Rules (refer to the infographics) once notified will facilitate the implementation of the Digital Personal Data Protection Act, 2023 (DPDP Act).

About DPDP Act 2023 

• Background: 
  • 2011: Justice AP Shah Committee recommended privacy legislation
  • 2017: Supreme Court in Justice KS Puttaswamy (Retd) vs Union of India recognized privacy as a fundamental right
• Scope: Covers digital personal data processing in India where such data is collected online or offline and is digitised.
• Data Protection Framework
  • Obligations for Data Fiduciary (entity determining purpose and method of data processing)
    • User (Data principals) Consent: Personal data may be processed after obtaining the consent of the individual.
      • Consent will not be required for ‘legitimate uses’ like if data has been provided voluntarily,  provision of benefit or service by the government, medical emergency, etc.
    • Processing of personal data of children or a person with disability: Verifiable consent of parent or the lawful guardian is mandatory.
    • Establishment of Data Protection Officer (DPO): Central Government may notify any Data Fiduciary or class of Data Fiduciaries as Significant Data Fiduciary.
      • Significant Data Fiduciary shall appoint a DPO who shall reside in India and be the point of contact for the grievance redressal mechanism. 
  • User Rights:  Right to get a summary from the Data Fiduciary of how their personal data is being processed, which other entities have access to their data or any other information related to the personal data. 
  • Enforcement: Data Protection Board (DPB) has civil court powers for personal data breach complaints.