This note provides an overview of the Digital Personal Data Protection Act, 2023 that was published in the official gazette pursuant to a notification dated August 11, 2023. The Act will become effective from the date(s) notified by the Central Government, and different dates may be notified for different provisions. Also, rules may be notified in future, not inconsistent with the provisions of the Act, to carry out the purposes of the Act. The Act seeks to overhaul the current legal framework governing personal data in India. Accordingly, the Act establishes a legal framework to protect digital personal data, including by prohibiting the unauthorized use, alteration or sharing of information in a way that compromises the confidentiality, integrity and/or accuracy of such data. In this regard, the Act distinguishes among a data principal, data fiduciary and data processor, and provides rights for data principals and imposes obligations on data fiduciaries. The Act applies to consent managers as well.
