In today's increasingly digitalized world, data is highly prized as a catalyst for progress and development. However, this surge in digital connectivity has sparked concerns over the ethical implications and potential breaches of individual privacy, encapsulating what's known as the Data Dilemma. Individuals now possess certain rights and responsibilities regarding their data, including the right to receive a comprehensive summary of collected data, transparency about data fiduciaries and processors, and the ability to request corrections, updates, or deletion of their personal information.


In India, various government departments have enacted laws to enforce data protection. Some key legislations impacting data protection include:


As technology and e-commerce continue to advance, so do cybercrimes and offences related to data and authentic information. When data stored across various platforms like laptops, phone galleries, Facebook, Instagram, and WhatsApp is compromised, it raises serious concerns about data protection from cyber threats. The United Nations Commission on International Trade Law introduced a model law on e-commerce and digital intricacies in 1996. In India, the Information Technology Act of 2000 plays a crucial role in safeguarding data and penalizing social media platforms, with amendments made as per evolving needs. This act stands as a cornerstone legislation in India, addressing cybercrime and e-commerce concerns, and mandates every country to formulate its own laws on these issues.

The Act outlines various offenses related to data breaches and individual privacy violations, prescribing punishments or penalties accordingly. Its primary objectives include:

  • → It protects data related to e-commerce and digital signatures.
  • → It protects all transactions done through electronic means.
  • → It protects regulates and protects the sensitive data stored by social media and other electronic intermediaries.
  • → It gives provisions for the validity and recognition of electronic records along with a license that is necessary to issue any digital or electronic signatures.

Amendments to the IT Act 2000

In 2008, significant amendments were made to the Information Technology Act, including the introduction of Section 66A, which penalized the transmission of "offensive messages". Additionally, Section 69 was added, granting authorities the power to intercept, monitor, or decrypt information through any computer resource. Further amendments were made in December 2018, aimed at holding social media platforms like WhatsApp, Facebook, and Twitter accountable for monitoring and controlling the content shared on their platforms. This compelled users to exercise caution before posting or sharing anything deemed as unlawful information or content. More recently, the government notified amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021. These amendments aim to curb the spread of false or fake information and regulate online gaming. Online games are defined as those played on the internet involving a deposit and an expectation of winning. These legislative measures reflect the ongoing efforts to adapt to the evolving digital landscape and address emerging challenges such as online misinformation and the regulation of digital platforms and activities.

Puttaswamy and Anr. v. Union of India and Ors.2017

In a landmark case, the Supreme Court upheld the right to privacy, affirming it as an integral part of the fundamental right to life in India, including the right to informational privacy. Subsequently, recognizing the importance of data protection, the government established the Justice B. N. Srikrishna committee on Data Protection, which presented its findings in 2018. Based on this report, the Personal Data Protection Bill of 2019 was introduced in the Lok Sabha, later referred to a Joint Parliamentary Committee, with their report submitted in December 2021. Despite initial progress, the Bill was withdrawn from Parliament in August 2022. However, in November of the same year, a Draft Bill was released for public input. Finally, in August 2023, the Digital Personal Data Protection Bill, 2023 was introduced in Parliament, marking a significant step towards comprehensive data protection legislation.

Digital Personal Data Protection (DPDP) Act, 2023

This act was introduced in Lok Sabha on August 7, 2023 and in Rajya Sabha on August 9, 2023. The president of India given his assent to this bill on August 11, 2023. Earlier Personal Data Protection Bills of 2019 & 2022 were in existence but because of lots of issues related to data numerous amendments were made in it. These amendments were related to data localization, transparency, compliance intensive, etc.

Objective of DPDP, 2023

The Act serves as a comprehensive framework to safeguard and regulate the processing of personal data in India, encompassing both digital and offline realms, with jurisdiction extending beyond national borders. It aims to foster international collaboration for Indian businesses while ensuring stringent data protection measures.

The establishment of the Data Protection Board underscores its commitment to overseeing data security, conducting investigations, and imposing penalties, including fines of up to 250 crore rupees, for violations. Furthermore, the provision for appeals to be heard by the Telecom Disputes Settlement and Appellate Tribunal (TDSAT) adds an additional layer of accountability and transparency to the enforcement process.

How privacy is protected under this Act?

India's inaugural data protection law mandates obtaining consent before processing personal data, with clearly delineated exceptions. It grants consumers rights to access, correct, update, and erase their data, alongside the right to nominate. Enhanced safeguards for children's data processing are established. Businesses must adhere to purpose limitations, provide notice of data collection and processing, and ensure security safeguards. The Data Protection Board (DPB) manages complaints and grievances, empowered to levy penalties for noncompliance.


Thus, it can be said that data has become a precious commodity in the digitalized world and safeguarding individuals' privacy and personal information has become paramount for governments. India, as one of the world's leading technology hubs and has taken a significant step towards ensuring data privacy with the laws made time to time. Basic object of these legislation is protection of data, maintain privacy, lawful processing of personal data, mandating data fiduciaries to espouse perspicuous, lawful, and unambiguous purposes for data utilization. The fact that the current version of the law, as compared to the earlier ones are more effective in this regard.