X

With Cybercrimes On The Rise, Data Protection Rules Could Be Notified Soon

With cybercrimes are on the rise, the Digital Personal Data Protection (DPDP) Act may soon see the light of the day.

Given the spike in cybercrimes today, India could witness around one trillion cyber attacks by 2033 and 17 trillion by 2047, according to a report by the non-governmental organisation (NGO) PRAHAR. The report “The Invisible Hand” cited by PTI, said, “This staggering scale underscores the urgent need for a robust, large-scale cyber defense to safeguard the nation.”

Advertisement

India has seen over 79 million cyber attacks in 2023, marking a 15 per cent increase from the previous year, the report said, adding, there is an urgent need to address these crimes to protect both individuals and organisations.

In August 2023, the government enacted the Digital Personal Data Protection (DPDP) Act to address these crimes. However, it is yet to be implemented. The law aims to protect personal data from theft and safeguard people's interests. It is India’s first data protection law and provides a framework to process personal data.

Digital Personal Data Protection (DPDP) Act, 2023:

The DPDP Act was passed in August 2023 but is not yet operational. According to the gadget notification on August 11, 2023, “It shall come into force on such date as the Central Government may, by notification in the Official Gazette, appoint and different dates may be appointed for different provisions of this Act, and any reference in any such provision to the commencement of this Act shall be construed as a reference to the coming into force of that provision.”

Advertisement

“An Act to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their data and the need to process such personal data for lawful purposes and for matters connected in addition to that or incidental to it”, reads the gazette notification.

It applies to data collected within India, whether online or offline, and digitised later.

This Act aims to secure personal information from misuse and regulate its collection, processing, and storage. It grants citizens the right to seek information about how their data is processed, request corrections, or have it removed if deemed irrelevant. Individuals can also raise grievances and nominate someone to exercise their rights in the event of their death. Additionally, there is a provision for penalties if an organisation breaches the Act’s provisions.

Data Protection Rules To Be Notified Soon:

Although the act was passed in 2023, the administrative rules were not specified. The wait seems to be over soon. According to a report by the Economic Times, the administrative rules for implementing the Act are likely to be notified shortly, possibly before the Maharashtra Assembly elections.

While these rules have been awaited for a long time, there have been concerns about business disruptions due to regulatory changes. However, the Ministry of Electronics and Information Technology (MeitY) reportedly reassured stakeholders in a meeting earlier this month that, once these regulations are released, sufficient support will be provided to help all parties understand and implement them effectively.

Show comments