Lagatar24 Desk
New Delhi: The government has released the draft rules for the Digital Personal Data Protection (DPDP) Act, seeking public consultation and feedback until February 18. Aimed at safeguarding user rights while promoting innovation, these rules, as highlighted by IT Minister Ashwini Vaishnaw, are poised to significantly impact both users and technology companies operating in India.
Key Highlights of the DPDP Act for Users
Enhanced Child Protection:
Under the new rules, social media platforms like Facebook, Instagram, and others must ensure verifiable parental consent before allowing children under 18 to create accounts. This includes validating the parent’s identity and age to strengthen child safety online.
Data Localisation:
The rules mandate that Big Tech platforms, including Google, Apple, Meta, Amazon, and Microsoft, ensure their algorithms do not pose risks to user rights. Additionally, certain categories of personal data specified by the government cannot be transferred outside India.
•Rule 12(3): Significant Data Fiduciaries must ensure their algorithms are risk-free for users’ rights.
•Rule 12(4): Specific personal data and its traffic flow must remain within India’s territory as per government regulations.
Graded Penalties:
The Act introduces graded punishments for data breaches. Penalties will be scaled based on the severity of the breach and the size of the company involved.
•Small Businesses Protected: Micro, small, and medium enterprises (MSMEs) will face minimal penalties for minor breaches.
•Big Tech Obligations: Large corporations will be held to higher standards, with substantial penalties for significant breaches.
Implications for Tech Companies
Increased Accountability:
Big Tech companies will have to comply with stricter data protection norms, including:
•Algorithmic Transparency: Ensuring that algorithms do not violate user rights.
•Data Protection Audits: Conducting and submitting data protection impact assessments and audits to the Data Protection Board.
Operational Adjustments:
Tech companies will need to reconfigure their systems to comply with India-specific data localisation requirements and implement measures to secure user data against breaches.
Balanced Approach Between Privacy and Innovation
Minister Vaishnaw reiterated that the draft rules aim to balance regulation and innovation. “These rules have been framed to ensure a balance between safeguarding citizen rights and fostering innovation in the digital space,” he said.
Next Steps
The draft rules, which will be tabled in the monsoon session of Parliament, are open for public consultation. The government has urged citizens and stakeholders to provide feedback to fine-tune these critical regulations.
