Karol Bagh | IAS GS Foundation Course | 29 May, 6 PM Call Us
This just in:

State PCS

Daily Updates


Digital India Act, 2023

  • 10 Mar 2023
  • 8 min read

Prelims: Digital India Act, 2023, Information Technology Act (IT Act) of 2000, Digital Personal Data Protection Bill, 2022, Cybersecurity, Artificial Intelligence (AI), Deepfakes.

Mains: Digital India Act, 2023, Cybersecurity.

Why in News?

The Ministry of Electronics and Information Technology will soon come up with the Digital India Act, 2023 which will replace the Information Technology Act (IT Act) of 2000.

What is the Need for a New Act?

  • Since the IT Act of 2000 was enacted, there have been many revisions and amendments (IT Act Amendment of 2008, IT Rules 2011) in attempts to define the digital space in which it regulates while trying to put more emphasis on the data handling policies.
  • However, because the IT Act was originally designed only to protect e-commerce transactions and define cybercrime offenses, it did not deal with the nuances of the current cybersecurity landscape adequately nor did it address data privacy rights.
  • Without a complete replacement of the governing digital laws, the IT Act would fail to keep up with the growing sophistication and rate of cyber-attacks.
  • The new Digital India Act envisages to act as catalysts for Indian economy by enabling more innovation, more startups, and at the same time protecting the citizens of India in terms of safety, trust, and accountability.

What are the Likely Provisions under Digital India Act 2023?

  • Freedom of Expression:
    • Social media platforms’ own moderation policies may now be reduced to constitutional protections for freedom of expression and Fundamental speech rights.
      • An October 2022 amendment to the IT Rules, 2021 says that platforms must respect users’ free speech rights.
    • Three Grievance Appellate Committees have now been established to take up content complaints by social media users.
    • These are now likely to be subsumed into the Digital India Act.
  • Online Safety:
    • The Act will cover Artificial Intelligence (AI), Deepfakes, cybercrime, competition issues among internet platforms, and data protection.
    • The government put out a draft Digital Personal Data Protection Bill in 2022, which would be one of the four prongs of the Digital India Act, with the National Data Governance Policy and amendments to the Indian Penal Code being others, along with rules formulated under the Digital India Act.
  • New Adjudicatory Mechanism:
    • A new “Adjudicatory Mechanism” for criminal and civil offenses committed online would come into place.
  • Safe Harbour:

What is the Digital Personal Data Protection Bill?

  • The Bill will apply to the processing of digital personal data within India where such data is collected online, or collected offline and is digitised. It will also apply to such processing outside India, if it is for offering goods or services or profiling individuals in India.
  • Personal data may be processed only for a lawful purpose for which an individual has given consent. Consent may be deemed in certain cases.
  • Data fiduciaries will be obligated to maintain the accuracy of data, keep data secure, and delete data once its purpose has been met.
    • “Data Fiduciary” is defined as any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data.
  • The Bill grants certain rights to individuals including the right to obtain information, seek correction and erasure, and grievance redressal.
  • The central government may exempt government agencies from the application of provisions of the Bill in the interest of specified grounds such as security of the state, public order, and prevention of offences.
  • The central government will establish the Data Protection Board of India to adjudicate non-compliance with the provisions of the Bill.

What Data Protection Laws are there in other Nations?

  • European Union Model:
    • The General Data Protection Regulation focuses on a comprehensive data protection law for processing of personal data.
    • In the EU, the right to privacy is enshrined as a fundamental right that seeks to protect an individual’s dignity and her right over the data she generates.
  • US Model:
    • There is no comprehensive set of privacy rights or principles in the US that, like the EU’s GDPR, addresses the use, collection, and disclosure of data.
    • Instead, there is limited sector-specific regulation. The approach towards data protection is different for the public and private sectors.
      • The activities and powers of the government vis-a-vis personal information are well-defined and addressed by broad legislation such as the Privacy Act, the Electronic Communications Privacy Act, etc.
      • For the private sector, there are some sector-specific norms.
  • China Model:
    • New Chinese laws on data privacy and security issued over the last 12 months include the Personal Information Protection Law (PIPL), which came into effect in November 2021.
      • It gives Chinese data principals new rights as it seeks to prevent the misuse of personal data.
    • The Data Security Law (DSL), which came into force in September 2021, requires business data to be categorized by levels of importance, and puts new restrictions on cross-border transfers.

Source: TH

SMS Alerts
Share Page