India Legal Let's Understand News

Part III: India’s Data Protection Act, 2023

Nidhi Arora August 12, 2023

Part I: Definitions and Key Concepts

Part II: Important provisions part 1

This is the third part of the series.

Significant Data Fiduciary (SDF)

Some apps or websites may be called “Significant Data Fiduciary.” Currently, we don’t know which websites or apps, if any, will be on the list.

A SDF will have to take additional steps for protection of data. This includes:

A. Appointment of an India based Data Protection Officer

B. Appointment of an independent Data Auditor who will conduct periodic data audits.

Right to Nominate; Right to Correct and Erase personal data

Every user can ask the app to correct their data, if they have the wrong data, or to completely erase it.

Every user can also nominate someone to take decisions about their data if they themselves cannot take such decisions.

Civil Offences

If there is a complaint against an app, the investigation will be done by the Data Protection Board. The Board can fine the app. But there is no provision of remuneration to the affected user.

All cases under this Act will be Civil Cases. No criminal liability will be placed on the app if the data is misused, breached, or anything else done that is against this Act.

If a user or app is not happy with the decision of the Data Protection Board, they can file an appeal in the High Court.

The Board can also review and change its own orders, so long as the reviewing panel is bigger than the panel that took the original decision.

Which Act rules?

If there is a conflict between this Act and any other Act currently in force in India, the provions of this Act will apply.

Fines

And finally, we understand the fines under the Act. These fines can be increased later by the Parliament, but not more than twice the amounts mentioned in this table.

If a user puts a complaint that is found to be not right, the maximum fine that can be imposed on that user is 10,000. (S No. 5 in the table above).

The other fines apply to companies that hold user data.

What are rules?

Rules are made to implement a law. The rules relating to this Act will be announced later.

You can read the full text of the Act here.

Additional Reading

The Data Security Council of India has released a summary of the Act.

You can read that summary here.

2 Replies to “Part III: India’s Data Protection Act, 2023”

  1. Pingback: Part 2: India’s Data Privacy Act Explained – The Childrens Post of India
  2. Pingback: India’s Data Protection Act – Explained – The Childrens Post of India

Comments are closed.