The landscape of digital rights and privacy has been dynamically changing over the years. In an apparent response to this, India enacted its new privacy law—The Digital Personal Data Protection Act, 2023 (DPDP Act) on August 11. This is a critical step that will surely garner attention, particularly among legal professionals worldwide.
Upon implementation, the DPDP Act will usurp the relevant provisions of the Information Technology Act, 2000, Information Technology (Amendment) Act, 2008, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Given these comprehensive changes, it becomes imperative for legal teams across major corporations and law firms to understand the implications of this new law.
The introduction of this Act indicates a clear shift in India’s approach towards data protection and privacy. Moreover, with its potential impact on the existing Information Technology Acts, it elevates the need for a careful examination of the new provisions by legal professionals.
Further details about the specifics of the DPDP Act, such as its difference from existing law and its expected impact on the general practices of law firms, digital businesses, and corporations that handle sensitive personal data, are available here. As the landscape of digital rights and privacy continues to evolve, so should our understanding and approach toward it. As we move forward, it’s evident that the necessity for data privacy has surpassed from being just a legal requirement to a cornerstone for safe digital governance and corporate responsibility.