In a significant development in the country’s data privacy landscape, the upper house of India’s parliament has granted approval for the long-awaited Digital Personal Data Protection Bill. The Rajya Sabha on Wednesday passed the Digital Personal Data Protection Bill, 2023 (DPDP Bill) with a voice vote, while the opposition leaders opted out of participation. Once President Draupadi Murmu grants her assent to this, the bill will officially become law.

This comes barely a few days after the bill received the green signal from the Lok Sabha – that was on Monday, August 7, after several lawmakers and opposition leaders protested against it. Indian IT Minister Ashwini Vaishnaw defends the bill as “pro-citizen and pro-privacy,” emphasizing its role in safeguarding citizens’ data, and clarifying that it is not a money bill.

“This bill is very much in the spirit of the government where we would like to ensure that every citizen’s data is fully protected,” he announced, adding that the Centre undertook extensive public consultation – taking input from 48 organizations, consulting with over three dozen ministries, and considering more than 24,000 comments during the preparation of the bill.

Once the bill becomes a law, it will establish a strong framework for the protection of personal data of Indian users in the digital realm, limiting cross-border data transfers and imposing penalties on companies for breaches in data security. Furthermore, it has the potential to significantly bolster the privacy rights of Indian citizens. The bill’s framework aims to provide individuals with greater control over their personal data, enabling them to dictate how it is collected, processed, and stored by tech companies. This could lead to heightened transparency and empowerment for users in their digital interactions.

To add to this, it gives the Centre more powers to exercise their oversight in the matter and even suppress public access to certain information if it is deemed to be in the interest of the public. Understandably, this has raised concerns about heightened surveillance and potential misuse of citizens’ data for state purposes.

For one, the Editors Guild of India alleged that it impacts freedom of the press and dilutes citizens’ Right to Information. For another, digital rights group Internet Freedom Foundation said that it lacks meaningful safeguards against “over-broad surveillance.”

Nonetheless, the Digital Personal Data Protection Bill, 2023, is shaping up to be a crucial bill, focusing on enhancing data protection and privacy regulations in India’s digital domain. The legislation addresses concerns about data misuse by online platforms and proposes penalties of up to ₹2.5 billion ($30 million) in case of violations and non-compliance on the part of tech companies. Notably, the bill gives the Indian government powers to exempt state agencies from certain aspects of the law. It also introduces citizens’ rights to correct or erase their personal data, enhancing individual control over their information.