MeitY publishes draft DPDP rules, invites public feedback

The Government of India published the draft data protection rules under the Digital Personal Data Protection Act this month. The draft 'Digital Personal Data

The Government of India published the draft data protection rules under the Digital Personal Data Protection Act this month.

The draft 'Digital Personal Data Protection Rules, 2025' (DPDP) included specific provisions related to handling digital data, much like Europe's GDPR, and outlined how information from minors had to be protected.

The DPDP outlines an illustration of how a "data fiduciary" (DF) needs to handle the information of the "data principal" (DP). Here, the data fiduciary is the entity that handles the information and manages the online platform (such as Meta, X, and so on). The data principal is the person or entity whose data is being handled. In the case of data protection in minors, the DP is a child.

Case 1: Child wants to make an account in a DF platform, where the parent already has an account

Once the child informs the DF that they are a minor, the DF needs to enable the minor's parent to identify themselves through the DF website, app or "other appropriate means". Once the DF confirms the parent's reliable identity through their platform, the DF can go ahead and process the minor's personal data to create their user account.

Case 2: Child wants to make an account in a DF platform, where the parent does not have an account

The initial steps are similar to the first case, but here, the DF needs to verify the parent's identity using a reference of details issued by an "entity entrusted by law or the Government with the maintenance of the said details or to a virtual token mapped to the same". The parent may "voluntarily make such details available using the services of a Digital Locker service provider".

ALSO READ

In the case of guardians in charge of minors, the data fiduciary needs to obtain verifiable consent from the person identifying [themselves] as the lawful guardian of a person with disability and "shall observe due diligence to verify that such guardian is appointed by a court of law, a designated authority or a local level committee, under the law applicable to guardianship."

While these apply to children's accounts, an extra layer of protection is guaranteed to all data principals by the DPDP, where the person whose data is processed by online platforms, and so on, can at any time access all information about their data and even erase such information.

For this and any escalations regarding the same, the platforms (DF) need to publish and maintain a proper grievance redressal system and ensure its effectiveness, including adhering to the period of time decided for the cases.

MeitY publishes draft DPDP rules, invites public feedback

The government published the draft data protection rules in the Gazette, inviting feedback from stakeholders and the public through the Ministry of Electronics and Information Technology (MeitY).

The Centre hopes to finalize the 'Digital Personal Data Protection Rules, 2025' (DPDP) soon after incorporating such feedback. "The submissions will be held in fiduciary capacity in MeitY and shall not be disclosed to anyone at any stage, enabling persons to submit feedback/comments freely without any hesitation. A consolidated summary of the feedback/comment received, without attribution to stakeholder, shall be published after the finalization of the rules," said the ministry about the stakeholder publications.

For public feedback, the ministry added, "The submissions will not be disclosed and held in fiduciary capacity, to enable persons submitting feedback to provide the same freely. No public disclosure of the submissions will be made."

The last date for submitting feedback on the draft DPDP rules is February 18, 2025. The feedback can be submitted through the MyGov portal at https://innovateindia.mygov.in/dpdp-rules-2025/

The new DPDP rules, a massive change in how India views and uses the internet, are expected to roll out soon this year.