Understanding: The Digital Personal Data Protection Bill, 2022

Important Sections / Pros
  • For the first time, the pronouns “her” and “she” have been used for an individual, irrespective of gender.
  • Rights of the Date Principal to obtain information from the Data Fiduciary, to correct and erasure personal data, to readily available means of registering a grievance with a Data Fiduciary, to nominate, in such manner as may be prescribed, any other individual, who shall, in the event of death or incapacity of the Data Principal.
  • Duties of Data Principal: shall not register a false or frivolous grievance or complaint with a Data Fiduciary or the Board.
  • The Consent Manager specified in this section shall be an entity that is accountable to the Data Principal and acts on behalf of the Data Principal.
  • Additional obligations of Significant Data Fiduciary of Children.
  • Transfer of personal data outside India
  • Establishment of the Data Protection Board of India and the Board shall be digital by design.
  • Board Chairperson, Members, officers, and employees are public servants within the meaning of section 21 of the Indian Penal Code.
  • The Board shall have all the powers of a Civil Court as provided in the Code of Civil Procedure, 1908.
  • High Court: An appeal against any order of the Board shall lie to the High Court. Every appeal made under this section shall be preferred within a period of sixty days from the date of the order appealed against.
  • No civil court shall have the jurisdiction to entertain any suit or take any action in respect of any matter under the provisions of this Act and no injunction shall be granted by any court or other authority in respect of any action taken under the provisions of this Act.
  • Alternate Dispute Resolution: The concerned parties to attempt resolution of the dispute through mediation by a body or group of persons designated by the Board.
  • Voluntary Undertaking: Board shall accept voluntary undertaking related to compliance.
  • Hight Penalty for the data breach will protect the consumers’ personal information from getting sold and misused.
  • High Financial Penalty compared to other major developed countries.
  • It is possible that Hackers may misuse the high financial penalty provision by targeting prospective companies and small-scale businesses, which ultimately reduces the digital economic growth of the country.
  • Failure to formulate specified compliance requirements may reduce the digital economic growth of the small-scale business. g., CCPA (The California Consumer Privacy Act) Compliance, organizations that simply conduct business with California residents satisfy one of the CCPA-compliant:
    • Has an annual gross revenue in excess of $25 million; or
    • Derives 50 percent or more of its yearly revenues from selling California consumers’ personal information.
  • Omission of Clause (j) of sub-section (1) of section 8 of the Right to Information Act, 2005


  1. https://www.meity.gov.in/writereaddata/files/The%20Digital%20Personal%20Data%20Protection%20Bill%2C%202022.pdf
  2. https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5
  3. Codes Display Text (ca.gov)
As per the rules of the Bar Council of India, we are not permitted to solicit work and advertise. By visiting the website, the user acknowledges that the information provided on this website is solely available for informational purposes only sought to be voluntarily gained by him/her and is neither soliciting nor advertisement. Further, the information provided on this website is accessed by the user’s own volition, and any transmission, receipt or use of this information available on this website does not create any liability or any relationship with us. APS LEGIS and its members are not liable for any consequence of any action taken by the user relying on material/information provided under this website.