Analysis of India's Digital Personal Data Protection Act, 2023

PurposeData protection is a significant area of law in a country like India, which is digitalising at a fast rate. Recently, India passed comprehensive data protection legislation after discussing several draft data protection frameworks. This paper aims to analyse the provisions of India's first comprehensive data protection legislation, the Digital Personal Data Protection Act (DPDPA), 2023.Design/methodology/approachThe paper aims to analyse how the DPDPA's provisions should be interpreted. The methodology involves studying the act's provisions, identifying shortcomings and suggesting ways of addressing the shortcomings through legal interpretation. The paper interprets DPDPA provisions through a comparative analysis with the proposed American Privacy Rights Act 2024 and EU General Data Protection Regulation. The methodology can be broadly classified as doctrinal and comparative legal research.FindingsThe paper makes several recommendations for interpreting the provisions of the DPDPA, which are discussed throughout the paper and summarised in the way forward section.Research limitations/implicationsThe analysis of this paper is limited to present-day data protection concerns. In the future, research can assess how the DPDPA can be interpreted to solve the challenges presented by societal and technological progress.Originality/valueThe originality and contribution of the paper are analysis and interpretation of the provisions of the DPDPA that will provide data principals with strong control over personal data and ensure stringent data protection obligations on data fiduciaries.