In January 2025, the Indian Ministry of Electronics and Information Technology (MeitY) released the draft Digital Personal Data Protection Rules, 2025, for public consultation.
The law India introduce provisions concerning children's use of social media, mandatory breach notifications, and other data protection measures.
These rules aim to operationalize the Digital Personal Data Protection Act, 2023, by detailing specific obligations for data fiduciaries and rights for data principals.
Key Provisions:
Children's Data Protection:
o Parental Consent: The draft rules mandate verifiable parental consent for processing personal data of children under 18 years. This aligns with global standards but raises concerns about feasibility and the potential impact on teenagers' autonomy online.
Breach Notification Requirements:
o Timely Reporting: Data fiduciaries are required to report personal data breaches to the Data Protection Board of India promptly. While the exact timeline is unspecified, this provision emphasizes the importance of swift action to mitigate potential harm.
Data Principal Rights:
o Access and Correction: Individuals have the right to access and correct their personal data held by data fiduciaries, ensuring data accuracy and empowering users to maintain control over their information.
Data Fiduciary Obligations:
o Data Minimization and Purpose Limitation: Fiduciaries must collect only necessary data for specified purposes, adhering to principles that prevent excessive data collection and enhance user privacy.
For Social Media Platforms:
- Implementing age verification mechanisms to comply with parental consent requirements may pose technical and ethical challenges, potentially affecting user experience and platform accessibility for minors.
For Organizations Handling Personal Data:
- The obligation to promptly report data breaches necessitates robust security measures and incident response strategies, encouraging organizations to prioritize data protection and transparency.
For Individuals:
- Enhanced rights over personal data empower users, fostering greater trust in digital services and promoting informed consent in data processing activities.
The draft Data Protection Rules 2025 represent a significant step toward strengthening data privacy in India. By focusing on vulnerable groups like children and emphasizing breach notifications, the rules aim to create a safer digital environment. Stakeholders are encouraged to participate in the consultation process to ensure the final regulations balance privacy protection with practical implementation considerations.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.