MeitY unveils comprehensive framework for Digital Personal Data Protection Act implementation, opens public consultation until February 18
DPDP Act Draft Rules 2025: The Ministry of Electronics and Information Technology (MeitY) has released the much-anticipated draft rules for the Digital Personal Data Protection Act, marking a significant milestone in India’s data privacy landscape. The rules, unveiled on January 3, 2025, outline crucial requirements for data fiduciaries, consent managers, and the protection of children’s digital rights.
EPFO ATM Card and Mobile App Coming Soon: Launch Date, Withdrawal Limits, and Key Details Revealed
Key Points of DPDP Act Draft Rules
- Consent Manager Requirements
- Minimum net worth requirement of Rs 2 crore
- Must be incorporated as an Indian company
- Required to maintain operational independence
- Mandatory certified interoperable platform for consent management
- Children’s Data Protection
- Mandatory verifiable parental consent
- Restricted processing limited to:
- Health services
- Educational activities
- Safety monitoring
- Transportation tracking
- Enhanced verification measures for parent/guardian identity
- Data Protection Board
- Digital-first approach with remote hearings
- Investigative powers for breach assessment
- Authority to enforce penalties
- Implementation of regulatory oversight
- State Services Framework
- Streamlined processing for government benefits
- Covers subsidies, licenses, and permits
- Adherence to Schedule II standards
- Focus on transparency and security
Industry Expert Perspective
Kazim Rizvi, Founding Director of The Dialogue, emphasizes the need for further clarity on emerging technologies: “While the rules provide essential guidance, key areas requiring attention include AI model training, cross-border data transfers, and breach notification processes.”
Compliance Timeline
Stakeholders can submit feedback through the MyGov portal until February 18, 2025. The ministry has made detailed explanatory notes available at www.meity.gov.in/data-protection-framework to facilitate understanding.
The rules represent a significant step toward establishing a robust data protection framework in India, though experts note that additional clarity may be needed for emerging technologies and cross-border data transfers.
This development marks a crucial phase in India’s digital privacy journey, setting new standards for data protection while balancing innovation and user rights.
