The following Act of Parliament received the assent of the President on the 11th August, 2023 and is hereby published for general information:
THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023 (NO. 22 OF 2023) [11th August, 2023.]
An Act to provide for the processing of digital personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto. BE it enacted by Parliament in the Seventy-fourth Year of the Republic of India as follows:––
CHAPTER I
PRELIMINARY
1. (1) This Act may be called the Digital Personal Data Protection Act, 2023.
(2) It shall come into force on such date as the Central Government may, by notification in the Official Gazette, appoint and different dates may be appointed for different provisions of this Act and any reference in any such provision to the commencement of this Act shall be construed as a reference to the coming into force of that provision
. In this Act, unless the context otherwise requires,—
(a) “Appellate Tribunal” means the Telecom Disputes Settlement and Appellate Tribunal established under section 14 of the Telecom Regulatory Authority of India Act, 1997;
(b) “automated” means any digital process capable of operating automatically in response to instructions given or otherwise for the purpose of processing data;
(c) “Board” means the Data Protection Board of India established by the Central Government under section 18;
(d) “certain legitimate uses” means the uses referred to in section 7; (e) “Chairperson” means the Chairperson of the Board;
(f) “child” means an individual who has not completed the age of eighteen years;
(g) “Consent Manager” means a person registered with the Board, who acts as a single point of contact to enable a Data Principal to give, manage, review and withdraw her consent through an accessible, transparent and interoperable platform;
(h) “data” means a representation of information, facts, concepts, opinions or instructions in a manner suitable for communication, interpretation or processing by human beings or by automated means;
(i) “Data Fiduciary” means any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data;
(j) “Data Principal” means the individual to whom the personal data relates and where such individual is—
(i) a child, includes the parents or lawful guardian of such a child;
(ii) a person with disability, includes her lawful guardian, acting on her behalf;
(k) “Data Processor” means any person who processes personal data on behalf of a Data Fiduciary;
(l) “Data Protection Officer” means an individual appointed by the Significant Data Fiduciary under clause (a) of sub-section (2) of section 10;
(m) “digital office” means an office that adopts an online mechanism wherein the proceedings, from receipt of intimation or complaint or reference or directions or appeal, as the case may be, to the disposal thereof, are conducted in online or digital mode;
(n) “digital personal data” means personal data in digital form;
(o) “gain” means—
(i) a gain in property or supply of services, whether temporary or permanent; or
(ii) an opportunity to earn remuneration or greater remuneration or to gain a financial advantage otherwise than by way of legitimate remuneration;
(p) “loss” means—
(i) a loss in property or interruption in supply of services, whether temporary or permanent; or
(ii) a loss of opportunity to earn remuneration or greater remuneration or to gain a financial advantage otherwise than by way of legitimate remuneration;
DOWNLOAD COMPLETE DOCUMENT [ PDF] Digital Personal Data Protection Bill, 2023 From the Attachement section of the page