
As of August 11, 2023, the President of India has given assent to the Digital Personal Data Protection Act (DPDPA), and it is clear that the legal instrument after its notification in the Official Gazette, is notified as a law. Now, there have been multiple briefs, insights and infographics which have been reproduced and published by several law firms across India. This article thus focuses on the key provisions of the Act, and explores how it would shape the trajectory of AI Regulation in India, especially considering the recent amendments in the Competition Act, 2002 and the trajectory for the upcoming Digital India Act, which is still in the process.
You can read the analysis on the Digital India Act as proposed in March 2023 here. You can also find this complete primer of the important provisions of the Digital Personal Data Protection Act here, which have been discussed in this article. We urge you to download the file as we have discussed provisions which are described in this document.
General Review of the Key Provisions of the DPDPA
Let's begin with the stakeholders under this Act. The Digital Personal Data Protection Act, 2023 (DPDP Act) defines the following stakeholders and their relationships:
Data Principal: The individual to whom the personal data relates.
Consent Manager: A person or entity appointed by a Data Fiduciary to manage consents for processing personal data.
Data Protection Board (DPB): A statutory body established under the DPDP Act to regulate the processing of personal data in India.
Data Processor: A person or entity who processes personal data on behalf of a Data Fiduciary.