The Ministry of Electronics and Information Technology has announced that it will soon introduce the Digital India Act, 2023. This new legislation will replace the Information Technology Act (IT Act) of 2000, a law that had originally been designed to protect e-commerce transactions and define cybercrime offenses but failed to keep up with the rapidly advancing cybersecurity landscape. In addition, the Indian parliament plans to implement the Digital Personal Data Protection Bill, proposed in 2022, alongside the Digital India Act in a coordinated effort to streamline the country’s digital laws.
Why the Need for a New Act?
Changes in the digital world have necessitated the development of a new Act. Since the IT Act was enacted in 2000, multiple revisions have been made to better regulate the digital space and emphasize data handling policies. However, without a full replacement of current laws, these updates might have been insufficient to address the complexities of contemporary cybersecurity issues and data privacy rights. The new Digital India Act aims to stimulate the Indian economy by fostering innovation and startups, while also ensuring citizen safety, trust, and accountability.
Provisions under the Digital India Act 2023
The Digital India Act is set to introduce several critical provisions. These include understanding fundamental speech rights, ensuring online safety, creating a new adjudicatory mechanism, and re-evaluating the concept of ‘safe harbour’ which allows social media platforms to avoid liability for user posts. It aims to cover important areas like Artificial Intelligence (AI), Deepfakes, cybercrime, competition among internet platforms, and data protection.
Understanding the Digital Personal Data Protection Bill
The proposed Digital Personal Data Protection Bill focuses on the processing of digital personal data within India, whether collected online or offline. It also addresses data processing outside India if that data is used to offer goods or services, or for profiling individuals within India. It defines the obligations of data fiduciaries and grants certain rights to individuals like obtaining information, seeking data correction and erasure, and grievance redressal.
Data Protection Laws in Other Nations
Data protection laws vary widely across the globe. The European Union’s General Data Protection Regulation (GDPR) sets comprehensive rules for the processing of personal data, ensuring privacy as a fundamental right for its citizens. The United States, on the other hand, does not have a comprehensive set of privacy rights but instead has limited sector-specific regulation. Their approach differs for public and private sectors with broader legislation addressing government activities. Meanwhile, China’s new data privacy and security laws issued include the Personal Information Protection Law (PIPL) and the Data Security Law (DSL), which categorizes business data by levels of importance and restricts cross-border transfers.
