Abstract
We live in an era in which our lives are intertwined with the digital world , where connectivity and convenience have come with new vulnerabilities. Cyberspace that simplifies an individual's life can also be used against it. While India holds the second-largest rapidly growing online population in the world, and prior to 2023, it did not have a framework or legislation to govern data protection for decades. India passed its first data protection law in August 2023.
Legal experts called it 'overdue' because it is India's first comprehensive data protection legislation. The Information Technology Act, 2000 , and the Information Technology (Reasonable Security Practices Procedures and Sensitive Personal Data of Information) Rules, 2011 , governed the rules of data protection before the DPDP Act 2023.
The Digital Personal Data Protection Act, 2023 , was enacted to bring about change and replace scattered regulations across various acts and laws. It is a framework that governs data protection and classifies individuals as Data Principals, the persons to whom the personal data pertains. In simple terms they are the owner of the data. Another key term introduced by the Act is Data Fiduciaries, the entities that collect and process the data