top of page

Scope and Applicability of the DPDP Act, 2023

  • Writer: Crypticroots
    Crypticroots
  • Feb 13
  • 2 min read

Because a law must first answer one fundamental question — where does it apply?

In the digital era, data flows effortlessly across borders, platforms, and devices. But before understanding rights, consent, or penalties, one must ask a basic yet crucial question: Does this law apply to me?

The DPDP Act, 2023 begins its journey by clearly defining its scope and applicability, ensuring that protection is both meaningful and enforceable.


  1. What Does “Scope” Mean?

Scope refers to:

  • The type of data covered

  • The geographical reach of the Act

  • The entities it applies to

  • The circumstances in which it operates

In simple terms, scope tells us when the Act becomes legally relevant.


  1. Territorial Applicability (Where Does It Apply?)

The DPDP Act applies to:

✔ Processing of Digital Personal Data:

  • Within India

  • Outside India, if the processing relates to offering goods or services to individuals in India

This gives the Act extra-territorial effect.

That means even foreign companies must comply if they deal with Indian users.

This ensures Indian individuals are protected regardless of where the data is processed.


  1. What Type of Data Is Covered?

The Act applies only to:

✔ Digital Personal Data

This includes:

  • Data collected online

  • Data collected offline but later digitized

  • Any personal data processed in digital form

It focuses specifically on digital ecosystems.

Non-digital personal data, unless converted into digital form, falls outside the Act.


  1. What Is Not Covered? (Exclusions)

The Act does not apply to:

❌ Personal Data Processed for Personal or Domestic Purposes

Example:Keeping contacts in your personal phone for private use.

❌ Publicly Available Personal Data

If an individual has intentionally made data public, certain protections may not apply.

❌ Certain Government-Notified Exemptions

The Central Government may exempt specific processing activities in public interest, security, or other permitted grounds.

These exclusions ensure a balanced regulatory framework.


  1. Who Must Comply?

The Act applies to:

  • Data Fiduciaries

  • Data Processors (when acting on behalf of Fiduciaries)

  • Significant Data Fiduciaries

  • Any entity processing covered data within the scope described above

If an organisation processes digital personal data in the covered circumstances, compliance is mandatory.


  1. Why Scope Matters

Understanding scope is essential because:

  • It determines legal obligations

  • It triggers penalties for non-compliance

  • It defines enforceability

  • It clarifies jurisdiction

Without scope, the rest of the Act cannot function.


  1. Constitutional Foundation

The scope aligns with the constitutional recognition of privacy.

🔹 Justice K.S. Puttaswamy v. Union of India

The Supreme Court held that privacy is a fundamental right under Article 21.The DPDP Act operationalises this right in the digital domain.


Conclusion

The Scope and Applicability provisions of the DPDP Act, 2023 ensure that:

  • Digital personal data receives protection

  • Foreign entities dealing with Indian users are accountable

  • Exemptions remain limited and structured

  • The law functions within clear territorial boundaries

Because before rights can be exercised, and before penalties can be imposed, the law must first define its reach.

And that is exactly where the DPDP framework begins.


Recent Posts

See All
Exemptions Under DPDP Act, 2023

Not every rule applies everywhere , because even the strongest laws recognize practical limits. The DPDP Act carefully balances privacy with national interest and administrative necessity. What Are Ex

 
 
 
Data Protection Lifecycle Under the DPDP Act

Because personal data does not remain still, it travels through stages. Understanding the lifecycle of data helps readers understand when and how protection applies . 🔄 Stages of the Data Lifecycle C

 
 
 

Comments

bottom of page