The Digital Personal Data Protection Act, 2023 and Workshop on Generative AI & Law with upGrad
From Abhivardhan, our Chairperson
Please note: this is a repost of the original newsletter of Visual Legal Analytica published by Abhivardhan, our Chairperson.
Greetings all. For our readers from India, I extend my greetings for the Indian Independence Day this week.
Alright, so there are 2 interesting updates I'd like to share with you.
First, I have released a broad primer on the Digital Personal Data Protection Act, 2023 for Visual Legal Analytica. You can read the complete article here.
And second, I am glad to announce that I am holding a 2-hour virtual workshop on Generative AI and Law with upGrad on August 19, 2023 from 10 am IST onwards. You can register for the workshop for free here.
The Digital Personal Data Protection Act & Shaping AI Regulation in India
As of August 11, 2023, the President of India has given assent to the Digital Personal Data Protection Act (DPDPA), and it is clear that the legal instrument after its notification in the Official Gazette, is notified as a law. Now, there have been multiple briefs, insights and infographics which have been reproduced and published by several law firms across India. This article thus focuses on the key provisions of the Act, and explores how it would shape the trajectory of AI Regulation in India, especially considering the recent amendments in the Competition Act, 2002 and the trajectory for the upcoming Digital India Act, which is still in the process.
You can read the analysis on the Digital India Act as proposed in March 2023 here. You can also find this mind map as a complete primer of the important provisions of the Digital Personal Data Protection Act here, which have been discussed in this article. We urge you to download the file as we have discussed provisions which are described in this document.
Some quick points from the article:
1. The idea of a Consent Manager separate from Data Fiduciary is a brilliant idea
2. The Act clearly defines basic Data Protection Rights. It is just that on Right to be Forgotten, you cannot expect the Act to give everything. Additional rules will work here.
3. It is not a groundbreaking piece of legislation but is a basic legal instrument, which works.
4. Competition law perspectives are never leaving diplomatic issues on data-related adequacy and trade law issues anytime soon.
5. Telecom law is the mother of tech law. Hence making a Telecom law tribunal an Appellate Body was obvious. Explains you why tech law (and even AI and Law) has not become an independent field at a global level yet.
General Review of the Key Provisions of the DPDPA
Let's begin with the stakeholders under this Act. The Digital Personal Data Protection Act, 2023 (DPDP Act) defines the following stakeholders and their relationships:
Data Principal: The individual to whom the personal data relates.
Consent Manager: A person or entity appointed by a Data Fiduciary to manage consents for processing personal data.
Data Protection Board (DPB): A statutory body established under the DPDP Act to regulate the processing of personal data in India.
Data Processor: A person or entity who processes personal data on behalf of a Data Fiduciary.
Data Fiduciary: A person or entity who alone or in conjunction with other persons determines the purpose and means of processing of personal data.
Significant Data Fiduciary: A Data Fiduciary that meets certain thresholds, such as for example, having a turnover of more than INR 100 crores or processing personal data of more than 50 million data principals. However, it is to be noted that no specified threshold has been defined in the Act, as of now.
The relationships among these stakeholders are as follows:
The Data Principal is the owner of their personal data and has the right to control how their data is processed.
The Consent Manager is responsible for managing consents for processing personal data on behalf of the Data Fiduciary.
The DPB is responsible for regulating the processing of personal data in India. It has the power to investigate complaints, issue directions, and impose penalties.
The Data Processor is responsible for processing personal data on behalf of the Data Fiduciary in accordance with the Data Fiduciary's instructions.
The Data Fiduciary is responsible for determining the purpose and means of processing personal data. They must comply with the DPDP Act and the directions of the DPB.
A Significant Data Fiduciary has additional obligations under the DPDP Act, such as appointing a Data Protection Officer and conducting data protection impact assessments.
Read the complete article here.
Generative AI for Law Professionals: Virtual Workshop with upGrad
This workshop is for Law students, Professionals & entrepreneurs who wish to explore the regulatory paradigm of AI and Law. As upGrad has stated, they will offer a certificate for this workshop. This workshop is for free and you can register by August 18, 2023.
In this workshop, I will discuss certain Generative AI tools, as to how they could be used in legal research and document analysis, which include elicit, Consensus+Zotero, Jugalbandi, WebNyay, LawBotPro, ChatGPT and Bard
I will also discuss the emerging IP-related issues pertaining to the use of Generative AI Applications, especially on issues such as Copyrights and Patents.
You can register for the free 2-hour virtual workshop here.
Regards