Short Title: The Act may be called the Digital Personal Data Protection Act, 2023.
Commencement: The Act shall come into force on such date as the Central Government may, by notification in the Official Gazette, appoint. Different dates may be appointed for different provisions of this Act. Any reference in any such provision to the commencement of this Act shall be construed as a reference to the coming into force of that provision.
For further details and provisions of the Digital Personal Data Protection Act, 2023, and its associated website “dpdpb.in,” I recommend referring to official government sources, legal databases, or resources dedicated to data protection and privacy law in your country.
The context of this Act does not require otherwise.
The Telecom Disputes Settlement and Appellate Tribunal is the Telecom Regulatory Authority of India Act 1997, section 14.
“automated”, any digital process that can be operated automatically, either in response to a given instruction or for other purposes such as processing data.
The Data Protection Board of India, established by the Central Government to implement this Act is referred to as “Board”.
“Child” is a person who is under the age of 18 years.
“Data” is a representation of facts, ideas, opinions, or instructions that can be communicated, interpreted, or processed by humans or automated methods;
Data Fiduciary is any person, alone or with others, who determines the purposes and methods of processing personal data.
Data Principal means the person to whom personal data is related, and in the case of a child the parent or legal guardian.
“Data Processor” is any person who processes data for a Data Fiduciary.
A “Data Protection officer” is an individual who has been appointed by a Significant Fiduciary in accordance with the provisions of this Act.
Gain means — (a), a gain in property, or a supply or services whether temporary or permanent. (b) An opportunity to earn or receive remuneration (or greater remuneration) or gain a financial benefit other than remuneration.
In relation to Data Principals, “harm” means: (a) bodily harm or (b), distortion or theft of identitiy; © harassing; (d) preventing lawful gain; or (e) causing significant loss.
Loss is defined as — (a), loss of property or interruption of supply of services (temporary or permanent); or (b), loss of opportunity to earn remuneration, greater remuneration, or gain a financial benefit other than through remuneration.
The term “person” is used to describe: (a) any individual; (b), a Hindu Undivided Family; or © any company or firm; or (e) any association or group of individuals, whether or not incorporated; or (f) the state; or (g) all artificial juristic persons, which do not fall within the subclauses above.
Personal data is any information about a person who can be identified by such data or based on it;
Personal data breaches include any unauthorised processing, accidental disclosure, acquisition or sharing of data, or the alteration, destruction or loss of access of data that compromises confidentiality, integrity, or availability.
“prescribed” means that the Rules made pursuant to this Act are prescribed.
In relation to personal data, “processing” means an automated operation, or set of automated operations, performed on digital data. This may include operations like collection, recording and organisation, structuring storage, adaptation, alteration retrieval, alignment, combination, indexing sharing, disclosure via transmission, dissemination, or other making available, restriction or erasure;
“Proceeding” is any action taken by a Board in accordance with the provisions of the Act.
In relation to personal data “processing” means a fully or partly automated operation, or set of operations, performed on digital data. This includes collection, recording and organisation, structuring storage, adaptation, retrieval or use, alignment, combination, indexing sharing, disclosure, transmission, dissemination, or other making available by any other means, restriction, erasure, or destruction.
When referring to an individual, “she” includes all individuals regardless of gender.
“Significant data fiduciary” is any Data Fiduciary, or class of Data Fiduciaries that may be notified to the Central Government by section 10;
“Specified Purpose” is the purpose stated in the notice sent by the Data Fiduciary in accordance with this Act and its rules;
The Constitution defines “State” as the state.
It shall be deemed that:
The processing of digital personal information within India is covered by the Act.
(i) in digital form; or
(iii) on paper and then digitised;
(b) Also apply to the processing of digital data personal outside of the Indian territory, if the processing is connected with any activity related offering goods or services to Data Principals on the Indian territory;
c) Does not apply to:
Personal data is any information that an individual uses for personal or domestic purposes.
The iiith category is personal data made public or made available to the public by —
The Data Principal, i.e. the person to whom personal data is referred;
The law in India currently requires that any person who has a duty to disclose personal information must do so.