<p>The release of the Digital Personal Data Protection (DPDP) Rules, 2025, for public consultation is a step towards the implementation of a <a href="https://www.deccanherald.com/tags/data-protection">data protection</a> system. The idea of protection of personal data has a long history in India. After the Supreme Court declared the Right to Privacy as a fundamental right in 2017, the idea has gone through many stages. </p>.<p>The Justice Srikrishna Committee drafted a bill that attracted much attention but after years of dilly-dallying, the government brought forward the law which was enacted last year. The draft rules, when finalised, will set the stage for the implementation of the law. </p>.<p>Some parts of the rules relating to the proposed Data Protection Board of India (DPBI) will come into force upon their publication. The rest of the rules will come into force at a later date, to be specified in the final rules.</p>.<p>The stated aim of the rules is to give data principals, who are individual digital users, better control over their personal data than what exists in practice now. The digital age has brought a large amount of data in the public realm, leaving individuals more vulnerable. </p>.Explained | Draft DPDP Rules 2025 aim to protect citizens' data.<p>Some basic ground rules have now been laid down and they also pertain to communication and consent for the use of data. Explicit personal consent of data principals is needed for collection and use of their data, and they should be told of the purpose of collection. </p>.<p>They will have the right to demand deletion of data, and the data cannot be held indefinitely either. The rules are more stringent in the case of data relating to children and persons with disabilities. While these interventions are welcome, the bill is weak and its design flawed in some ways. </p>.<p>The rules propose the setting up of DPBI as an independent body, but its composition and powers have raised concerns. The members will be appointed by a committee headed by the Cabinet Secretary and the terms of service will be decided by the government. It will have no regulatory powers. These will limit the stature and influence of the board.</p>.<p>The government and its agencies are granted wide-ranging exemptions under the law; this could lead to surveillance of citizens and privacy violations. These agencies can collect and use personal data for purposes that are not clearly defined. </p>.<p>The government can call for information from data fiduciaries – entities that collect data – without a written justification. This can violate individuals’ Right to Privacy. </p>.<p>There is also no timeline stipulated for informing individuals about data breaches or redressal of their grievances. These issues need to be attended to when the rules are finalised.</p>
<p>The release of the Digital Personal Data Protection (DPDP) Rules, 2025, for public consultation is a step towards the implementation of a <a href="https://www.deccanherald.com/tags/data-protection">data protection</a> system. The idea of protection of personal data has a long history in India. After the Supreme Court declared the Right to Privacy as a fundamental right in 2017, the idea has gone through many stages. </p>.<p>The Justice Srikrishna Committee drafted a bill that attracted much attention but after years of dilly-dallying, the government brought forward the law which was enacted last year. The draft rules, when finalised, will set the stage for the implementation of the law. </p>.<p>Some parts of the rules relating to the proposed Data Protection Board of India (DPBI) will come into force upon their publication. The rest of the rules will come into force at a later date, to be specified in the final rules.</p>.<p>The stated aim of the rules is to give data principals, who are individual digital users, better control over their personal data than what exists in practice now. The digital age has brought a large amount of data in the public realm, leaving individuals more vulnerable. </p>.Explained | Draft DPDP Rules 2025 aim to protect citizens' data.<p>Some basic ground rules have now been laid down and they also pertain to communication and consent for the use of data. Explicit personal consent of data principals is needed for collection and use of their data, and they should be told of the purpose of collection. </p>.<p>They will have the right to demand deletion of data, and the data cannot be held indefinitely either. The rules are more stringent in the case of data relating to children and persons with disabilities. While these interventions are welcome, the bill is weak and its design flawed in some ways. </p>.<p>The rules propose the setting up of DPBI as an independent body, but its composition and powers have raised concerns. The members will be appointed by a committee headed by the Cabinet Secretary and the terms of service will be decided by the government. It will have no regulatory powers. These will limit the stature and influence of the board.</p>.<p>The government and its agencies are granted wide-ranging exemptions under the law; this could lead to surveillance of citizens and privacy violations. These agencies can collect and use personal data for purposes that are not clearly defined. </p>.<p>The government can call for information from data fiduciaries – entities that collect data – without a written justification. This can violate individuals’ Right to Privacy. </p>.<p>There is also no timeline stipulated for informing individuals about data breaches or redressal of their grievances. These issues need to be attended to when the rules are finalised.</p>
