DPDP Bill 2023 A Comparative Analysis
Introduction
THE DIGITAL PERSONAL DATA PROTECTION BILL, 2022 Released for Public Consultation on November 18, 2022THE DIGITAL PERSONAL DATA PROTECTION BILL, 2023Tabled at LokSabha on August 03. 2023Personal data may be processed only for a lawful purpose for which an individual has given consent. Consent may be deemed in certain cases.The 2023 bill imposes reasonable obligations on data fiduciaries and data processors to safeguard digital personal data.There is a Data Protection Board under the 2022 bill to deal with the non-compliance of the Act.Under the 2023 bill, there is the Establishment of a new Data Protection Board which will ensure compliance, remedies and penalties.
Under the new bill, the Board has been entrusted with the power of a civil court, such as the power to take cognisance in response to personal data breaches, investigate complaints, imposing penalties. Additionally, the Board can issue directions to ensure compliance with the act.The 2022 Bill grants certain rights to individuals, such as the right to obtain information, seek correction and erasure, and grievance redressal.The 2023 bill also grants More Rights to Individuals and establishes a balance between user protection and growing innovations. The bill creates a transparent and accountable data governance framework by giving more rights to individuals. In the 2023 bill, there is an Incorporation of Business-friendly provisions by removing criminal penalties for non-compliance and facilitating international data transfers.
The new 2023 bill balances out fundamental privacy rights and puts reasonable limitations on those rights.Under the 2022 bill, Personal data can be processed for a lawful purpose for which an individual has given his consent. And there was a concept of deemed consent.The new data protection board will carefully examine the instance of non-compliance by imposing penalties on non-compiler.The bill does not provide any express clarity in regards to compensation to be granted to the Data Principal in case of a Data Breach.Under 2023 Deemed consent is there in its new form as ‘Legitimate Users’.The 2022 bill allowed the transfer of personal data to locations notified by the government.There is an introduction of the negative list, which restricts cross-data transfer.
Related Blogs

Introduction
The Department of Telecommunications on 28th October 2024 notified an amendment to the Flight and Maritime Connectivity Rules, 2018 (FMCR 2018).
Rule 9 of the principle rules in FMCR 2018 stated:
“Restrictions–(1) The IFMC service provider shall provide the operation of mobile communication services in aircraft at minimum height of 3000 meters in Indian airspace to avoid interference with terrestrial mobile networks. (2) Internet services through Wi-Fi in aircraft shall be made available when electronic devices are permitted to be used only in airplane mode.”
In 2022, an amendment was made to the attached form in the Rules for obtaining authorisation to provide IFMC services.
Subsequently, the 2024 amendment substitutes sub-rule (2), namely :
“ (2) Notwithstanding the minimum height in Indian airspace referred to in sub-rule (1), internet services through Wi-Fi in aircraft shall be made available when electronic devices are permitted to be used in the aircraft.”
Highlights of the Amendment
These rules govern the use of Wi-Fi in airplanes and ships within or above India or Indian territorial waters through In Flight and Maritime Connectivity (IFMC) services provided by IFMC service providers responsible for establishing and maintaining them.
Airplanes are equipped with antennas, onboard servers, and routers to connect to signals received from ground towers via Direct Air-to-Ground Communications (DA2GC) or through satellites. The DA2GC system offers connectivity through various communication methods, supporting services like in-flight Internet access and mobile multimedia. Licensed In-Flight Mobile Connectivity (IFMC) providers must adhere to standards set by international organizations such as the International Telecommunications Union (ITU), the European Telecommunications Standards Institute (ETSI), and the Institute of Electrical and Electronics Engineers (IEEE), or by international forums like the 3rd Generation Partnership Project (3GPP) to offer In-Flight Connectivity. Providers using Indian or foreign satellite systems must obtain approval from the Department of Space.
The IFMC service provider must operate mobile communication services on aircrafts at a minimum altitude of 3,000 meters within Indian airspace to prevent interference with terrestrial mobile networks. However, Wi-Fi access can be enabled at any point during the flight when device use is permitted, not just after reaching 3,000 meters. This flexibility is intended to allow passengers to connect to Wi-Fi earlier in the flight. This amendment aims to ensure that passengers can access the internet while maintaining the safety standards critical to in-flight communication systems.
Implications
- Increased Data Security Needs: There will be a need for robust cybersecurity measures against potential threats and data breaches.
- Increased Costs: Airplanes will have to incur the initial costs for installing antennae. Since airfare pricing in India is market-driven and largely unregulated, these costing changes might find their way into ticket prices, making flight tickets more expensive.
- Interference Management: A framework regarding the conditions under which Wi-FI must be switched off to avoid interference with terrestrial communication systems can be determined by stakeholders and communicated to passengers.
- Enhanced Connectivity Infrastructure: Airlines may need to invest in better flight-connectivity infrastructure to handle increased network traffic as more passengers access Wi-fi at lower altitudes and for longer durations.
Conclusion
The Flight and Maritime Connectivity (Amendment) Rules, 2024, enhance passenger convenience and align India with global standards for in-flight connectivity while complying with international safety protocols. Access to the internet during flights and at sea provides valuable real-time information, enhances safety, and offers access to health support during aviation and maritime operations. However, new challenges including the need for robust cybersecurity measures, cost implications for airlines and passengers, and management of interference with terrestrial networks will have to be addressed through a collaborative approach between airlines, IFMC providers, and regulatory authorities.
Sources
- https://dot.gov.in/sites/default/files/2018_12_17%20AS%20IFMC_2.pdf?download=1
- https://dot.gov.in/sites/default/files/Amendment%20dated%2004112024%20in%20flight%20and%20maritime%20connectivity%20rules%202018%20to%20IFMC%20Service%20Provider.pdf
- https://www.t-mobile.com/dialed-in/wireless/how-does-airplane-wifi-work
- https://tec.gov.in/public/pdf/Studypaper/DA2GC_Paper%2008-10-2020%20v2.pdf
- https://www.indiatoday.in/india/story/wifi-use-flights-no-longer-linked-altitude-now-subject-permission-2628118-2024-11-05
- https://pib.gov.in/Pressreleaseshare.aspx?PRID=1843408#:~:text=With%20the%20repeal%20of%20Air,issue%20directions%20to%20such%20airline.
.webp)
Introduction
Search engines have become indispensable in our daily lives, allowing us to find information instantly by entering keywords or phrases. Using the prompt "search Google or type a URL" reflects just how seamless this journey to knowledge has become. With millions of searches conducted every second, and Google handling over 6.3 million searches per minute as of 2023 (Statista), one critical question arises: do search engines prioritise results based on user preferences and past behaviours, or are they truly unbiased?
Understanding AI Bias in Search Algorithms
AI bias is also known as machine learning bias or algorithm bias. It refers to the occurrence of biased results due to human biases that deviate from the original training data or AI algorithm which leads to distortion of outputs and creation of potentially harmful outcomes. The sources of this bias are algorithmic bias, data bias and interpretation bias which emerge from user history, geographical data, and even broader societal biases in training data.
Common biases include excluding certain groups of people from opportunities because of AI bias. In healthcare, underrepresenting data of women or minority groups can skew predictive AI algorithms. While AI helps streamline the automation of resume scanning during a search to help identify ideal candidates, the information requested and answers screened out can result in biased outcomes due to a biased dataset or any other bias in the input data.
Case in Point: Google’s "Helpful" Results and Its Impact
Google optimises results by analysing user interactions to determine satisfaction with specific types of content. This data-driven approach forms ‘filter bubbles’ by repeatedly displaying content that aligns with a user’s preferences, regardless of factual accuracy. While this can create a more personalised experience, it risks confining users to a limited view, excluding diverse perspectives or alternative viewpoints.
The personal and societal impacts of such biases are significant. At an individual level, filter bubbles can influence decision-making, perceptions, and even mental health. On a societal level, these biases can reinforce stereotypes, polarise opinions, and shape collective narratives. There is also a growing concern that these biases may promote misinformation or limit users’ exposure to diverse perspectives, all stemming from the inherent bias in search algorithms.
Policy Challenges and Regulatory Measures
Regulating emerging technologies like AI, especially in search engine algorithms, presents significant challenges due to their intricate, proprietary nature. Traditional regulatory frameworks struggle to keep up with them as existing laws were not designed to address the nuances of algorithm-driven platforms. Regulatory bodies are pushing for transparency and accountability in AI-powered search algorithms to counter biases and ensure fairness globally. For example, the EU’s Artificial Intelligence Act aims to establish a regulatory framework that will categorise AI systems based on risk and enforces strict standards for transparency, accountability, and fairness, especially for high-risk AI applications, which may include search engines. India has proposed the Digital India Act in 2023 which will define and regulate High-risk AI.
Efforts include ethical guidelines emphasising fairness, accountability, and transparency in information prioritisation. However, a complex regulatory landscape could hinder market entrants, highlighting the need for adaptable, balanced frameworks that protect user interests without stifling innovation.
CyberPeace Insights
In a world where search engines are gateways to knowledge, ensuring unbiased, accurate, and diverse information access is crucial. True objectivity remains elusive as AI-driven algorithms tend to personalise results based on user preferences and past behaviour, often creating a biased view of the web. Filter bubbles, which reinforce individual perspectives, can obscure factual accuracy and limit exposure to diverse viewpoints. Addressing this bias requires efforts from both users and companies. Users should diversify sources and verify information, while companies should enhance transparency and regularly audit algorithms for biases. Together, these actions can promote a more equitable, accurate, and unbiased search experience for all users.
References
- https://www.bbc.com/future/article/20241101-how-online-photos-and-videos-alter-the-way-you-think
- https://www.bbc.com/future/article/20241031-how-google-tells-you-what-you-want-to-hear
- https://www.ibm.com/topics/ai-bias#:~:text=In%20healthcare%2C%20underrepresenting%20data%20of,can%20skew%20predictive%20AI%20algorithms

Introduction
DDoS – Distributed Denial of Service Attack is one of the cyber-attacks which has been evolving at the fastest pace, the new technologies have created a blanket of vulnerability for the victim which allows the cyber criminals to stay under the radar and keep launching small scale high intensity cyber attacks. A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.
Op Power Off
In a recent Operation by Law enforcement agencies known as Op Power Off, LEAs from United Kingdom, United States of America, Netherlands, Poland, and Germany joined hands to target the cybergroups committing such large-scale attacks which can paralyse the Internet become inaccessible for a large faction of netizens. The services collectively seized were by far the most popular DDoS booter services on the market, receiving top billing on search engines. One such service taken down had been used to carry out over 30 million attacks. As part of this action, seven administrators have been arrested so far in the United States and the United Kingdom, with further actions planned against the users of these illegal services. International police cooperation was central to the success of this operation as the administrators, users, critical infrastructure, and victims were scattered across the world. Europol’s European Cybercrime Centre coordinated the activities in Europe through its Joint Cybercrime Action Taskforce (J-CAT).
Participating Authorities
- United States: US Department of Justice (US DOJ), Federal Bureau of Investigation (FBI)
- United Kingdom: National Crime Agency (NCA)
- The Netherlands: National High Tech Crime Unit Landelijke Eenheid, Cybercrime team Midden-Nederland, Cybercrime team Noord-Holland and Cybercrime team Den Haag
- Germany: Federal Criminal Police Office (Bundeskriminalamt), Hanover Police Department (Polizeidirektion Hannover), Public Prosecutor’s Office Verden (Staatsanwaltschaft Verden)
- Poland: National Police Cybercrime Bureau (Biuro do Walki z Cyber-przestępczością)
Issue related to DDoS Attacks
DDoS booter services have effectively lowered the entry barrier into cybercrime: for a fee as low as EUR 10, any low-skilled individual can launch DDoS attacks with the click of a button, knocking offline whole websites and networks by barraging them with traffic. The damage they can do to victims can be considerable, crippling businesses financially and depriving people of essential services offered by banks, government institutions, and police forces. Emboldened by perceived anonymity, many young IT enthusiasts get involved in this seemingly low-level crime, unaware of the consequences that such online activities can carry. The influence of toolkits available on the dark net has made it easier for criminals to commit such crimes and at times even get away with it as well.
Recent examples of DDoS Attacks
- In February 2020, Amazon Web Services (AWS) suffered a DDoS attack sophisticated enough to keep its incident response teams occupied for several days also affecting customers worldwide.
- In February 2021, the EXMO Cryptocurrency exchange fell victim to a DDoS attack that rendered the organization inoperable for almost five hours.
- Recently, Australia experienced a significant, sustained, state-sponsored DDoS attack.
- Belgium also became a victim of a DDoS attack that targeted the country’s parliament, police services, and universities.
DDoS vs. DoS Attacks: What’s the Difference?
It’s important to avoid confusing a DDoS (distributed denial of service) attack with a DoS (denial of service) attack. Although only one word separates the two, these attacks vary significantly in nature.
- Strictly defined, a typical DDoS attack manipulates many distributed network devices between the attacker and the victim into waging an unwitting attack, exploiting legitimate behavior.
- A traditional DoS attack doesn’t use multiple, distributed devices, nor does it focus on devices between the attacker and the organization. These attacks also tend not to use multiple internet devices.
Conclusion
In this era of cyberspace, it is of paramount importance to maintain digital safety and security equivalent to physical safety, the cybercriminals will not stop at anything and can stoop to any level to target netizens and critical infrastructures in order to commit ransomware and malware attacks. As we can see DDoS-ing is taken seriously by law enforcement, at all levels of users, and are on the radar of law enforcement, be it a gamer booting out the competition out of a video game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain.