Section 44 DPDPA

Amendments to certain Acts.


44.(1) In section 14 of the Telecom Regulatory Authority of India Act, 1997, in clause (c), for sub-clauses (i) and (ii), the following sub-clauses shall be substituted, namely:—
“(i) the Appellate Tribunal under the Information Technology Act, 2000;
(ii) the Appellate Tribunal under the Airports Economic Regulatory Authority of India Act, 2008; and
(iii) the Appellate Tribunal under the Digital Personal Data Protection Act, 2023.”.

(2) The Information Technology Act, 2000 shall be amended in the following manner, namely:—
(a) section 43A shall be omitted;
(b) in section 81, in the proviso, after the words and figures “the Patents Act, 1970”, the words and figures “or the Digital Personal Data Protection Act, 2023” shall be inserted; and
(c) in section 87, in sub-section (2), clause (ob) shall be omitted.

(3) In section 8 of the Right to Information Act, 2005, in sub-section (1), for clause (j), the following clause shall be substituted, namely:—
“(j) information which relates to personal information;”.

The Schedule →
DPDPA
Table of contents


Report error

Legal Interpretation of the

Section 44 of the Digital Personal Data Protection Act, 2023 (DPDPA)

Introduction

Section 44 of the Digital Personal Data Protection Act, 2023 (India) deals with amendments to other existing laws to ensure harmonization and consistency with the new data protection regime. By updating provisions in previously enacted Acts, Section 44 ensures that India’s data protection principles established under the DPDP Act align with, and do not conflict with, existing legal frameworks. Such amendments are common in comprehensive legislation aiming to create a cohesive legal environment.

Key Points of Section 44

1. Purpose of Amendments

The amendments introduced through Section 44 serve to eliminate or modify any contradictory or overlapping legal requirements in existing Acts. The objective is to bring older legislation in line with the data protection standards and obligations imposed by the DPDP Act.

2. Affected Legislation

While Section 44 does not rewrite entire Acts, it focuses on carefully selected provisions of certain laws. A notable example is the amendment to the Right to Information Act, 2005 (RTI Act), which previously allowed broad access to information, including personal data. With the DPDP Act in place, these provisions must be refined to protect individual privacy.

3. Alignment with the DPDP Act’s Privacy Principles

The DPDP Act prioritizes personal data protection, consent-based processing, and privacy as a fundamental right. Amending other Acts ensures that personal data is not inadvertently disclosed or misused under older statutory frameworks. This preserves individuals’ rights while maintaining the intent and utility of pre-existing laws.

4. Ensuring Consistency and Avoiding Conflicts

Without amendments, conflicting obligations might arise. One law could mandate disclosure of personal data, while the DPDP Act restricts it. Section 44 resolves such tensions by aligning other Acts with the DPDP Act’s protective spirit, preventing confusion and promoting coherent legal guidance for all stakeholders.

Illustrations

1. Right to Information (RTI) Amendments

Previous Situation:
Under the RTI Act, a person could request a wide range of information from public authorities, potentially including personal data that infringes on privacy.

After Amendment:
Section 44’s modifications ensure requests that seek personal data not serving a legitimate public interest, or that invade privacy, can be curtailed. Now, if someone requests sensitive details of an individual from a government body, the authority can refuse disclosure, citing the DPDP Act’s data protection requirements.

2. Harmonizing with Information Technology Laws

Scenario:
Older IT laws may have mandated weaker data safeguards than the DPDP Act requires.

After Amendment:
By updating references and requirements, Section 44 ensures that only the DPDP Act’s stronger data protection standards apply. This prevents entities from relying on outdated rules and reinforces a high uniform standard of data protection.

3. Public Sector Data Sharing

Scenario:
Old laws may have allowed broad data sharing among government departments.

After Amendment:
Any such provisions are refined so that government-to-government data transfers adhere to the DPDP Act’s privacy and security standards. This reduces misuse or unauthorized access and ensures privacy rights remain safeguarded.

Legal Interpretation and Impact

Preservation of Legislative Harmony:
Section 44’s amendments demonstrate careful legislative craftsmanship, ensuring the DPDP Act and older laws operate seamlessly together.

Strengthening Privacy as a Norm:
Incorporating DPDP Act principles into various laws cements privacy as a core legal value. Public authorities, organizations, and citizens must respect these enhanced privacy norms.

Reduced Legal Uncertainty:
By clarifying which standards apply, Section 44 prevents confusion and ensures everyone operates under a unified, updated set of data protection guidelines.

Conclusion

Section 44 of the DPDP Act, 2023 ensures that other laws align with the new data protection landscape. Through amendments to Acts like the RTI Act, it guarantees that personal data rights receive robust protection across the legal system. These changes prevent contradictions, strengthen privacy norms, and cultivate a predictable framework that benefits both Data Principals and compliant organizations in India’s evolving digital environment.

© 2024 Advocate (Dr.) Prashant Mali