Digital Personal Data Protection Rules

Source: The post Digital Personal Data Protection Rules has been created, based on the article “No secret affair – Deliberations on draft Digital Personal Data Protection Rules must be open” published in “The Hindu” on 6th January 2025.

UPSC Syllabus Topic: GS Paper- 2- Polity

Context: The article addresses the critical need for transparency in the rule-making process for India’s Digital Personal Data Protection Rules, 2025, which seek to enforce the Digital Personal Data Protection Act passed over a year ago. Digital Personal Data Protection Rules

1. What is the significance of the draft Digital Personal Data Protection Rules, 2025?

1. The draft rules are a crucial step towards enforcing the fundamental right to informational privacy for Indians, as affirmed by the Supreme Court in Justice K.S. Puttaswamy vs. Union of India (2017).
2. They aim to implement the Digital Personal Data Protection Act, passed over a year ago, which itself was delayed for seven years.
3. The delay has potentially compromised the privacy of Indians’ data during a period of rapid digitisation.

2. What are the key features of the proposed rules?

1. User Data Communication: Online services must clearly communicate the purposes of their data collection.
2. Children’s Data Protection: Specific safeguards for handling children’s data online.
3. Data Protection Board of India (DPBI): Establishes the DPBI and defines its functions.
4. Government Exemptions: Sets standards for government agencies to follow if exempted from the Act.
5. Data Breach Procedures: Outlines steps to be taken if a data fiduciary breaches personal data.

3. Are there concerns with the proposed rules?

1. Concerns remain about the institutional design of the DPBI, which has not been addressed in these rules.
2. It is unlikely that subordinate legislation will resolve these issues comprehensively.

4. Why is the rule-making process criticized?

1. The government has kept the process opaque, declining to make stakeholder recommendations public.
2. This lack of transparency has been a pattern since the Justice B.N. Srikrishna committee drafted the first Bill.
3. An open, deliberative process involving public and industry associations is essential but absent.

5. What principles should guide the finalisation of the rules?

1. Transparency: Equal participation of stakeholders, including industry associations and the public, with visibility into all viewpoints.
2. Data Protection Goals: Focus on:
   • Minimising data collection.
   • Promoting disclosures.
   • Penalising negligence in data protection.
   • Discouraging surveillance by both private entities and the government.

3. Timeliness: The process must move quickly to ensure Indians receive the rights affirmed in 2017.

6. What are the risks of further delay or lack of transparency?

1. Continued delays erode public confidence in the government’s commitment to protecting data privacy.
2. Both private enterprises and government agencies may exploit the absence of stringent rules, compromising users’ data further.
3. By addressing these issues with openness and adherence to privacy principles, the government can reinforce trust and effectively protect Indians’ digital rights.