Page 19 - KDU Law Journal Volume 4 Issue 2
P. 19

KDU Law Journal                                  Volume 04 Issue II
                                                               September, 2024
              data privacy laws and regulations. The European Union’s General
              Data Protection Regulation (GDPR)  was enacted in 2018. The EU
                                             31
              GDPR has benchmarked other countries’ data protection regulations.
              In response to these concerns, the Indian government enacted the
              Information Technology Act of 2000  and the Information Technology
                                            32
              (Reasonable Security Practices and Procedures and Sensitive Personal
              Data or Information) Rules, 2011  (IT Rule 2011), which regulate
                                           33
              electronic data collection, processing, and storage. Furthermore, the
              legislature enacted the Digital Personal Data Protection Act 2023  to
                                                                     34
              strengthen data privacy governance in India.
              The impact of digital transformation on privacy raises intricate legal and
              ethical considerations that demand a judicious approach to regulation
              and governance. The Indian legal landscape has evolved significantly
              to address these challenges, recognizing the right to privacy as a
              fundamental right and enacting the Digital Personal Data Protection
              Act 2023.

              The Digital Personal Data Protection Act 2023  35
              The Digital Personal Data Protection Act of 2023 stands as a landmark
              legislation aimed at safeguarding the digital privacy of individuals in
              the rapidly evolving landscape of the digital age. The provisions of
              this act are designed to address the growing concerns surrounding the
              collection, storage, and use of personal data in the digital realm. They
              are expected to have a profound impact on the way businesses and

              31  Regulation (EU) 2016/679 (General Data Protection Regulation) OJL 119, https://gdpr-in-
              fo.eu/
              32  The Information Technology Act 2000 (Act No. 21 of 2000), Gazette Notification dated
              9  June 2000, https://www.indiacode.nic.in/bitstream/123456789/1999/1/A2000-21%20
               th
              %281%29.pdf
              33  Information Technology (Reasonable Security Practices and Procedures and Sensitive
                                                               th
              Personal  Data  or  Information)  Rules,  2011,  Gazette  Notification  dated  11  April  2011,
              https://www.meity.gov.in/sites/upload_files/dit/files/GSR313E_10511(1).pdf
              34  Digital Personal Data Protection Act 2023 (Act no 22 of 2023), Gazette Notification dated
              11   August  2023,  https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20
                th
              Data%20Protection%20Act%202023.pdf
              35  Supra note 34.
               law.faculty@kdu.ac.lk
                                          12
   14   15   16   17   18   19   20   21   22   23   24