India’s Digital Data Protection rules: A story of hits and misses
1 week, 2 days ago

India’s Digital Data Protection rules: A story of hits and misses

Live Mint  

The draft Digital Personal Data Protection Rules are finally with us and the long wait has for the most part been worth it. While the Act requires data fiduciaries to provide notice “in the event of" a personal breach, the rules state that intimation must be made “as soon as the Data Fiduciary becomes aware of it." Ever since Justice Srikrishna first included the concept in the 2018 draft of India’s data protection law, I have argued against this insistence on the physical storage of data in India. If coupled with privacy-preserving techniques, this will allow data fiduciaries to comply with the requirements under Section 9 of the Act without having to process personal information. All we need is for some entity to issue age tokens, and data fiduciaries will be able to use those to ensure they only process the personal data of a child with parental consent.

Law India Data Rules Act Breach Data Fiduciaries Fiduciaries  digital  fiduciaries  misses  breach  hits  data  act  dpdp  personal  protection  indias  measures  rules  law

History of this topic

How the draft rules for implementing data protection falls short
2 days, 4 hours ago

How the draft rules for implementing data protection falls short

The Hindu  

After a long wait of 16 months, the Ministry of Electronics and Information Technology has released the draft rules for implementing the Digital Personal Data Protection Act, 2023. Lack of detail The draft rules propose operative guidance for critical mechanisms such as notice and consent to a user for data collection and processing, intimation of data breaches, collection of parental …

Digital Personal Data Protection Draft Rules: What Are the Sticking Points?
5 days, 19 hours ago

Digital Personal Data Protection Draft Rules: What Are the Sticking Points?

The Quint  

In 2023, the Digital Personal Data Protection Act was passed by the Parliament. The Act passed after questions were raised with regard to the protection of data and its regulation within the Indian territory and the Act was passed to safeguard the private sphere of the citizens and to push through the idea of ‘digital economy’. In response to the …

Were you hacked in 2024? India’s data protection rules require you to take action
6 days, 1 hour ago

Were you hacked in 2024? India’s data protection rules require you to take action

Live Mint  

Last year, did any of your employees use a co-worker’s computer and read files without authorization? The draft Digital Personal Data Protection Rules, 2025, require such retrospective reporting. It covers data breaches occurring in the interim period from the notification of the Digital Personal Data Protection Act, 2023, to its full implementation sometime later this year. Various data security measures …

Rollout of Data Rules set for mid-2025: IT Minister
Trending News
6 days, 12 hours ago

Rollout of Data Rules set for mid-2025: IT Minister

The Hindu  

The government is aiming to notify and begin implementing the Digital Personal Data Protection Rules, 2025 — currently in a draft state — by the middle of this year, Union Minister of Electronics and Information Technology Ashwini Vaishnaw said. “I don’t see too many amendments coming in the final notification beyond some tweaks.” While large firms are prepared to comply …

Well-equipped data protection board a must to enforce digital privacy laws, say experts
Top News
1 week ago

Well-equipped data protection board a must to enforce digital privacy laws, say experts

Live Mint  

New Delhi: The draft rules for the Digital Personal Data Protection Act, published on Friday, have ignited discussions among legal and data privacy experts regarding the effective implementation of the law. “Provisions for criminal liability in cases of severe data breaches could go a long way in ensuring stricter compliance," said Nazneen Ichhaporia, partner at ANB Legal. On 3 January, …

Mint Explainer: The digital personal data protection Act, its rules, and roadblocks
Trending News
1 week ago

Mint Explainer: The digital personal data protection Act, its rules, and roadblocks

Live Mint  

Companies waited nearly two years for the Indian government to frame rules for implementing the Digital Personal Data Protection Act—a threadbare legislation with a lot of queries on compliance mechanisms left unanswered. Concern: In emphasizing the “specified" purpose of the data, the legislators have created an overlap with the provisions of “Legitimate Use" under the DPDP Act, which allows data …

Explainer: Draft DPDP Rules 2025 aim to protect citizens’ data
Trending News
1 week ago

Explainer: Draft DPDP Rules 2025 aim to protect citizens’ data

Live Mint  

New Delhi, Jan 8 The government floated draft Digital Personal Data Protection Rules 2025 last week for public consultation till February 18. Here is an explainer of the draft DPDP Rules 2025: What are the draft Digital Personal Data Protection Rules 2025? The Digital Personal Data Protection Rules 2025 drafted by the government provides for the manner of implementation of …

Parental nod, ID proof: How Modi govt plans to regulate digital access for minors
Top News
1 week, 3 days ago

Parental nod, ID proof: How Modi govt plans to regulate digital access for minors

India Today  

The Union government, at the beginning of the new year, unveiled a long-anticipated blueprint for India’s digital future: the draft Digital Personal Data Protection Rules, 2025. Social media platforms, gaming apps and e-commerce websites—all categorised as “data fiduciaries”—are now tasked with obtaining explicit, verifiable consent from users before collecting, processing or storing personal data. When the users in question are …

Data protection rules: India Inc says challenges remain
1 week, 3 days ago

Data protection rules: India Inc says challenges remain

New Indian Express  

NEW DELHI: The Ministry of Electronics and Information Technology has released the much-awaited draft rules for the Digital Personal Data Protection Act, 2025. Continued engagement from the government will be key to ensuring effective implementation.” Goldie Dhama, Partner at Deloitte India, said the draft offers important clarifications, mainly regarding verifiable consent for children’s data. After a gap of over 16 …

Digital Personal Data Protection Rules: Govt drafts stringent parental consent rules for social media users under 18
1 week, 3 days ago

Digital Personal Data Protection Rules: Govt drafts stringent parental consent rules for social media users under 18

Op India  

On 3rd December, the Government of India proposed detailed rules under the Digital Personal Data Protection Rules, 2025. One of the most talked-about aspects of the draft is the rule that makes verifiable parental consent mandatory for creating social media accounts and processing the personal data of children. As per the draft rules, every organisation that collects personal data must …

Experts cautiously welcome Digital Personal Data Protection Rules, 2025
1 week, 3 days ago

Experts cautiously welcome Digital Personal Data Protection Rules, 2025

The Hindu  

Experts working with the tech industry tentatively welcomed the draft Digital Personal Data Protection Rules, 2025, issued on Friday. “The draft rules provide some clarity on framing and displaying notices under the Digital Personal Data Protection Act, but they fall short in offering guidance on the mode of delivery or issuance—something well-defined under GDPR,” Ms. Suri said, referring to Europe’s …

Data protection rules balance regulation & innovation while safeguarding citizens’ rights: Vaishnaw
1 week, 3 days ago

Data protection rules balance regulation & innovation while safeguarding citizens’ rights: Vaishnaw

Live Mint  

New Delhi, Jan 4 The draft protection rules released by the government create a balance between regulation and innovation while completely protecting citizen rights, Union minister Ashwini Vaishnaw said on Saturday. The government issued draft rules for the Digital Personal Data Protection Act on Friday for public consultation till February 18. "All the entities covered under the Act will have …

Breach alert, parental nod in digital privacy rulebook
1 week, 4 days ago

Breach alert, parental nod in digital privacy rulebook

Hindustan Times  

The ministry of electronics and information technology on Friday evening released the draft Digital Personal Data Protection Rules for public consultation, setting the stage for operationalising India’s personal data protection regime more than 16 months after the act was notified in August 2023. These rules are the key to operationalising India’s Digital Personal Data Protection Act, which has been in …

Government releases Draft Digital Personal Data Protection Rules, no penalties specified
1 week, 4 days ago

Government releases Draft Digital Personal Data Protection Rules, no penalties specified

India TV News  

The government has unveiled the much-awaited Digital Personal Data Protection Rules Rules, 2023, omitting any specific mention of penalty for violation. The proposal comes more than a year after the Digital Personal Data Protection Act, 2023 was approved by Parliament. Key provisions in the draft rules The draft outlines procedures for obtaining explicit consent from individuals, including mandatory parental consent …

We should deal with technological transformations with utmost care
3 weeks, 1 day ago

We should deal with technological transformations with utmost care

Live Mint  

Without a doubt, the biggest disappointment of 2024 has to be the fact that India’s data protection law is still not in force despite having managed to get through both houses of Parliament in record time in 2023. On the other hand, what is most gratifying is the pace at which India’s digital public infrastructure approach gained acceptance around the …

Privacy as priority: India can’t afford any further delay in notifying data protection rules
4 weeks, 2 days ago

Privacy as priority: India can’t afford any further delay in notifying data protection rules

Live Mint  

A few days ago, Signzy, a popular Know Your Customer verification service used by India’s top banks and fintech firms, was affected by a cyber attack that may have exposed the sensitive personal information of millions. India’s Digital Personal Data Protection Act was passed six years after the Right to Privacy verdict in 2017. The Digital India Act, touted as …

Deloitte India partners with Securiti to enhance data privacy and compliance solutions
1 month, 3 weeks ago

Deloitte India partners with Securiti to enhance data privacy and compliance solutions

Live Mint  

Deloitte Touche Tohmatsu India LLP has announced a strategic partnership with data privacy and security company Securiti to address growing challenges in data governance, privacy, and compliance. Notably, the collaboration combines Deloitte India’s domain expertise with Securiti’s technology platforms to deliver tailored, end-to-end security solutions for businesses navigating increasingly complex regulatory requirements. The act adds to the compliance obligations businesses …

EU's data privacy laws stymie India's investigation into airline bomb hoax calls
2 months ago

EU's data privacy laws stymie India's investigation into airline bomb hoax calls

Live Mint  

New Delhi: India’s hunt for the perpetrators of multiple bombing threats that significantly disrupted the domestic aviation and hospitality sectors has hit a roadblock in Europe, where most of the hoax calls are said to have been made through virtual private networks. “India has currently hit a roadblock in the European Union, with France and Germany being among the nations …

Data Protection Rules to be published within a month: Union IT minister
4 months, 3 weeks ago

Data Protection Rules to be published within a month: Union IT minister

Hindustan Times  

A draft of the Digital Personal Data Protection Rules will be published for public consultation within thirty days, IT minister Ashwini Vaishnaw said on Monday. Vaishnaw also said that the government has resolved the issue around processing consent for children’s data and the details would be revealed when the draft rules are released for consultation. Under the DPDP Act, a …

Using children’s personal data legally and securely
5 months, 2 weeks ago

Using children’s personal data legally and securely

The Hindu  

The Indian school education system is one of the most expansive ecosystems in the world. Adherence to the principles of data privacy and data minimisation is particularly pertinent given the sensitive nature of children’s personal data. The need for specific protocols Regarding exchange of personal data of children for an unspecified purpose, integration of third parties could also raise doubts …

Guardians Of Virtual Realm: Navigating Cyber Laws And Safeguarding Data Privacy For Silenced Voices
6 months, 3 weeks ago

Guardians Of Virtual Realm: Navigating Cyber Laws And Safeguarding Data Privacy For Silenced Voices

Live Law  

When we speak of cyber frauds, the first thing which strikes our mind is cyber laws, throughout the time these laws have protected us from various cyber frauds but on many instances, we have seen that some people have suffered the wrath of cybercrimes. This act was originally introduced in Parliament as the Personal Data Protection Bill in 2019, it …

New data law, a barrier to journalistic free speech
8 months, 4 weeks ago

New data law, a barrier to journalistic free speech

The Hindu  

In August 2023, India got its first comprehensive data protection law, the Digital Personal Data Protection Act, 2023. Three previous drafts of the DPDP Act had exemptions for journalistic activities, but the final law withdrew such an exemption. Three previous drafts of the DPDP Act, one released by an expert committee on data protection, the other by the government, and …

Corporate boards should foster a culture of data privacy in organizations
10 months, 1 week ago

Corporate boards should foster a culture of data privacy in organizations

Live Mint  

The digital age has ushered in a new era of responsibility—to safeguard the core of our online existence: our data. In acknowledging the role of data privacy being integral to corporate governance and risk management, the board has a crucial role in not only ensuring that the enterprise meets legal obligations, but also establishing a bedrock of trust under its …

DPDP Act will safeguard future generations: PM Modi in Parliament
11 months ago

DPDP Act will safeguard future generations: PM Modi in Parliament

Hindustan Times  

The Digital Personal Data Protection Act, 2023 would safeguard the coming generations and give them a tool to make their futures, Prime Minister Narendra Modi said in his final address in the 17th Lok Sabha on Saturday. Globally, people are interested in India’s Digital Personal Data Protection Act,” Modi said. India is also poised to fully use data’s capability --- …

Parliamentary panel criticises delay in framing data protection rules
11 months ago

Parliamentary panel criticises delay in framing data protection rules

Hindustan Times  

The parliamentary standing committee on communications and information technology has pulled up the IT ministry for the delay in drafting rules under the contentious Digital Personal Data Protection Act, 2023, and for not specifying a timeline for rolling out the Digital India Bill. The Committee would like to draw attention of the Ministry to the established norms, which provide that …

Alert first, act fast: Diktat on data breaches soon
11 months, 4 weeks ago

Alert first, act fast: Diktat on data breaches soon

Live Mint  

Organizations that notice breaches of personal data may have to immediately alert users and flag them to the Data Protection Board, followed by a detailed filing within 72 hours. The Digital Personal Data Protection Act, India’s first law on data protection, took effect in August, and upcoming rules under the Act will lay the ground for compliance by technology companies. …

India's Data Revolution: Unpacking the DPDPA 2023 and Ensuring Accountability
1 year, 1 month ago

India's Data Revolution: Unpacking the DPDPA 2023 and Ensuring Accountability

The Quint  

It is crucial to establish mechanisms that hold the government accountable as a data custodian, said Dr Kislay Pandey, a leading corporate lawyer of India. Specific measures need to be taken to explicitly regulate emerging technologies like AI and tapping into their potential to bolster data protection. He further said, “To ensure the efficacy of data protection and privacy regulation …

The Art of A Good Unicorn | Startup founders, be careful as data is more liability than asset now
1 year, 1 month ago

The Art of A Good Unicorn | Startup founders, be careful as data is more liability than asset now

Hindustan Times  

India has become a rapidly evolving digital landscape where technology reigns supreme. And therein lies the rub: The need for accountability and data protection brewing in Internet startups handling data in India’s burgeoning startup ecosystem. And so, in August 2023, India’s Rajya Sabha passed the Digital Personal Data Protection Act 2023 to redefine how digital personal data is processed. Or …

India Inc has some way to go to comply with data protection act: PwC India
1 year, 3 months ago

India Inc has some way to go to comply with data protection act: PwC India

Live Mint  

New Delhi: A new report by PwC India on how compliant Indian companies are with the Digital Personal Data Protection Act, which came into effect on 11 August, reveals some startling facts. Cookies: PwC India found that 16% of company websites display a cookie consent banner to users, highlighting that their personal data will be collected and processed. Privacy notices: …

Navigating the complex landscape of data privacy laws in India
1 year, 3 months ago

Navigating the complex landscape of data privacy laws in India

Hindustan Times  

In an era where data is hailed as the "new oil," the need for strong data privacy laws has never been more critical. India, too, has stepped up its game in this regard with the introduction of the Digital Personal Data Protection Act, 2023. Compliance with data protection laws, such as the Digital Personal Data Protection Act, 2023 in India, …

Transfer of personal data under U.N. treaty will be according to native laws
1 year, 4 months ago

Transfer of personal data under U.N. treaty will be according to native laws

The Hindu  

As United Nations member states negotiate a treaty to counter cybercrimes, India has made suggestions at the international forum that transfer of “personal data” under the convention will be done in accordance with the country’s domestics laws and not other applicable international laws. The Digital Personal Data Protection Act enacted by the Parliament in August says that personal data can …

HNLU To Conduct A Round Table On Data Protection In A Digital World: Perspectives From India
1 year, 4 months ago

HNLU To Conduct A Round Table On Data Protection In A Digital World: Perspectives From India

Live Law  

Hidayatullah National Law University, a leading institution in the field of legal education, is proud to announce an upcoming round table discussion on the topic "Delineating the Issues Relating to Data Protection in a Digital World: Perspectives from India." It will be an exceptional opportunity to engage with experts and explore the intricacies of data protection in the digital age …

Today’s Cache | India’s Personal Data Protection Act weakens RTI; Google hit with copyright lawsuit; Microsoft unbundles Teams to avert fines
1 year, 4 months ago

Today’s Cache | India’s Personal Data Protection Act weakens RTI; Google hit with copyright lawsuit; Microsoft unbundles Teams to avert fines

The Hindu  

India’s Personal Data Protection Act weakens RTI Activists have long warned of dilution of the Right to information and with the Digital Personal Data Protection Act, of 2023, the qualified prohibitions to certain right to information to be kept secret have turned into total prohibitions. The lawsuit, alleging copyright violations, was filed by the Danish Media Association a year after …

Personal Data Protection: How India's Law Looks Compared to EU's Regulations
1 year, 4 months ago

Personal Data Protection: How India's Law Looks Compared to EU's Regulations

The Quint  

DPDPA seeks “to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto,” as mentioned at the beginning of the legislation. In August 2017, when the nine-judge bench …

Word choice in India’s data protection law and a dilution of rights
1 year, 4 months ago

Word choice in India’s data protection law and a dilution of rights

The Hindu  

After years of going back and forth on its contents, India finally has a data protection law, i.e., the Digital Personal Data Protection Act, 2023. In the search for an answer to this question, we need to look at two basic features of any data protection law: the use of personal data with consent and without it. As decades of …

An Act to cement digital authoritarianism
1 year, 4 months ago

An Act to cement digital authoritarianism

The Hindu  

“You may say that you want to be forgotten but the state does not want to forget you.” This chilling argument for dominance over every Indian’s life was rejected six years ago, in August 2017, by the Supreme Court of India in the first Puttaswamy decision. The Court reaffirmed the fundamental right to privacy while requiring the Union Government to …

India's DPDP Bill: Pioneering data privacy safeguarding with empowered individuals and responsible fiduciaries
1 year, 5 months ago

India's DPDP Bill: Pioneering data privacy safeguarding with empowered individuals and responsible fiduciaries

Firstpost  

The DPDP Bill signifies a pivotal shift in data processing practices, making it crucial for organisations to comprehend its provisions and ensure compliance The Digital Personal Data Protection Bill represents a significant step towards safeguarding data privacy in India. The DPDP Bill requires data fiduciaries to obtain consent from individuals before processing their personal data. The DPDP Bill also sets …

Explained: India's new Digital Personal Data Protection framework
1 year, 5 months ago

Explained: India's new Digital Personal Data Protection framework

Hindustan Times  

A new law that defines how companies should process users' data came into force with the President giving assent to the Digital Personal Data Protection Act passed by Parliament in the just-concluded monsoon session. Digital Personal Data Protection law has been notified by government. Entities must protect personal data in their possession by taking reasonable security safeguards to prevent a …

Paytm CEO says data protection bill ‘well articulated’, calls it ‘progress of our digital economy’
1 year, 5 months ago

Paytm CEO says data protection bill ‘well articulated’, calls it ‘progress of our digital economy’

Hindustan Times  

Paytm founder and CEO Vijay Shekhar Sharma on Friday took to X to praise the Digital Personal Data Protection Act, stating that it has been “well articulated” and that “it is progress for India's digital economy,” tagging Union minister Rajeev Chandrasekhar and the IT ministry. The Digital Personal Data Protection Bill, 2023, which curbs the misuse of personal information by …

President Gives Assent To Digital Personal Data Protection Act 2023
1 year, 5 months ago

President Gives Assent To Digital Personal Data Protection Act 2023

Live Law  

The President has given assent to the new the Digital Personal Data Protect, Act 2023 on Friday. The Bill seeks “to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes.” It applies to the processing …

Satire India new Digital Personal Data Protection Bill, 2023 policy highlights
1 year, 5 months ago

Satire India new Digital Personal Data Protection Bill, 2023 policy highlights

The Hindu  

First of all, kudos to the Mother of Democracy for setting new world records every day for fastest-ever law-making. Did you know the Digital Personal Data Protection Bill, 2023 zipped through Parliament faster than a bullet train? There was no nonsense like ‘informed consent’ because they knew that all individual streams of data merge eventually with the Annadata — ‘the …

'Denying Information Under The Guise Of Data Protection' : Concerns Raised About Digital Personal Data Protection Bill Amending RTI Act
1 year, 5 months ago

'Denying Information Under The Guise Of Data Protection' : Concerns Raised About Digital Personal Data Protection Bill Amending RTI Act

Live Law  

The Parliament passed the Digital Personal Data Protection Bill on Wednesday. The Bill seeks to provide protection to “personal data” and has provision to process it for “lawful purposes.”However, a significant change that the Bill has introduced is an exemption to provide personal information under Right To Information Act.Section 44 of the Bill amends Section 8 of. This is because …

Digital Personal Data Protection Bill passed in Parliament, why has govt termed it as a game-changer?
1 year, 5 months ago

Digital Personal Data Protection Bill passed in Parliament, why has govt termed it as a game-changer?

India TV News  

Digital Personal Data Protection Bill was passed in Rajya Sabha on Wednesday. The Digital Personal Data Protection Bill, that introduces several compliance requirements for the collection and processing of personal data and provisions for up to Rs 250 crore penalty for any data breach, provides security to personal data. All in all, the Digital Personal Data Protection Bill or Data …

Legal framework for privacy as RS clears digital data bill
1 year, 5 months ago

Legal framework for privacy as RS clears digital data bill

Hindustan Times  

The Rajya Sabha passed the Digital Personal Data Protection Bill, 2023 on Wednesday, clearing the way for what will be the first legal framework for privacy, close to six years after it was held as a fundamental right for Indians by the Supreme Court. While it is unlikely to take long for the bill to receive presidential assent — at …

Data market’s future hinges on regulation
1 year, 5 months ago

Data market’s future hinges on regulation

Hindustan Times  

In 1776, when Adam Smith — arguably the most ardent champion of market economics — argued in favour of the invisible hand, there was no telephone, no broadband and no digital data coursing through cables or air waves. Several economists, including Hal Varian, the chief economist of Google, are swayed by the efficiency hypothesis while others liken data to oil …

Rajya Sabha passes Digital Personal Data Protection Bill, 2023
1 year, 5 months ago

Rajya Sabha passes Digital Personal Data Protection Bill, 2023

The Hindu  

The Digital Personal Data Protection Bill, 2023, was passed by the Rajya Sabha on Wednesday, after most Opposition MPs staged a walkout. The Bill sets out norms for data processing digitally for firms, creates an adjudicatory mechanism for resolving disputes, and provides for the creation of a Data Protection Board of India. “The Bill, instead of protecting the right to …

India passes data protection legislation in Parliament. Critics fear privacy violation
1 year, 5 months ago

India passes data protection legislation in Parliament. Critics fear privacy violation

Associated Press  

NEW DELHI — Indian lawmakers Wednesday approved a data protection legislation that “seeks to better regulate big tech firms and penalize companies for data breaches” as several groups expressed concern over citizens’ privacy rights. The legislation will limit cross-border transfer of data and provide a framework for setting up a data protection authority to ensure compliance from tech companies, Information …

India passes data protection bill amid surveillance concerns
1 year, 5 months ago

India passes data protection bill amid surveillance concerns

Al Jazeera  

The new law has drawn criticism from opposition lawmakers and rights groups over the scope of exemptions, weakening gov’t accountability. Indian lawmakers have passed a data protection law that will dictate how tech companies process users’ data amid criticism that it will likely lead to increased surveillance by the government. The Digital Personal Data Protection Bill, 2023 gives the government …

Falling short: The Hindu Editorial on the Digital Data Protection Bill, 2023
1 year, 5 months ago

Falling short: The Hindu Editorial on the Digital Data Protection Bill, 2023

The Hindu  

The Digital Data Protection Bill, 2023, was passed in the Lok Sabha on Monday and will now have to be cleared by the Rajya Sabha. These “uses” are situations where such data may be processed without obtaining the data principal’s consent, such as by government agencies for providing licences, welfare benefits, permits and services. The Srikrishna Committee’s Draft Bill in …

Discover Related