Govt notifies Digital Personal Data Protection Act to protect citizens in online space
The regulations, implemented over 12-18 months, are expected to help people avoid spam calls and prevent unauthorised access to their personal data
The Narendra Modi government on Friday (November 14) unveiled the much-anticipated Digital Personal Data Protection Rules 2025, which are set to be implemented in stages over the next 12 to 18 months.
The regulations are designed to empower citizens regarding their data, enable them to monitor for any misuse, and safeguard their privacy in the digital environment.
Follow Bihar election results LIVE here
Certain aspects of the regulations are set to be enacted right away, whereas elements such as the registration and responsibilities of consent managers, notifications from data fiduciaries to individuals concerning the processing of their data, and several other significant standards related to the handling of personal data will be rolled out over a span of 12 to 18 months.
Also read: DPDP law weakens transparency, threatens journalists: RTI activist
The regulations are expected to assist individuals in steering clear of spam calls and unauthorised access to their personal information, video, and audio through any digital channels.
“Now, therefore, in exercise of powers conferred by sub-sections (1) and (2) of section 40 of the Digital Personal Data Protection Act, 2023 (22 of 2023), the Central Government hereby makes the following rules... These rules may be called the Digital Personal Data Protection Rules, 2025,” the notification said.
The rules set out a mechanism for establishing a Data Protection Board, which will levy penalties based on the nature of the breach as listed in the DPDP Act 2023.
It has provisions to impose penalties of up to Rs 250 per breach on data fiduciaries. However, it has kept a graded penalty system to shield small businesses.
Eight years since SC observation
The rules came into force eight years after the Supreme Court observed on August 24, 2017, that the Right to Privacy is a Fundamental Right with restrictions specified and relatable to fundamental rights as embedded in the Constitution.
Also read: RTI vs DPDP: Activists battle Centre’s data law
While the regulations established by the Digital Personal Data Protection Act 2023 empower citizens to safeguard their personal data, they also require individuals to refrain from concealing any details regarding themselves in relation to government-issued identification or documents, avoid submitting false or trivial complaints, and ensure that only verifiable information is provided when seeking corrections or deletions of their data.
In case phone numbers get leaked
With the DPDP Rules in place, citizens can take recourse if their phone numbers are leaked for unauthorised calls. The rules will help investigate and identify the entity that leaked the phone number of an individual without consent, and penal actions can be taken against those found guilty.
Also read: Explained: What is Google’s new Project Suncatcher to build AI data centres in space?
The DPDP Rules stipulate that the rights of citizens may be exempted in situations involving the enforcement of legal rights, court orders, or the prevention, detection, investigation, or prosecution of any offence.
(With agency inputs)