DT
PT
Subscribe To Print Edition About The Tribune Code Of Ethics Download App Advertise with us Classifieds
Add Tribune As Your Trusted Source
search-icon-img
search-icon-img
Advertisement
PREMIUM Explainers Defence Photo Gallery Cricket The Great Game Simply Punjab Simply Haryana UPSC
Home / India / Digital data protection rules notified

Digital data protection rules notified

Affirm right of individual to privacy, need for law to protect data

article_Author
Tribune News Service
New Delhi, Updated At : 02:00 AM Nov 15, 2025 IST
  • fb
  • twitter
  • whatsapp
  • whatsapp
featured-img featured-img
Representational photo
Advertisement
The Ministry of Electronics and Information Technology has notified the Digital Personal Data Protection (DPDP) Rules, 2025, a crucial step towards safeguarding personal data in the digital age. The rules affirms the right of an individual to privacy, and the need for a law to protect data.
Advertisement

The rules, which were circulated in January this year, lay down the framework of the Digital Personal Data Protection Act, 2023, passed in Parliament two years ago.

Advertisement

The Act spells out broad principles, consent, rights of individuals and obligations of data fiduciaries --- those who will collect and use personal data. With the rules now in place, the privacy regime will finally begin to take shape.

Advertisement

The Act requires firms to safeguard digital data of Indians, and prescribes a set of penalties for firms breaching these obligations on data privacy. The rules will be evoked in two phases. The amendment has come into force from November 14. However, actual obligations of ‘data fiduciaries’ – those who will collect and use personal data -- will have time until November 2026 to comply with provisions, such as putting out the details of their designated data protection officer (DPO).

Also, it will be by May 2027 for large technology firms to be subject to the full force of the Act. A Data Protection Board of India (DPBI) has also been set up. It can hold inquiries in response to complaints and impose penalties in case of breach of data. The board’s members, who have not yet been chosen, will be appointed by the Ministry of Electronics and Information Technology.

Advertisement

The rules provide the operational framework to implement the Act’s provisions. Data fiduciaries need to adopt technical and organisational measures to ensure that verifiable consent of a parent is obtained before processing any personal data of a child. Due diligence will be observed to confirm that the person identifying as the parent is an adult, verified through reliable identity and age details available with the data fiduciary, voluntarily provided by the individual, or through a virtual token issued by an authorised entity. A data fiduciary is required to erase personal data once the specified purpose is served, unless retention is required by law.

The DPDP Act, 2023 has gone through three iterations since 2017, with the first one in 2018 imposing conditions like data localisation.

Advertisement
Tags :
Advertisement
Advertisement
Advertisement

The Tribune, now published from Chandigarh, started publication on February 2, 1881, in Lahore (now in Pakistan). It was started by Sardar Dyal Singh Majithia, a public-spirited philanthropist, and is run by a trust comprising five eminent persons as trustees.

The Tribune, the largest selling English daily in North India, publishes news and views without any bias or prejudice of any kind. Restraint and moderation, rather than agitational language and partisanship, are the hallmarks of the newspaper. It is an independent newspaper in the real sense of the term.

The Tribune has two sister publications, Punjabi Tribune (in Punjabi) and Dainik Tribune (in Hindi).

Remembering Sardar Dyal Singh Majithia

Copyright © The Tribune Trust, 2024
Designed and developed by : sortd
tlbr_img1 Classifieds tlbr_img2 Videos tlbr_img3 Premium tlbr_img4 E-Paper tlbr_img5 Shorts