Digital Data Protection Bill gets cabinet nod for Monsoon Session

New Delhi: The Union Cabinet has approved the Digital Personal Data Protection (DPDP) Bill, marking a crucial step towards its introduction in the upcoming Monsoon Session of Parliament, which commences on July 20.

The DPDP Bill aims to regulate the management of personal data of residents and mandates explicit consent for data collection and use. Despite receiving more than 20,000 comments on the draft Bill, the government has declined to release these publicly. Moreover, the final Bill remains largely unchanged from the draft version circulated during public consultations last year.

Under the DPDP Bill, individuals can file complaints with the Data Protection Board of India, a body comprising technical experts, if they believe their personal data has been used without their consent. The Board will then investigate any potential breaches.

Advertisement

‹

EVENT

VeeamON 2026 Tour India - Delhi

A VeeamON 2026 India Leadership Series Delhi for senior public sector and government technology leaders.

📅 Fri, 19 Jun 2026

📍 Shangri-La Eros

Register Now →

EVENT

Infosec Reimagined

Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.

📅 Fri, 26 Jun 2026

📍 New Delhi

Register Now →

EVENT

Digital Senate

Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.

📅 Thu, 30 Jul 2026

📍 New Delhi

Register Now →

EVENT

CIO Prism

CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.

📅 Fri, 18 Sep 2026

📍 Goa

Register Now →

›

The new legislation includes specific instructions for entities collecting personal data, stipulating how such data should be stored, processed, and protected against breaches. The DPDP Bill establishes fines for violations, with penalties reaching up to Rs 250 crore per breach, and a maximum upward revision of Rs 500 crore. These fines would be imposed by the Data Protection Board of India.

The official explained that the Bill also includes provisions for voluntary admittance of a data breach, allowing entities to pay a penalty to avoid court proceedings. He added that in 90-95% of global cases, disputes are resolved at the grievance redressal stage.

The DPDP Bill, drawing on the European Union’s General Data Protection Regulation (GDPR), also outlines 23 specific instances where acquiring consent for data collection is impractical, such as during emergencies or natural disasters.

However, concerns have been raised by Right to Information (RTI) activists regarding an amendment to the RTI Act, 2005. This amendment, incorporated in the DPDP Bill, would restrict government departments from sharing “personal information,” potentially inhibiting transparency and accountability of public officeholders.

The Data Protection Bill, which has evolved through multiple iterations since 2017, stems from the landmark K.S. Puttaswamy vs. Union of India case, where the right to privacy was upheld as a fundamental right under Article 21 of the Constitution.

Retired Justice B.N. Srikrishna, who chaired the initial committee to draft a data protection Bill in 2018, has criticised the current version, stating that it grants excessive leeway to the government while insufficiently safeguarding individuals’ fundamental right to data privacy.