The framework is ready, and the draft rules for consultation are expected to be released within a month, IT minister Ashwini Vaishnaw said
Vaishnaw also said that the Centre first “worked on (the) digital implementation of the Act and (then) framed rules accordingly”
Even though the Act received President's assent in August last year, the law is yet to come into effect as multiple provisions within the Act require additional clauses and rules
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
The draft rules under the Digital Personal Data Protection Act (DPDP Act) will be released within a month, minister for electronics and information technology Ashwini Vaishnaw said.
“The framework is ready, and the draft rules for consultation are expected to be released within a month,” news agency PTI quoted Vaishnaw as saying.
As per the report, the minister also said that the final draft of the rules was reviewed last week and will be issued for public consultation in September. He also said that the Centre first “worked on (the) digital implementation of the Act and (then) framed rules accordingly”.
As per a separate Moneycontrol report, Vaishnaw also “confirmed” that the framework of DPDP Act is now complete along with the workflow, which includes filing complaints, taking up appeals and other details.
It is pertinent to note that both Lok Sabha and Rajya Sabha passed the DPDP Act last year. Following this, President Droupadi Murmu gave her consent to the Bill on August 11, 2023. However, the law is yet to come into effect as multiple provisions within the Act require additional clauses and rules. The upcoming draft will specify these rules.
For the uninitiated, DPDP Act aims to safeguard personal data of Indian users and puts guardrails to prevent data breaches. It envisages the creation of a Data Protection Board of India, which will be responsible for probing such breaches and imposing penalties.
Additionally, the Act provides protections for children and persons with disabilities. The Act defines a child as someone below the age of 18 and mandates parental consent for data fiduciaries before processing the data of a minor.
It also puts additional responsibilities on social media platforms to ensure accuracy and completeness of data and to build reasonable security safeguards to prevent data breaches. The law also introduces the concept of “consent managers” via which users can offer, withdraw and manage their consent online.
At the time of the passage of the Bill, industry stakeholders had flagged concerns over certain provisions of the DPDP Bill, 2023 citing issues such as alleged violation of “right to privacy” and increased obligations for online platforms.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.