An Analysis of the Digital Personal Data Protection Act 2023
Keywords:
Accountability, Algorithmic governance, Legal safeguards, Privacy, Rights of individuals, SurveillanceAbstract
The enactment of the Digital Personal Data Protection Act, 2023 (DPDP Act), is a significant step in India's efforts towards coherent and modern data protection. The Act is a statutory manifestation of the fundamental right to privacy affirmed in Justice K.S. Puttaswamy v. Union of India. The Act attempts to balance two competing necessities- the need to spur economic innovation and growth with the use of data, and the need to maintain the autonomy of persons in the digital or cyber sphere. The paper undertakes a critical study of the Act, considering key dimensions such as state accountability, independence of enforcement mechanisms, algorithmic transparency, and a regulatory role for emerging technologies such as AI, blockchain, and the Internet of Things. These dimensions are not only interrelated but also feed into one another, ranging from cross-border data transfers to surveillance exemptions and data fiduciary obligations. The paper puts the DPDP Act, 2023 in the context of broader privacy frameworks around the world and highlights that although the Act marks a normative development in data regulation, it also reveals enduring tensions in the pragmatics of regulatory governance. The paper concludes by proposing reforms, including the reintroduction of the Sensitive Personal Data, and ensuring robust regulatory protection for Artificial Intelligence and automated decision making, for effective implementation of the DPDP Act, 2023.