Abstract

The Digital Personal Data Protection Act of India (DPDP) represents a transformative milestone in India's data protection landscape. Enacted after years of deliberation and drawing inspiration from the GDPR, the DPDP Act aims to establish a comprehensive framework for the processing of personal data, encompassing both public and private entities regardless of their size. The Act introduces fundamental concepts such as "data fiduciaries" and "data principals," providing equal protection to all forms of personal data. Emphasizing consent as a primary basis for data processing, the Act grants certain rights to data principals, setting the stage for greater transparency and control over personal data. It also outlines responsibilities for data fiduciaries, focusing on data security, breach notification, and accountability. However, the Act has been met with some criticism, particularly concerning exemptions for journalistic purposes and the significant regulatory authority granted to the central government. Despite these concerns, the DPDP Act lays a strong foundation for the protection of personal data in India, aligning with the fundamental right to privacy recognized by the Supreme Court. It represents a crucial step forward, addressing the gaps in the previous data protection framework and positioning India in the global landscape as a country committed to safeguarding personal data.

Keywords