0
0
The Ministry of Electronics and Information Technology announced on Sunday that the draft Digital Personal Data Protection (DPDP) rules aim to safeguard citizens’ rights over their personal data while addressing challenges like unauthorized commercial use and digital harms. The new framework is designed to empower citizens with greater control over their personal information and promote a more responsible digital economy.
The proposed rules offer key provisions that grant citizens enhanced rights, including informed consent, the right to data erasure, and grievance redressal mechanisms. In a move to protect younger internet users, the rules also empower parents and guardians to ensure online safety for children.
“The DPDP rules are designed to strike the right balance between regulation and innovation, ensuring that India’s growing digital economy benefits all citizens while fostering an ecosystem of innovation,” the official statement said. The government emphasizes that citizens are at the heart of the new data protection framework, and Data Fiduciaries (those who process personal data) are required to provide clear and accessible information on how personal data is handled, allowing users to make informed decisions about their data.
Unlike other global data protection frameworks that tend to be more restrictive, India’s model aims to promote economic growth while prioritizing citizen welfare. The government views the DPDP rules as a new global template for data governance that balances innovation with personal data protection.
Smaller businesses and startups will face a lower compliance burden under the new rules. The government will offer an adequate transition period to ensure that all businesses, regardless of size, can comply with the new legislation. The government also emphasized that sector-specific data protection measures can complement the broader personal data protection framework.
A key feature of the new rules is the establishment of the Data Protection Board, which will function digitally to resolve complaints. Citizens will be able to approach the Board through a digital platform or app, ensuring a transparent and efficient grievance redressal process. The Board will consider factors such as the severity of data breaches and efforts made to mitigate impact when imposing penalties.
The rules also introduce graded responsibilities, with larger data processors, called Significant Data Fiduciaries, facing higher obligations to ensure better data protection practices. For smaller entities, the compliance requirements will be more streamlined to encourage growth without overburdening businesses.
Further, the government introduced flexibility in the enforcement process, with the possibility for Data Fiduciaries to voluntarily submit undertakings during proceedings. If accepted, these undertakings would lead to the dropping of certain charges, providing a fair and balanced approach to enforcement.
The draft rules have been developed after extensive consultation with stakeholders and a study of global best practices. The Ministry has invited feedback from the public and stakeholders until February 18 via the MyGov platform, ensuring a participatory approach to lawmaking.
As part of its commitment to public awareness, the government also plans a nationwide campaign to educate citizens about their rights and responsibilities under the new rules, fostering a culture of responsible data management. The initiative aims to ensure that citizens are not only protected but also informed about the importance of data privacy in the digital age.
