DPDP Rules 2025 Review

  • January 5, 2025
  • Posted by: OptimizeIAS Team
  • Category: DPN Topics
No Comments

 

 

DPDP Rules 2025 Review

Sub : Polity

Sec: Legislation in news

Context: The rules provide guidelines for managing personal data in India, with a focus on safeguarding citizens’ rights. It further gives broad direction for the Industries to prepare for compliance.

Key Highlights of the Draft

Data Localisation for Significant Data Fiduciary

  • The Digital Personal Data Protection (DPDP) Act of 2023 in India requires that certain types of personal data be stored within the country, including sensitive data like financial and biometric data.
  • The DPDP Act also gives the government the power to limit cross-border data transfers.

What the Rules will Clarify and its implications: –

  • The draft rules leave the door open for the government to restrict overseas processing of Indian citizens’ data.
  • Experts highlighted gaps in offering clarity on adequacy standards for cross-border data processing.
  • Raises challenges in balancing broader data protection requirements with promoting innovation.

Parental Consent

The DPDP Act, says that platforms cannot process the data of anyone under 18—who the act classifies as a ‘child’—before obtaining verifiable parental consent from the parent or lawful guardian of such an individual.

What the rules will Clarify and its implications:-

  •  Verification methods may include digital lockers , self identification or other such methods.
  • Concerns raised about inclusivity for minors without parents or guardians.
  •  Speculation about platforms needing to verify “everyone,” adding operational complexity.

Expert Feedback

  • Guidance on Emerging Technologies: Experts have called for clearer guidelines on implementing the rules, especially concerning emerging technologies like Artificial Intelligence (AI).
  • Impact on Big Tech: Major companies like Meta and Amazon may face operational challenges due to the new requirements, especially regarding consent mechanisms and data localization, which could require changes at the design and architectural levels.
  • Vague Terminology: Terms such as “reasonable safeguards” and “appropriate measures” are seen as vague and lacking sufficient elaboration, which may cause difficulties in interpreting and enforcing these rules.
  • Data Protection Board: The composition and independence of the Data Protection Board is a concern, as it may grant excessive control to the government, raising questions about fairness.
  • Exemptions for Government Agencies: The rules provide exemptions for government agencies, which has raised concerns about fairness and transparency in how personal data is handled by the state.

In Summary, the draft DPDP Rules, 2025, address critical issues of data localisation and parental consent but leave significant areas open for discussion. The consultation process is expected to refine the framework, ensuring it safeguards privacy while enabling innovation.

DPDP Rules 2025 Review Polity