1. What is the Digital Personal Data Protection Act, 2023? The Digital Personal Data Protection Act, 2023 is India’s primary law governing the processing of digital personal data. It lays down obligations for organizations handling personal data and grants rights to individuals whose data is being processed. 2. When does the DPDP Act apply? The Act applies when: Personal data is collected in digital form; or Personal data is collected offline and later digitized. It applies to processing within India and also outside India if goods or services are offered to individuals in India. 3. What is “personal data” under the DPDP Act? Personal data means any data about an individual who is identifiable by or in relation to such data. Examples may include: Name Mobile number Email address Aadhaar details IP address Health information Financial details 4. Is consent mandatory under the DPDP Act? Consent is one of the lawful grounds for processing personal data. Consent must be: Free Specific Informed Unconditional Unambiguous Given through clear affirmative action 5. What rights do individuals have under the DPDP Act? Data Principals have rights including: Right to access information about personal data Right to correction and erasure Right to grievance redressal Right to nominate another person in certain cases 6. Can a person withdraw consent? Yes. A Data Principal has the right to withdraw consent at any time. The withdrawal process should be as easy as giving consent. 7.Can personal data be transferred outside India? Cross-border transfer of personal data is permitted except to countries that may be specifically restricted by the Central Government. Disclaimer These FAQs are for general informational purposes only and do not constitute legal advice. The applicability of the Digital Personal Data Protection Act, 2023 depends on specific facts, business models, and regulatory developments. Organizations should seek professional legal advice for compliance assessment.

India’s healthcare sector is rapidly adopting artificial intelligence for diagnostics, insurance assessments, telemedicine, and hospital management. However, concerns are growing that healthcare algorithms may unintentionally discriminate against vulnerable populations. A major concern in India is data imbalance. Many AI healthcare systems are trained using urban hospital data, while rural populations, lower-income groups, and regional communities remain underrepresented. This creates a risk that algorithms may perform accurately for privileged populations but poorly for others. During the COVID-19 pandemic in India, concerns were raised about digital exclusion in healthcare systems such as telemedicine platforms and the CoWIN vaccine registration portal. Many citizens without smartphones, reliable internet access, or digital literacy faced difficulties accessing healthcare services and vaccine appointments. The Supreme Court of India itself acknowledged the country’s “digital divide” while questioning mandatory online registration policies for vaccination. Legal scholars and policy experts argued that excessive dependence on digital systems could disproportionately disadvantage. India’s legal framework is also evolving around health data and algorithmic accountability. The Digital Personal Data Protection Act has increased attention on consent, data usage, and automated processing of sensitive personal data, including health information. In addition, the NITI Aayog has issued discussions and strategy papers emphasizing responsible AI and the need to prevent bias in healthcare technologies. The challenge for India is unique: if healthcare algorithms are trained on unequal social and economic realities, technology may unintentionally deepen existing healthcare inequalities instead of reducing them. As AI adoption expands, Indian hospitals, insurers, and health-tech startups may increasingly face legal scrutiny over transparency, fairness, and accountability in automated healthcare decisions.