India’s DPDP Act: A Game-Changer in Cybersecurity
3 min readIn a significant move towards safeguarding digital data, the Indian government has introduced the Digital Personal Data Protection (DPDP) Act, 2023. This legislation, as stated by the Ministry of Electronics & IT, is designed to uphold individuals’ rights to protect their data, incorporating established principles for its protection. The Act is a reflection of India’s commitment to ensuring the safety and security of its citizens’ digital data in an era where cyber threats are increasingly prevalent.
The DPDP Act, 2023, outlines several key principles for data protection. These include obtaining consent for lawful and transparent use of personal data, limiting its use to specified purposes, and minimizing data collection to necessary levels. The Act also emphasizes the importance of ensuring data accuracy and timely updates, restricting storage duration to the required period, and implementing robust security measures.
Furthermore, it enforces accountability through penalties for breaches and data adjudication. In addition to these principles, the Act imposes stringent protections on personal data transfers. This is exemplified by the Reserve Bank of India’s directive under Section 10(2) and Section 18 of the Payment and Settlement Systems Act, 2007, which mandates the storage of payment system data within India.
As India continues to harness the benefits of digital transformation, maintaining stringent data protection standards is crucial. With over 936 million Internet subscribers, India has emerged as a global leader in the digital landscape. However, this staggering figure also presents challenges, as the Indian Computer Emergency Response Team (CERT-In) has registered several cases of cybercrimes in the past three years.
To enhance the coordinated response of law enforcement agenciesto cybercrimes, the Centre has established the Indian Cyber CrimeCoordination Centre. Additionally, the government has launched the ‘Citizen Financial Cyber Fraud Reporting and Management System’ to facilitate immediate reporting of financial frauds and prevent fund siphoning by fraudsters. A toll-free helpline number, ‘1930’, has been operationalised to assist with lodging online cyber complaints, ensuring swift response and support for victims of cyber fraud.
In the context of global data governance, India’s approach to data protection offers an alternative model to those adopted by other countries. For instance, the USA has a comprehensive set of laws and regulations to combat cybercrime, including the federal Computer Fraud and Abuse Act (CFAA), which provides for both criminal and civil penalties for various cybercrimes. Similarly, Belgium has stringent laws governing the advertising of medicinal products, including the Sunshine Act, which imposes a legal transparency obligation on pharmaceutical companies.
The introduction of the DPDP Act, 2023, is a significant step in India’s journey towards robust data protection. It not only safeguards individuals’ rights to protect their data but also contributes to fostering trust, resilience, and sustainable growth in India’s digital economy. As the country continues to navigate the digital landscape, the Act serves as a crucial tool in ensuring the safety and security of its citizens’ digital data.
The DPDP Act, 2023, is a testament to India’s commitment to data protection. It sets a precedent for other countries to follow, offering a comprehensive framework for safeguarding digital data. As the world continues to grapple with the challenges posed by cyber threats, such legislation is crucial in ensuring the safety, security, and privacy of digital data.