IT Ministry Notifies Draft Rules on Data Protection Law, Seeks Feedback by Feb. 18
- January 4, 2025
- Posted by: OptimizeIAS Team
- Category: DPN Topics
IT Ministry Notifies Draft Rules on Data Protection Law, Seeks Feedback by Feb. 18
Sub: Polity
Sec: Legislation in news
Context: The Union government on Friday (January 3, 2025) evening released the draft Digital Personal Data Protection (DPDP) Rules, 2025 for public feedback, which aim to enforce the provisions of the Digital Personal Data Protection Act, 2023.
About Data Protection
In the 2017 Puttaswamy judgment, the Supreme Court of India recognized the right to privacy as a fundamental right under Article 21.
The judgment addressed concerns about the protection of digital personal data, particularly in the context of Aadhaar, a biometric identification number for Indian residents.
About the DPDP Act
- Evolution of the DPDP Act
- The foundation of the Digital Personal Data Protection (DPDP) Act can be traced back to the report by the Expert Committee chaired by Justice B.N. Srikrishna. This report laid the groundwork for the Personal Data Protection Bill, 2019.
- The Digital Personal Data Protection Act, 2023, was subsequently approved by both the Lok Sabha and the Rajya Sabha.
- Key Provisions of the Act
->Stakeholders:
- Data Principal (DP): The data owner.
- Data Fiduciary: An entity that collects, stores, and shares data.
- The Central Government: Responsible for notifying any Data Fiduciary or class of Data Fiduciaries as Significant Data Fiduciaries.
- Data Processor: An entity that processes data on behalf of a Data Fiduciary.
- Data Protection Officer (DPO): An individual appointed by a Data Fiduciary under the provisions of the Act.
->Establishment of the Data Protection Board of India (DPBI):
- It will function as an independent regulator with the authority to identify violations of the Act’s provisions and enforce penalties as appropriate.
->Rights of the Data Principal:
- Individuals are entitled to the right to information, the right to correction and erasure, the right to grievance redressal, and the right to appoint another person to exercise these rights in case of their death or incapacity.
->Penalties:
- Financial penalties may range up to ₹250 crores for a Data Fiduciary.
- The Act does not impose criminal penalties.
What the New Rules Will Clarify
- Structure and Functions of the Data Protection Board (DPB): Clear guidelines on its operations.
- Complaint Filing and Appeals: Procedures for users to file complaints or appeal DPB decisions.
- User Data Requests: Timelines and processes for users to request access to or deletion of their data-by-Data Fiduciaries.
- Consent Withdrawal: Timelines for Data Fiduciaries to erase personal data when consent is withdrawn.
- Parental Consent for Minors’ Data: Guidelines for obtaining and managing parental consent.
- Data Breach Notifications: Requirements for notifying users in case of a data breach.
- Conditions for Consent Managers: Technical, operational, and financial requirements for entities handling user consent.