Rights, Duties, Governance, and Global Comparisons in the Digital Personal Data Protection Act, 2023
In Part 1 of this series, we laid the groundwork by exploring the preliminary provisions and data protection obligations of India’s Digital Personal Data Protection Act, 2023. We also began to draw parallels with global regulations, situating India’s approach within the broader international context.
As we continue our journey into the heart of the Act, Part 2 will delve into the critical areas of rights and duties, governance mechanisms, and special provisions. We will explore how the Act empowers individuals, holds data fiduciaries accountable, and establishes robust governance structures. Throughout this exploration, we will continue to draw comparisons with international regulations such as the European Union’s General Data Protection Regulation (GDPR), highlighting India’s alignment with global best practices and its unique contributions to the evolving landscape of data protection.
This part will provide a comprehensive understanding of the Act’s approach to individual rights, organizational responsibilities, and governance, setting the stage for a detailed examination of enforcement provisions in the concluding part of this series.
Balancing Privacy and Progress: Key Features of India’s Data Protection Act and Comparisons with Global Regulations
In Part 2, we will delve into the rights and duties of data principals, special provisions, and governance mechanisms, and draw comparisons with global regulations such as the GDPR and CCPA.
CHAPTER III: RIGHTS AND DUTIES OF DATA PRINCIPAL
Section 11 to 15: Empowering Individuals
This chapter focuses on the rights and duties of the Data Principal, emphasizing individual autonomy and control over personal data.
- Right to Access Information (Section 11): Individuals have the right to access information about their personal data.
- Correction and Erasure (Sections 12-13): These sections allow individuals to correct or erase their personal data.
- Right to Nominate (Section 14): This provision enables individuals to nominate a representative for their data rights.
- Duties of Data Principal (Section 15): Outlines the responsibilities of the Data Principal.
CHAPTER IV: SPECIAL PROVISIONS
Section 16 to 17: Special Categories and Restrictions
This chapter deals with special provisions related to the transfer of personal data and exemptions.
- Restriction on Transfer of Personal Data Outside India (Section 16): This section imposes limitations on the transfer of personal data outside India.
- Exemptions from Certain Provisions of the Act (Section 17): Outlines specific exemptions from the Act.
CHAPTER V: DATA PROTECTION BOARD OF INDIA
Section 18 to 26: Establishment and Functions
This chapter establishes the Data Protection Board of India, outlining its composition, powers, and functions.
- Establishment of Board (Section 18-19): Details the creation and composition of the Board.
- Salary, Allowances, and Term of Office (Section 20-22): Outlines the remuneration and tenure of the Board members.
- Proceedings and Officers of the Board (Section 23-24): Describes the proceedings and staffing of the Board.
- Powers of Chairperson (Section 26): Details the powers of the Chairperson.
CHAPTER VI: POWERS, FUNCTIONS, AND PROCEDURE TO BE FOLLOWED BY BOARD
Section 27 to 28: Oversight and Regulation
This chapter elaborates on the Board’s powers and functions, including issuing directions, conducting inquiries, and imposing penalties.
- Powers and Functions of Board (Section 27): Outlines the extensive powers and functions of the Board.
- Procedure to be Followed by Board (Section 28): Details the procedures the Board must adhere to.
CHAPTER VII: APPEAL AND ALTERNATE DISPUTE RESOLUTION
Section 29 to 32: Legal Redress and Resolution
This chapter provides for appeals to an Appellate Tribunal and alternate dispute resolution mechanisms.
- Appeal to Appellate Tribunal (Section 29): Describes the process for appealing to the Appellate Tribunal.
- Alternate Dispute Resolution (Section 31-32): Outlines alternative methods for resolving disputes.
CHAPTER VIII: PENALTIES AND ADJUDICATION
Section 33 to 34: Enforcement and Penalties
This chapter focuses on the penalties and adjudication processes related to violations of the Act.
- Penalties (Section 33): Details the penalties for non-compliance with the Act.
- Crediting Sums Realized by Penalties (Section 34): Describes the process for crediting penalties to the Consolidated Fund of India.
Comparison with GDPR
Provision (India) | (EU GDPR) | Comparison |
---|---|---|
Ch III: Rights and Duties of Data Principle | ||
Right to Access Information (Section 11) | Right of Access (Article 15) | Both grant individuals the right to access their personal data. |
Correction and Erasure (Section 12-13) | Right to Rectification (Article 16), Right to Erasure (Article 17) | Both provide rights to correct or erase personal data. |
Ch IV: Special Provisions | ||
Restriction on Transfer of Personal Data Outside India (Section 16) | Restrictions on International Transfers (Chapter V) | Both regulate the transfer of personal data outside their respective jurisdictions. |
Ch V: Data Protection Board of India | ||
Establishment of Data Protection Board (Section 18-19) | Establishment of European Data Protection Board (Article 68) | Both establish a regulatory body for data protection. |
Ch VI: Powers, Functions, and Procedure to be followed by Board | ||
Powers and Functions of Board (Section 27) | Powers of Supervisory Authorities (Article 58) | They outline the powers and functions of the regulatory bodies. |
Ch VII: Appeal and Alternate Dispute Resolution | ||
Appeal to Appellate Tribunal (Section 29) | Right to an Effective Judicial Remedy (Article 78) | Both provide a mechanism for appeals and legal redress. |
Ch VIII: Penalties and Adjudication | ||
Penalties (Section 33) | Administrative Fines (Article 83) | They detail the penalties for non-compliance with the respective Acts. |
Conclusion: A Comprehensive Framework
Part 2 of this series delves into the core provisions of the Digital Personal Data Protection Act, of 2023, exploring the rights and duties of data principals, special provisions, and governance mechanisms. By drawing comparisons with global regulations, we gain insights into India’s alignment with international best practices and its distinctive approach to data protection. In the final part of this series, we will explore offences, penalties, and miscellaneous provisions, and conclude with an assessment of the Act’s broader impact on privacy, security, and economic growth.