Startups, Beware! How Will India's DPDP Bill Impact You?

Our personal data has been traveling through the digital realm without our consent.  In a bid to safeguard it, the government has come up with the DPDP Bill. Read to find how the Bill will impact startups & tech giants.

author-image
Sonu Vivek
Updated On
New Update
DPDP

"The internet is the largest surveillance operation in human history," this line from the movie 'The Social Dilemma' seems more relevant than ever as we witness the growing importance of protecting our digital privacy. Our personal data has been traveling through the digital realm, crossing borders and changing hands without our consent in today's tech-infused world. 

In a bid to safeguard the personal data that is being shared by us knowingly or unknowingly via the internet and digital platforms, the government introduced the DPDP Bill. 

The Digital Personal Data Protection (DPDP) Bill has emerged as a critical piece of legislation that is set to be tabled in the Parliament during the monsoon session. The Bill's journey has been marked by challenges and revisions, but it holds the potential to revolutionize data protection in India's digital ecosystem.

What is the DPDP bill?

The Digital Personal Data Protection Bill, 2022 (DPDP Bill) is a proposed legislation in India that aims to protect the privacy of individuals relating to their personal data. The Bill defines personal data as any information that relates to an identifiable natural person, including their name, address, email address, telephone number, and biometric data.

The DPDP Bill was approved by the Union Cabinet on July 20, 2023. 

What are the key features of the DPDP Bill? 

  • The Bill applies to the processing of personal data within the territory of India, as well as the processing of personal data outside India if it is in connection with any profiling of, or activity of offering goods or services to Data Principals within the territory of India.
  • The Bill defines personal data broadly to include any information that relates to an identifiable natural person, including their name, address, email address, telephone number, biometric data, and online activity.
  • The Bill requires organizations that process personal data to obtain consent from the individual before collecting, using, or disclosing their personal data.
  • The Bill requires organizations to keep personal data secure and take steps to prevent its unauthorized access, use, or disclosure. It requires organizations to delete personal data once it is no longer needed for the purpose for which it was collected.
  • Individuals have the right to access their personal data, request its correction or deletion, and object to its processing. The Bill establishes a Data Protection Authority of India (DPAI) to oversee the implementation of the Bill.
  • The DPAI will have the power to investigate complaints of non-compliance with the Bill and impose penalties on organizations that violate the law.

Why was the DPDP bill needed? 

The DPDP Bill was needed for a number of reasons, including:

  • The growing volume of personal data being collected and processed by organizations.
  • The increasing sophistication of cyber-attacks and threats to personal data.
  • The need to balance the rights of individuals to privacy with the needs of organizations to collect and use personal data for legitimate purposes.

What will be the effect of the DPDP Bill on Startups? 

The DPDP Bill will have a significant impact on startups and tech giants that collect personal data. The Bill will require these organizations to:

  • Obtain consent from individuals before collecting, using, or disclosing their personal data.
  • Keep personal data secure and take steps to prevent its unauthorized access, use, or disclosure.
  • Delete personal data once it is no longer needed for the purpose for which it was collected.
  • Respond to individuals' requests to access, correct, or delete their personal data.
  • Report data breaches to the Data Protection Authority of India (DPAI).

The DPDP Bill will have a number of implications for startups and tech giants. Here are some of the key implications:

  • Startups and tech giants will need to review their data collection and processing practices to ensure that they are compliant with the DPDP Bill.
  • Startups and tech giants may need to invest in new technologies and processes to ensure that they can keep personal data secure.
  • Startups and tech giants may need to change the way that they market and advertise to individuals.
  • Startups and tech giants may need to be more transparent about how they collect and use personal data.
  • Startups and tech giants may face penalties for non-compliance with the DPDP Bill.

The DPDP Bill is a complex piece of legislation, and it is important for startups and tech giants to carefully review its requirements. The Bill is likely to have a significant impact on how personal data is collected and processed in India, and both startups and tech giants will need to adapt their practices to comply with the new law. Here is a more comprehensive guide to the Bill: "The DPDP Rules: Decoding India’s New Data Protection Law"

A Second Attempt at Legislation

This is not the first time the government has attempted to pass the DPDP Bill. In a prior attempt, the draft faced significant criticism, resulting in a joint parliamentary committee (JPC) proposing 81 amendments to the bill. Undeterred, the government revised the draft, taking into account various concerns, and introduced it as the Digital Personal Data Protection (DPDP) Bill. 

An Evolving Landscape

The DPDP Bill, while rooted in the quest for data protection, has evolved to address the ever-changing digital regulatory landscape. The initial iteration was known as the Personal Data Protection Bill, of 2021, but it became evident that more comprehensive changes were necessary to safeguard personal information in the digital age. The new bill introduces the concept of a data fiduciary, giving users more control over their data, and enabling them to give, manage, and withdraw consent for sharing information.

A Larger Framework for India's Digital Ecosystem

The DPDP Bill is part of the Indian government's ambitious multi-tier proposed framework for regulating the digital space. This comprehensive framework seeks to cover various aspects of India's digital ecosystem, including communication and information technology. Other critical drafts like the Telecommunication Bill and the upcoming Digital India Bill are also in the pipeline, demonstrating the government's commitment to establishing a robust digital regulatory environment.

Subscribe