Is Data Protection Act 2023 Ensuring Your Digital Privacy?

In an era characterized by digital transformation and the widespread exchange of personal information online, the question of data protection has taken center stage. Just last week, the President of India granted approval to the Digital Personal Data Protection Act (DPDPA), Nearly six years following the formation of an expert committee led by Justice BN Srikrishna by the government for this objective, marking a significant milestone in the country’s efforts to safeguard individuals’ digital privacy. However, this journey towards comprehensive data protection in India has been a long and intricate one, with roots tracing back to the 20th century.

Historical Evolution of Data Protection Legislation:

The groundwork for data protection in India can be traced to 1998 when the government introduced the Information Technology Action Plan. This plan was a response to recommendations made by the Prime Minister’s Task Force on IT and Software Development, which recognized the need for a National Policy on Information Security, Privacy, and Data Protection Act. Interestingly, this was only three years after the European Data Protection Directive of the European Union had been established. The Information Technology Act (IT Act) materialized in 2000, and its 2008 amendments introduced certain provisions related to data protection.

In 2009, the Unique Identification Authority of India (UIDAI) was established to manage Aadhaar, the nation’s biometric identification system. Subsequently, in 2012, an expert group chaired by Justice AP Shah recommended a set of foundational principles for privacy law. This groundwork demonstrates the prolonged efforts to develop a comprehensive data protection framework.

Challenges and Progress:

The journey towards data protection in India was marked by numerous challenges, including the evolving technological landscape and the intricate interplay of various legislations. As early as 2010, consultations for a privacy law were initiated by the Department of Personnel and Training. This period of contemplation coincided with the initiation of the Aadhaar program. Despite the growing recognition of the need for robust data protection, the government’s stance remained that the existing IT Act contained adequate provisions.

Analyzing the Legislative Intent:

Understanding the legislative intent behind the DPDPA requires examining the Statement of Object and Reasons accompanying the Bill. This reveals the government’s perspective on the purpose and necessity of the law. In a parliamentary democracy, the legislative process is meticulous and time-consuming. Once enacted, laws often endure as the societal context evolves, necessitating the inclusion of rule-making powers with both executive and statutory bodies.

Operational Aspects and Appellate Mechanism:

The operational aspects of the DPDPA involve administrative notifications and the establishment of the Data Protection Board of India (DPBI). Curiously, the composition of the DPBI is left to the discretion of the Central Government, contrasting with specific numbers codified in other laws. The decision to make the Telecom Disputes Settlement and Appellate Tribunal (TDSAT) the appellate body for data protection cases aligns with the convergence of telecommunications and data privacy.

Unanswered Questions and Future Directions:

Amidst the strides taken, the DPDPA has raised questions about legitimate data uses without explicit consent and the powers for granting exemptions. These concerns emphasize the need for data fiduciaries and processors to align their practices with the DPDPA’s provisions. As India’s economy surges towards a $5 trillion mark by 2030 and 6G networks become a reality, the ability of individuals to discreetly and securely control their personal data becomes paramount.


The journey towards comprehensive data protection in India has spanned decades, reflecting the evolving digital landscape and the complexities of privacy rights. The approval of the DPDPA is a pivotal step towards safeguarding individuals’ digital privacy, but it’s crucial to acknowledge that data protection is just one facet of a larger framework that includes cyber security, surveillance reforms, and non-personal data governance.

As citizens, understanding our rights and responsibilities in the digital age is vital. By staying informed and engaged, we contribute to shaping a digital ecosystem that respects privacy while fostering innovation and economic growth. The ongoing dialogue about data protection ensures that the legal framework remains relevant and effective as our digital journey continues.

Leave a Comment