is the requirement to designate a resident data protection officer. Additionally, they must appoint an independent data auditor, undertake data protection impact assessments, and comply with other measures as may be prescribed under the forthcoming legislation.”
The Digital Personal Data Protection Bill 2023 successfully passed through the Indian parliament and received final assent from the President of India. The groundwork for its implementation has commenced, involving consultations with fiduciaries to ensure a swift yet cautious execution. This landmark legislation comes six years after the Supreme Court’s declaration of privacy as a fundamental right.
How will the Digital Data Protection Act Impact Users?
Under the new law, companies, referred to as ‘data fiduciaries’, are mandated to introduce safeguards for digital data obtained from individuals. In order to help users get their grievances addressed in realtime, the companies will also have to designate a Data Protection Officer. Also, users will be granted authority over their personal information. Failures to meet data security or disclosure obligations may result in fines ranging, with potential accumulative penalties for repeated violations.
Read More: Tomato prices to come down to Rs 50 per kg from August 15 in these cities
The Act introduces the concept of ‘consent managers’, offering users a centralized interface to manage their consent. These managers are required to register with the Data Protection Board, maintaining an accountable relationship with users while having the authority to lodge complaints on their behalf.
Key rights and responsibilities outlined in the Act include access to information about data processing, correction and erasure of personal data, grievance resolution mechanisms, and the option to designate a proxy for exercising rights in exceptional cases. Conversely, users are obligated not to submit frivolous complaints or provide false information, with potential penalties for non-compliance.
The legislation marks a significant milestone in India’s data protection journey and is poised to reshape compliance and data analytics strategies of tech conglomerates.
