The Digital Personal Data Protection Act, 2023: Key Provisions, Issues, and Future Directions

Abstract

The Digital Personal Data Protection Act, 2023 is a necessary step towards safeguarding the data privacy in India where quick digitalization is in progress. With the growing prevalence of personal data breaches and cyber threats, the Act’s role in resolving these issues is primary. This study is a critical review of the DPDP Act, its main provisions, the challenges encountered in its implementation, and potential future developments to enhance the Act. The paper employs a comparative legal methodology, focusing on the Act’s provisions, enforcement mechanisms, and weaknesses. It relies on research into the doctrines and a critical analysis of applicable case law to assess the Act’s success in ensuring data privacy and the practical difficulties it faces. The results reveal several acute problems, including gaps in enforcement, government exemptions that narrow the statute’s scope, and concerns about data localization requirements. Nonetheless, the Act’s benefits for data subjects are evident in its provisions, including those on informed consent and data access. Although the DPDP Act provides an adequate legal framework for data protection, it still needs to be refined to align with emerging technologies, including AI and blockchain. The further revisions must address enforcement challenges and make the Act more global and effective in the context of rapidly changing digital environments. This paper highlights the need to continually revise it to protect individuals’ privacy and build confidence in the Indian digital landscape.