DIGITAL PERSONAL DATA PROTECTION ACT (Syllabus: GS Paper 3 – Cyber Security)

News-CRUX-10     10th April 2024        
output themes

Context: Recently, a data breach exposed the personal information of over 7.5 million customers of consumer electronics brand Boat, prompting experts to cite the company's liability under the 2023 Digital Personal Data Protection (DPDP) Act.

India's Ranking in Breached Countries

  • According to Surfshark, India ranked fifth among the most breached countries in 2023, with 5.3 million leaked accounts.
  • Surfshark reported that approximately 10 Indian user accounts were leaked every minute in 2023.
  • In January 2024, CloudSEK revealed a security breach that exposed personal data of 750 million Indian telecom users.
  • In November 2023, Taj Hotels experienced a data breach, compromising the personal data of 1.5 million individuals.

Digital Personal Data Protection Act 2023

  • About: An Act to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto.
  • Nodal Ministry: Ministry of Electronics and Information Technology 
  • Aim: To establish a framework for processing digital personal data that respects both individuals' rights to safeguard their data and the necessity of processing data for legitimate purposes.

Provisions of the Act

  • Application: The Act is applicable when processing digital personal data within India, under the following circumstances: Data is collected online & Data is collected offline, and then digitized.
  • Consent: For individuals below 18 years of age, consent must be granted by a parent or legal guardian.
  • Rights of Data Principal: A data principal, who is an individual undergoing data processing, possesses the following rights:

oThe right to obtain information regarding the processing of their data.

oThe right to request the correction and deletion of their personal data.

  • Personal data beyond India: It permits the transmission of personal data beyond India, barring countries that have been prohibited by the central government through an official notification.