India’s Union Communications, Electronics, and Information Technology Minister, Ashwini Vaishnaw, introduced the Digital Personal Data Protection Bill, 2023, in the Lok Sabha. The bill seeks to balance the need to protect individuals’ digital personal data with the need to process it for lawful purposes. An earlier version of the same had been circulated for public consultation last November.

However, this time, the bill received far from a warm reception from members of the opposition, who raised concerns about its potential violation of the fundamental right to privacy. The Digital Personal Data Protection Bill (DPDP), 2023 marks the second and latest attempt by the central government to draft legislation related to the digital privacy of users, both times, amid much opposition and controversy.

The bill’s introduction was met with strong opposition from members of the opposition, including AIMIM MP Asaduddin Owaisi, TMC MP Saugata Roy, and Congress MP Manish Tewari. They argued that it violated the fundamental right to privacy. They demanded that the bill be sent to the standing committee for scrutiny, following which Vaishnaw clarified that the bill is not a money bill. The introduction of the DPDP Bill in the Lok Sabha comes after the government had already withdrawn a bill on data protection in 2022, something that was cited by the members of the opposition.

Rajeev Chandrasekhar, Minister of State for Electronics and Information Technology, described the DPDP Bill as “a holistic forward-looking legislation,” one that obligated companies to protect all digital personal data, not just critical ones. He added that the bill will ensure “better protection of our #DigitalNagriks against misuse of data and toxic practices.”

He went on to add that it was formulated after extensive consultations led by the Ministry of Electronics and Information Technology (MeitY) with all stakeholders, and once it was passed by Parliament, would protect the rights of the citizens of the country. It aims to create a comprehensive framework to regulate the processing of personal data while safeguarding individual rights, and marks a “very significant milestone” in PM Modi’s vision of global standard cyber laws for the nation’s digital economy.

Now, the Digital Personal Data Protection Bill proposes a data protection legislation that allows the transfer and storage of personal data in certain countries while imposing penalties on entities failing to prevent data breaches.

It also changed the financial penalties imposed upon individuals and companies in case of non-compliance – in this case, the penalties can amount up to ₹250 crore. It also places an emphasis upon free and informed consent in order to reinforce citizens’ fundamental right to privacy – under the provisions of the DPDP Bill, the personal data of an individual can only be processed for a legal and legitimate purpose, and the individual in question has freely given, or is deemed to have given, their consent. A new Data Protection Board will be set up to scrutinize cases of non-compliance, and where such cases are found, impose the penalties upon the parties. The board will also have advisory power to make recommendations for blocking public access to a computer resource or a platform, while the Centre will have the power to block public access to any information hosted on any computer source, as long as it is in the public interest.