Inter-Ministerial Consulations Conclude with Home Ministry Approval: DPDP Act Rules on Verge of Nod
New Delhi, [Date] - Inter-ministerial consultations on the draft rules for India's Digital Personal Data Protection (DPDP) Act have concluded with the home ministry's approval, bringing the country one step closer to implementing the landmark legislation.
The Electronics and Information Technology Ministry (MeitY) is now set to release the draft rules for public consultation, paving the way for their eventual notification and phased implementation. The timeline is expected to span approximately 18 to 24 months, with private entities facing an adjustment period to comply with the new regulatory framework.
Signed into law over 16 months ago, the DPDP Act has struggled to make headway due to the absence of its operational rules. The government's long-awaited move marks a significant milestone, as it seeks to ensure data privacy, enforce data minimisation and purpose limitations, and impose penalties on non-compliance.
With several ministries having expressed concerns over user consent mechanisms and data handling procedures, officials stated that the critical aspects of the Act will receive attention in the final rules. These include consent management for minors, exemptions for certain entities, and provisions to address disputes between data principals and fiduciaries.
Under the DPDP Act, consumers are set to gain greater control over their personal data. Companies handling user data will be required to disclose the information they possess, allowing users to request its deletion or specify usage preferences. Additionally, consumers will enjoy the right to demand details on the purpose of data collection, permissible uses, and the timeline for deletion.
Entities found guilty of data breaches could face penalties of up to Rs 250 crore per incident, underscoring the government's intent to enforce stringent compliance with the new rules.
The publication is scheduled to release the draft rules for public consultation shortly, allowing stakeholders to provide feedback and suggestions. Once passed through, the Act will serve as a robust framework to safeguard digital personal data in India, aligning with global standards for data protection.