The draft Digital Personal Data Protection Rules, 2025, aim to enforce the right to informational privacy for Indians, as affirmed by the Supreme Court in 2017.
The rules are a year late and come after seven years of growing digitization, which may have affected privacy during this period.
Key Provisions:
Online services must explain why they collect data.
Special protection for children’s data online.
Establishment of the Data Protection Board of India (DPBI).
Government agencies must meet standards for exemptions from the Act.
Clear procedures for handling data breaches.
The design of the DPBI is still a concern and may not be fully addressed by these rules.
The government has kept the rule-making process secret, declining to share stakeholder recommendations or make the process open and deliberative.
Transparent discussions are crucial for involving industry and public voices to shape effective policy.
Data protection laws should minimize data collection, encourage disclosures, penalize neglect, and discourage surveillance by both private and government sectors.
The process must be quick, as people have been waiting since 2017 for their data rights, and delay may erode trust in the government’s commitment to data protection.
COMMENTS