DPDP Act or DPDPA: Digital Personal Data Protection Act, 2023.

DPDPA Act explained simply with privacy, consent, data rights, and responsibility in India

Think of it as a law that says: “Your personal information is yours, and nobody should collect, use, share, or misuse it without a proper reason.”

1. What is “personal data”?

Personal data means any information by which you can be identified.

For example:

Your name, mobile number, Aadhaar number, PAN number, bank account details, address, photograph, fingerprint, face scan, health details, school record, land record, ration card details, electricity bill details, location, email ID, WhatsApp number — all these are personal data.

The DPDP Act applies mainly to digital personal data, meaning data collected or stored on mobiles, computers, apps, websites, online forms, portals, or databases. It can also apply when paper information is later converted into digital form.

2. Why is this important for a person living in a rural area?

Today, even in villages, many services use digital data:

You give Aadhaar for ration card, PM-Kisan, pension, scholarship, bank account, mobile SIM, hospital registration, school admission, land records, electricity connection, online exam forms, insurance, loan apps, CSC centre work, etc.

So the Act protects you when your data is collected by:

Government portals, banks, schools, colleges, hospitals, insurance companies, mobile companies, apps, websites, online service centres, and private companies.

3. Simple village example

Suppose you go to a Common Service Centre to apply for a government scheme. You give your Aadhaar, mobile number, bank account number and photo.

The person or organisation collecting your data should use it only for that scheme, not for unnecessary marketing, fraud calls, fake loan messages, or sharing with unknown people.

That is the basic idea of the DPDP Act.

4. What rights do you get?

Under the DPDP Act, you are called a Data Principal, meaning the person whose data is being used. The organisation using your data is called a Data Fiduciary. The Act gives individuals rights such as the right to know about processing, correct personal data, erase data when allowed, raise grievances, and nominate another person to exercise rights in case of death or incapacity.

In simple words, you can ask:

  • “What data of mine do you have?”
  • “Why are you using my data?”
  • “Correct my wrong data.”
  • “Delete my data if it is no longer needed.”
  • “Where can I complain if my data is misused?”

5. What should organisations do?

Any organisation collecting your digital data should:

  • Tell you clearly why your data is needed.
  • Take your consent when required.
  • Use your data only for the stated purpose.
  • Keep your data safe.
  • Not keep your data forever without reason.
  • Allow you to withdraw consent where consent was taken.
  • Provide a grievance officer or complaint system.

The law also says notice and consent information should be understandable, and individuals should be able to access it in English or any language listed in the Eighth Schedule of the Constitution, which is important for people who are more comfortable in Indian languages.

6. What is consent?

Consent means your clear permission.

For example, if an app asks for your mobile number to deliver a product, it should not use that number for unrelated purposes without proper reason.

But sometimes consent may not be needed, such as when data is used for certain government benefits, subsidies, certificates, medical emergencies, disaster situations, or legal purposes. The Act provides such “legitimate uses.”

7. What about children?

For children below 18 years, organisations usually need permission from the parent or lawful guardian before processing the child’s personal data. The Act also restricts tracking, behavioural monitoring, and targeted advertising directed at children.

8. What should you personally be careful about?

  • Do not share OTP with anyone.
  • Do not give Aadhaar/PAN copy casually.
  • Do not send bank details on WhatsApp to unknown people.
  • Do not click unknown loan, lottery, subsidy, or job links.
  • Ask why your data is needed before giving it.
  • Write “For admission purpose only” or “For bank KYC only” on photocopies, if possible.
  • Keep screenshots or receipts when submitting documents online.
    Complain immediately if your data is misused.

The DPDP Act protects your digital personal information and gives you the right to know, control, correct, and complain when your data is misused.

For indian citizens, it is especially important because many government schemes, bank services, mobile services, education services and health services now depend on digital records.

Prepared and shared for academic reading by:

Dr. Arpana Chaturvedi
Associate Professor & HOD – IT & Data Analytics
New Delhi Institute of Management

Leave a Reply

Your email address will not be published. Required fields are marked *