What’s in today’s article?
- Why in News?
- Major Provisions of the Draft Rules
- Industry and Expert Reactions
- Penalties and Enforcement
- Conclusion
Why in News?
- The Government of India released the draft Digital Personal Data Protection Rules, 2025, under the Digital Data Protection Act, 2023, outlining provisions for data privacy, compliance, and processing mechanisms.
Major Provisions of the Draft Rules:
- Parental consent for children’s data:
- Verification required: Social media and online platforms must obtain verifiable parental consent before children create accounts.
- Identity validation: Parents’ age and identity must be validated through government-issued identity proof.
- Exception: Health, mental health establishments, education institutions, and daycare centers are exempt from this requirement.
- Role and responsibilities of data fiduciaries:
- Definition of data fiduciaries:
- Entities collecting and processing personal data are categorised as “Data Fiduciaries.”
- Significant Data Fiduciaries (SDFs) are those processing high volumes or sensitive data, impacting national sovereignty, security, or public order.
- Data retention: Data can only be retained for the duration of consent and must be deleted afterward.
- Security measures: Fiduciaries must ensure encryption, access control, and monitoring for unauthorised access.
- Definition of data fiduciaries:
- Consent management:
- Consent managers: Entities entrusted to manage consent records must comply with robust verification processes.
- Grievance redressal: Data fiduciaries must establish mechanisms to address grievances and allow withdrawal of consent.
- Data localisation:
- Reintroduction: Localisation mandates restrict transferring certain personal and traffic data outside India.
- Oversight: A government-formed committee will determine the categories of data restricted from cross-border transfer.
- Data breach reporting:
- Intimation obligations: In case of a breach, fiduciaries must inform affected users and the Data Protection Board promptly, detailing its nature, timing, and mitigation measures.
- Uniform treatment of breaches: No differentiation between minor and major breaches; all require reporting.
- Safeguards for government data processing:
- Lawful processing: Government agencies must process citizen data lawfully, with specific safeguards outlined to address concerns over exemptions for national security and public order.
Industry and Expert Reactions:
- Compliance challenges:
- Complex consent management: Maintaining consent records and ensuring opt-out mechanisms may require redesigning existing platforms and systems.
- Infrastructure investments: Organisations need to overhaul data collection, storage, and lifecycle practices to comply with the rules.
- Ambiguity in security standards: Experts have raised concerns about the lack of detailed guidance on security practices, potentially leading to varied interpretations.
- Data localisation controversy: Global tech giants like Meta and Google have expressed concerns over the implications of data localisation on service delivery.
Penalties and Enforcement:
- Fines: Non-compliance with safeguards or failure to prevent data breaches can attract penalties of up to Rs 250 crore.
- Consent manager violations: Repeat violations by consent managers may lead to suspension or cancellation of their registration.
Conclusion:
- The draft Digital Personal Data Protection Rules, 2025, aim to strengthen India’s data privacy framework while addressing challenges for businesses and individuals.
- The reintroduction of data localisation and emphasis on consent management mark significant developments, but clarity on implementation and compliance mechanisms remains crucial.
Q.1. What is the Digital Data Protection (DPDP) Act, 2023?
The DPDP Act provides for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes.
Q.2. What is right to privacy in India?
The right to privacy in India is a fundamental right that protects a person’s ability to make personal choices without unwarranted interference. It is guaranteed by Article 21 of the Constitution of India, which also protects the right to life and personal liberty.
Last updated on June, 2025
→ UPSC Notification 2025 was released on 22nd January 2025.
→ UPSC Prelims Result 2025 is out now for the CSE held on 25 May 2025.
→ UPSC Prelims Question Paper 2025 and Unofficial Prelims Answer Key 2025 are available now.
→ UPSC Calendar 2026 is released on 15th May, 2025.
→ The UPSC Vacancy 2025 were released 1129, out of which 979 were for UPSC CSE and remaining 150 are for UPSC IFoS.
→ UPSC Mains 2025 will be conducted on 22nd August 2025.
→ UPSC Prelims 2026 will be conducted on 24th May, 2026 & UPSC Mains 2026 will be conducted on 21st August 2026.
→ The UPSC Selection Process is of 3 stages-Prelims, Mains and Interview.
→ UPSC Result 2024 is released with latest UPSC Marksheet 2024. Check Now!
→ UPSC Toppers List 2024 is released now. Shakti Dubey is UPSC AIR 1 2024 Topper.
→ Also check Best IAS Coaching in Delhi
