{"id":44355,"date":"2025-01-04T11:54:02","date_gmt":"2025-01-04T06:24:02","guid":{"rendered":"https:\/\/vajiramandravi.com\/current-affairs\/?p=44355"},"modified":"2025-05-06T10:37:59","modified_gmt":"2025-05-06T05:07:59","slug":"draft-digital-personal-data-protection-rules-2025","status":"publish","type":"post","link":"https:\/\/vajiramandravi.com\/current-affairs\/draft-digital-personal-data-protection-rules-2025\/","title":{"rendered":"Draft Digital Personal Data Protection Rules 2025"},"content":{"rendered":"<h2><strong>What\u2019s in today\u2019s article?<\/strong><\/h2>\n<ul>\n<li>Why in News?<\/li>\n<li>Major Provisions of the Draft Rules<\/li>\n<li>Industry and Expert Reactions<\/li>\n<li>Penalties and Enforcement<\/li>\n<li>Conclusion<\/li>\n<\/ul>\n<h2><strong>Why in News?<\/strong><\/h2>\n<ul>\n<li>The Government of India released the draft Digital Personal Data Protection Rules, 2025, under the Digital Data Protection Act, 2023, outlining provisions for data privacy, compliance, and processing mechanisms.<\/li>\n<\/ul>\n<h2><strong>\u00a0Major Provisions of the Draft Rules:<\/strong><\/h2>\n<ul>\n<li><strong>Parental consent for children&#8217;s data:<\/strong>\n<ul>\n<li><strong>Verification required: <\/strong>Social media and online platforms must obtain verifiable parental consent before children create accounts.<\/li>\n<li><strong>Identity validation: <\/strong>Parents&#8217; age and identity must be validated through government-issued identity proof.<\/li>\n<li><strong>Exception:<\/strong> Health, mental health establishments, education institutions, and daycare centers are exempt from this requirement.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Role and responsibilities of data fiduciaries:<\/strong>\n<ul>\n<li><strong>Definition of data fiduciaries:<\/strong>\n<ul>\n<li>Entities collecting and processing personal data are categorised as &#8220;Data Fiduciaries.&#8221;<\/li>\n<li>Significant Data Fiduciaries (SDFs) are those processing high volumes or sensitive data, impacting national sovereignty, security, or public order.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Data retention:<\/strong> Data can only be retained for the duration of consent and must be deleted afterward.<\/li>\n<li><strong>Security measures:<\/strong> Fiduciaries must ensure encryption, access control, and monitoring for unauthorised access.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Consent management:<\/strong>\n<ul>\n<li><strong>Consent managers:<\/strong> Entities entrusted to manage consent records must comply with robust verification processes.<\/li>\n<li><strong>Grievance redressal:<\/strong> Data fiduciaries must establish mechanisms to address grievances and allow withdrawal of consent.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Data localisation:<\/strong>\n<ul>\n<li><strong>Reintroduction:<\/strong> Localisation mandates restrict transferring certain personal and traffic data outside India.<\/li>\n<li><strong>Oversight:<\/strong> A government-formed committee will determine the categories of data restricted from cross-border transfer.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Data breach reporting:<\/strong>\n<ul>\n<li><strong>Intimation obligations:<\/strong> In case of a breach, fiduciaries must inform affected users and the Data Protection Board promptly, detailing its nature, timing, and mitigation measures.<\/li>\n<li><strong>Uniform treatment of breaches:<\/strong> No differentiation between minor and major breaches; all require reporting.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Safeguards for government data processing:<\/strong>\n<ul>\n<li><strong>Lawful processing:<\/strong> Government agencies must process citizen data lawfully, with specific safeguards outlined to address concerns over exemptions for national security and public order.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2><strong>Industry and Expert Reactions:<\/strong><\/h2>\n<ul>\n<li><strong>Compliance challenges:<\/strong>\n<ul>\n<li><strong>Complex consent management:<\/strong> Maintaining consent records and ensuring opt-out mechanisms may require redesigning existing platforms and systems.<\/li>\n<li><strong>Infrastructure investments:<\/strong> Organisations need to overhaul data collection, storage, and lifecycle practices to comply with the rules.<\/li>\n<\/ul>\n<\/li>\n<li><strong>Ambiguity in security standards: <\/strong>Experts have raised concerns about the lack of detailed guidance on security practices, potentially leading to varied interpretations.<\/li>\n<li><strong>Data localisation controversy:<\/strong> Global tech giants like Meta and Google have expressed concerns over the implications of data localisation on service delivery.<\/li>\n<\/ul>\n<h2><strong>Penalties and Enforcement:<\/strong><\/h2>\n<ul>\n<li><strong>Fines: <\/strong>Non-compliance with safeguards or failure to prevent data breaches can attract penalties of up to Rs 250 crore.<\/li>\n<li><strong>Consent manager violations:<\/strong> Repeat violations by consent managers may lead to suspension or cancellation of their registration.<\/li>\n<\/ul>\n<h2><strong>Conclusion:<\/strong><\/h2>\n<ul>\n<li>The draft Digital Personal Data Protection Rules, 2025, aim to strengthen India\u2019s data privacy framework while addressing challenges for businesses and individuals.<\/li>\n<li>The reintroduction of data localisation and emphasis on consent management mark significant developments, but clarity on implementation and compliance mechanisms remains crucial.<\/li>\n<\/ul>\n<hr \/>\n<h3><strong>Q.1. What is the Digital Data Protection (DPDP) Act, 2023?<\/strong><\/h3>\n<p>The DPDP Act provides for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes.<\/p>\n<h3><strong>Q.2. What is right to privacy in India?<\/strong><\/h3>\n<p>The right to privacy in India is a fundamental right that protects a person&#8217;s ability to make personal choices without unwarranted interference. It is guaranteed by Article 21 of the Constitution of India, which also protects the right to life and personal liberty.<\/p>\n<p><strong>Source: <\/strong><a href=\"https:\/\/www.newindianexpress.com\/nation\/2025\/Jan\/03\/centre-releases-draft-of-data-protection-rules-mandates-parental-consent-for-childrens-social-media-accounts\" target=\"_blank\" rel=\"nofollow noopener\">NIE<\/a> | <a href=\"https:\/\/indianexpress.com\/article\/business\/data-localisation-draft-data-protection-rules-9758805\/\" target=\"_blank\" rel=\"nofollow noopener\">IE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Government of India released the draft Digital Personal Data Protection Rules, 2025, under the Digital Data Protection Act, 2023, outlining provisions for data privacy, compliance, and processing mechanisms<\/p>\n","protected":false},"author":5,"featured_media":44356,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[18],"tags":[],"class_list":{"0":"post-44355","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-upsc-mains-current-affairs","8":"no-featured-image-padding"},"acf":[],"_links":{"self":[{"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/posts\/44355","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/comments?post=44355"}],"version-history":[{"count":0,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/posts\/44355\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/media\/44356"}],"wp:attachment":[{"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/media?parent=44355"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/categories?post=44355"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/tags?post=44355"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}