Digital Personal Data Protection Bill, 2023: A Compilation of Quotes from Various Industry Experts

In an era of rapid technological advancement and data-driven economies, the security of personal data has become a paramount concern for individuals and businesses alike. The Personal Digital Data Protection Act 2023 seeks to address these concerns and establish a comprehensive framework for the protection of digital data. In this special article, we present a collection of quotes from experts representing various industries, reflecting their thoughts on the importance and impact of this landmark legislation.

Here’s a compilation of insightful quotes from experts representing various industries, Read below the details:

Jaspreet Bindra, Founder-MD, Tech Whisperer Ltd- “Bringing in the Digital Data Protection Bill is a very welcome step since this is the first time there is a law to protect data protection and privacy in India. This is especially significant given that India is one of the very few countries where privacy has been declared to be a fundamental right of its citizens. The formation of the Data Protection Board and the fact that it will be housed by professionals is also very welcome. However, the implementation of the same will be the real challenge.

Technology tends to move much faster than regulation and implementing regulation effectively and speedily is a challenge. Take the case of Generative AI. ChatGPT, Bard, etc. have already made similar laws and regulations obsolete or incomplete in parts of the world – the EU is scrambling to integrate this new technology into its regulation framework, but by the time that comes out, the technology would have moved even further away. There are many aspects to GenAI like plagiarism of data, data bias, deep fakes, etc. which would be difficult to track and regulate, given the power and wide distribution of this technology.

It might be simpler to trace and crack down on bigger intermediaries (like large social networks, large genie players, etc.), but the open-source nature of generative AI will mean that a single developer can build and distribute objectionable content at a scale and speed which will be difficult to effectively track, manage and regulate.”

Sujit Patel, MD, and CEO, SCS Tech- It is necessary to appreciate and comprehend the applicability of the Digital Personal Data Protection Bill, which creates a new framework for personal data security. The bill will bring India one step closer to establishing the law on data privacy and protection. It is being done to serve the greater aim of a Digital Economy. The bill is expected to give people more rights, visibility, awareness, autonomy in decision-making, and control over their data, while also requiring businesses to respect those rights and offer suitable remedies.

Dhiraj Gupta, Co-Founder, and CTO, mFilterIt- In light of the new movement towards data privacy, businesses must be aware of their responsibilities towards their customer's data protection. Data protection must be balanced with the right equation of fraud detection associated with data. Businesses must be well-equipped to combat the threats of data breaches and ensure their customer's data is not at risk.

Ivana Bartoletti, Global Chief Privacy Officer, Wipro Limited in response to India's Digital Personal Data Protection Bill 2023- “With the advent of Artificial Intelligence and the need for safeguarding privacy, India’s Digital Personal Data Protection bill aspires to set and evolve the framework for businesses to adopt best practices, strengthen data governance and drive responsible data handling.

Embracing a ‘Privacy by Design’ approach integrates privacy measures from the inception of the technology or system development, rather than treating it as an afterthought. It fosters a sense of trust amongst stakeholders and can even accelerate growth opportunities.”

Udit Mehrotra, MD, and CEO, Spectra-  "As the Digital Private Data Protection Bill takes center stage in parliament today, it serves as a crucial reminder that just as user privacy is paramount in the digital age, network security stands as an equally imperative responsibility for companies. Safeguarding not only personal information but also the very infrastructure that holds it, ensures a landscape where trust, innovation, and progress can thrive unhindered."

Kirti Mahapatra, Partner, Shardul Amarchand Mangaldas & Co.- “The Digital Personal Data Protection Bill, 2023 (“DPDP Bill”) marks the onset of a new data protection regime in India, the bill is ready to set a benchmark amongst similar legal frameworks, globally. We further laud MEITY for undertaking an extensive consultative exercise in preparing the DPDP Bill. The removal of criminal penalties, distinctions between different categories of data, and restrictions on cross-border data flows from the DPDP Bill are a few prime illustrations of MEITY addressing concerns on key issues under the earlier versions of the DPDP Bill.

Such a business-friendly regulatory approach is further geared towards the promotion of ease of doing business in India for technology companies in India while holding digital businesses accountable for protecting Indian users’ personal data and providing such users a comprehensive set of rights.

We are hopeful of the fact that MEITY shall continue to engage with the various stakeholders as it proceeds to build robust and progressive data protection regime through rules and regulations under the DPDP Bill. We are confident that this law will set India up in its efforts for building a new regulatory architecture in the Indian technology sector and in the growth of a three-trillion-dollar Indian digital economy.”

Manish Sehgal, Partner, Deloitte India- “The moment we have been waiting for the past few years has finally arrived!  The much-anticipated privacy bill (referred to as Digital Personal Data Protection Bill, 2023), was tabled in the Parliament on Thursday, August 3rd, 2023. Once enacted, it will enable individuals (referred to as Data Principals) to govern their own personal (digital) data and will drive enterprises (referred to as Data Fiduciary) to process the personal data of individuals in a lawful manner, for specific purposes only. In view of the bill’s extra-territorial coverage, enterprises based outside India serving individuals in India will also be expected to adhere to the provisions of this bill once enacted. Enterprises will have to review the current ways of working especially for the personal data of individuals such as their employees, customers, merchants, vendors, etc. to be able to honor the rights that individuals may exercise, such as the right to access, update, erase their personal data, etc. Non-adherence of obligation listed in the bill may attract sanctions and commercial penalty as high as INR 250Cr.

As more guidance will be released in days/months to come, its highly recommended that enterprises don’t wait and start their readiness journey right away with a fundamental step of data hygiene i.e., where is the data within the enterprise, who accesses it, who processes it and how data flows from one function to another. Right processes, tools & solutions, governance, accountability, and most importantly awareness amongst people are core to be ready. Once the bill will be enacted, transformation is imminent and enterprises should embrace it, not just for compliance purposes but to establish and operate in privacy enabled environment.”

Shreya Suri, Partner, INDUSLAW- The much-awaited draft of the Digital Personal Data Protection Bill, 2023 being tabled before both houses has finally been made public today as the Parliament goes into session for the day. This version of the draft takes into account critical stakeholder feedback and seeks to strike a delicate balance between the fundamental right to privacy guaranteed to Indian citizens, reasonable restrictions associated with such right, business viability- and also the global requirements for being considered an adequate jurisdiction for data processing. This is a welcome step and 5 years in the making!

What is special about this version is the care and attention given to bringing in Illustrative Examples which will serve as guiding principles for critical concepts around ‘consent’, ‘notice’, and ‘legitimate uses’, among others. Another heartening aspect of this piece of legislation is that the Ministry has extensively consulted with all categories of stakeholders and has been receptive to feedback to a large extent, such as lowering the age requirement for seeking parental consent for limited use cases on the basis of a determination to be made by the government. One other interesting feature is that this version points towards a jurisdiction blacklisting format with respect to the permissibility of cross-border data processing activities, unlike other major jurisdictions like the EU, where the approach is to identify and whitelist jurisdictions with adequate legal standards.

Namita Viswanath, Partner, INDUSLAW- After long anticipation, with the introduction of the Digital Personal Data Protection Bill in the Parliament today, we have taken the first of many steps towards having a standalone data protection law in India, that is aligned with the international best practices. This was necessary to truly give effect to the fundamental right to privacy recognised by the Apex Court of India. With the introduction of detailed legitimate use exceptions to consent, categorisation of Significant Data Fiduciary, and establishment of the Data Protection Board, among others, into the current Indian data privacy framework, the law promises to be more robust and suited for current business requirements. However, there are wide powers still reserved for the Central Government to make exceptions, as under the 2022 version of the bill, raising apprehensions about the potential for unguided and arbitrary rule-making powers under this bill.

Conclusion:

In conclusion, the Digital Personal Data Protection Bill, of 2023 is proving to be a landmark piece of legislation that resonates across diverse industries. The adoption of this bill sets a precedent for responsible data handling, improving consumer trust and fostering a secure digital landscape for all. As various sectors adapt to this new paradigm, the collective commitment to data protection paves the way for a thriving digital economy with privacy and security at its core.