Draft DPDP Rules 2025: Key Highlights of India’s New Data Protection Framework
The government has released draft Digital Personal Data Protection (DPDP) Rules 2025 for public consultation until February 18. These rules detail data fiduciary responsibilities, consent frameworks, penalties, and exemptions under the DPDP Act 2023, aiming to strengthen data privacy.
Tech Author
India's initiative to protect digital privacy advanced notably with the introduction of the draft Digital Personal Data Protection (DPDP) Rules 2025. The guidelines, available for public consultation until February 18, 2025, delineate the operational framework of the Digital Personal Data Protection Act 2023, established to safeguard individuals' personal data and govern its processing by digital platforms.
Key Features of the DPDP Rules 2025
Establishment of the Data Protection Board (DPB): The proposed regulations promote for the establishment of the DPB, a digital-exclusive entity responsible for resolving complaints concerning data misuse. Citizens may submit complaints online, facilitating adjudication without requiring personal attendance.
Child Data Protection: The regulations require demonstrable parental consent for the processing of minors' personal data. Organizations must implement technical protections to ensure compliance.
Cross-Border Data Transfers: Transfers of personal data outside India would be allowed solely to countries sanctioned by the government. A committee may propose limitations on major data fiduciaries.
Penalties and Enforcement: Entities that contravene the Act are subject to fines of up to ₹250 crore. The DPB will assess violations according to their severity, length, and attempts to mitigate risks.
Exemptions and Inclusivity: Specific roles like as judicial responsibilities, law enforcement, and research-oriented businesses are exempted. Significantly, solutions are accessible to both digitally connected and offline individuals.
Data Processing Based on Consent
According to the Act, digital platforms are required to get explicit consent for the collection and processing of personal data. Consent must be conveyed in any of the 22 Indian languages, enabling citizens to comprehend and assert their rights. Consent managers, similar to account aggregators in the financial and healthcare domains, will enable secure data sharing.
Effects on Digital Platforms and Citizens
Entities such as social media platforms and e-commerce conglomerates, designated as major data fiduciaries, are required to follow more stringent compliance protocols. The Act offers citizens strong mechanisms to revoke consent, delete data, and submit complaints.
Timeline and Future Outlook
After public consultation, the definitive regulations are anticipated during Parliament's monsoon session, with complete implementation scheduled for two years later. This timeframe enables digital platforms and startups to adjust with these new compliance standards.
The DPDP Rules 2025 represent India's dedication to safeguarding digital privacy, ensuring the fast advancing digital landscape is secure and accountable for all parties involved.
Source : livemint.com
