It introduces some key important features such as: The Union cabinet has given the green light to India's much needed Digital Personal Data Protection (DPDP) Bill, marking a significant step towards safeguarding our privacy and data security. Once passed by Parliament, this bill will become our country's first-ever legislation dedicated to data privacy and protection. This Bill is anticipated to be presented during the upcoming monsoon session of the Parliament, starting 20th July.

The current version of the bill that was published in November last year for public consultation. Some minor changes have been incorporated on the advice of stakeholders collected by the Ministry of Electronics and Information and Technology during the consultation stage, but more details are awaited. While we closely monitor the developments, it becomes apparent that the DPDP Bill embodies a more streamlined iteration in comparison to its previous drafts.

This bill was necessitated following the Supreme Court's recognition of privacy as a fundamental right in 2017 and ends a six year-long wait. The journey of this Bill began with the formation of the Justice BN Srikrishna Committee in 2018, which was withdrawn after it received a lot of criticism on grounds of being too complicated and placing certain obligations related to data localisation requirements on industry, among other aspects.

It introduces some key important features such as:

• 1. Introduces the concept of "deemed consent" alongside explicit consent, where consent is presumed in certain situations including voluntary provision of personal data, performance of legal functions or provision of benefits by the state, compliance with judgments or orders, response to medical emergencies, public health crisis, disaster management, employment-related purposes, prevention of fraud, mergers and acquisitions, network security, credit scoring, and debt recovery.
• 2. User's right to give, manage, and withdraw consent for sharing their information with introduction of the concept of consent manger. This is said to be helpful in managing the user’s right to update or delete personal data from their social media platforms.
• 3. Authorizes cross-border transfer of personal data to countries or territories notified by the Central Government and taking into account various aspects while notifying these countries/ territories.
• 4. Introduction of the concept of Significant Data Fiduciaries based on factors such as the volume and sensitivity of personal data processed and the risk of harm to data principals and the state. SDFs are subject to additional obligations and scrutiny.
• 5. Requirement of verifiable parental consent for data for e.g.; targeted advertising, likely to cause harm to children.
• 6. Establishment of Data Protection Board of India which is responsible for oversight, imposing penalties and handling complaints. It is anticipated that the Bill is expected to provide details regarding the composition and selection process of this Board.
• 7. Penalties for non-compliance of different offences ranges from up to INR 10,000 to upto INR 500 crores. Factors to be considered when determining the penalty has been outlined in the Bill.

In an era marked by remarkable development in technology such as Artificial Intelligence, automation, natural language processing, the DPDP Bill has been the need of the hour. By embodying the fundamental principals of privacy as an inherent right and its affinity to international personal data protection laws, this Bill is a major step towards creating and a safer and more responsible digital ecosystem for all.