““Digital Personal Data Protection Act”—A Strudel Served Raw!” – International Journal of Law, Ethics, and Technology

-                                        Title
+                                        "“Digital Personal Data Protection Act”—A Strudel Served Raw!"
-                                        Author
+                                        Soumya Banerjee
-                                        Affiliation
+                                        Legal Department, Yes Bank Limited
-                                        Region/Country
+                                        India
-                                        Pages
+-107
-                                        Download
-                                        Permalink
+                                        https://www.ijlet.org/4.3.3
-                                        DOI
-                                        Keywords
+                                        Data Privacy; DPDP Act; Indian Privacy Law; Origin of Privacy Laws
-                                        Abstract
+                                        The good news is that personal data privacy law has become a reality in India.
The bad news is 95% of the public is ignorant of the same, 3% do not know what it
entails and the rest 2% are voraciously engaged in an intellectual feud. Privacy as a
concomitant of natural or inalienable rights has been recognized in the western
hemisphere since the 18th century. In India, the legislative history of the doctrine can
be traced to the trilogy of cases during the 1950’s. It was only post 1978, that the apex
court of the country passed a slew of judgements recognizing the right to privacy as an
essential part of the right to “protection of life and personal liberty” embodied under
the Indian Constitution and thereby bestowing the fundamental right status. On August
24, 2017, a nine-judge Constitution bench of the Supreme Court of India (Puttaswamy
judgment) re-wrote history as it not only recognized and reconfirmed the fundamental
right status of “ right to privacy” but also laid the foundation of data protection law in
the country. August 11, 2023, marks a historic date in the legislative annals of digital
India, as the country enacted the Digital Personal Data Protection Act, 2023 (“DPDP
Act” or “Act”) after more than half a decade of deliberations. At a time when
technology has become the defining paradigm of every business, the DPDP Act seeks
to lay the foundation for developing a strong data privacy regime in the country. The
Act in its new avatar is quite different from its predecessors proposed earlier. Ironically,
the regulations themselves have set ajar a host of challenges, issues and steeplechases,
which can barely be fathomed at this moment. In addition, the DPDP Act is yet to be
notified or implemented by the Central Government. The key question this paper
discusses is whether this seemingly endless period of deliberations culminated into a
robust and comprehensive law or is it simply a Strudel served raw! To answer this
question, the paper first charts the history of the concept with a chronological approach
on a global platform. The second part of the paper charts the pre-DPDP era in India.
The third part recapitulates the DPDP Act (in the present form) in a nutshell, while the
fourth part dissects the DPDP Act highlighting certain potentially problematic features
of this law. Lastly, the paper will examine what can be done to influence the
development of a robust and sustainable data protection regime in the country in the
years to come.