MeitY 發布 DPDP 規則草案，邀請公眾回饋

印度政府本月公佈了《數位個人資料保護法》下的資料保護規則草案。 「數位個人資料」草案

The Government of India published the draft data protection rules under the Digital Personal Data Protection Act this month.

印度政府本月公佈了《數位個人資料保護法》下的資料保護規則草案。

The draft 'Digital Personal Data Protection Rules, 2025' (DPDP) included specific provisions related to handling digital data, much like Europe's GDPR, and outlined how information from minors had to be protected.

「2025 年數位個人資料保護規則」(DPDP) 草案包括與處理數位資料相關的具體規定，與歐洲的 GDPR 非常相似，並概述瞭如何保護未成年人的信息。

The DPDP outlines an illustration of how a "data fiduciary" (DF) needs to handle the information of the "data principal" (DP). Here, the data fiduciary is the entity that handles the information and manages the online platform (such as Meta, X, and so on). The data principal is the person or entity whose data is being handled. In the case of data protection in minors, the DP is a child.

DPDP 概述了「資料受託人」(DF) 需要如何處理「資料主體」(DP) 的資訊。這裡，資料受託人是處理資訊和管理線上平台的實體（例如Meta、X等）。資料主體是正在處理其資料的個人或實體。就未成年人資料保護而言，DP 是兒童。

Case 1: Child wants to make an account in a DF platform, where the parent already has an account

案例1：孩子想在DF平台上註冊帳戶，而家長已經有該平台的帳戶

Once the child informs the DF that they are a minor, the DF needs to enable the minor's parent to identify themselves through the DF website, app or "other appropriate means". Once the DF confirms the parent's reliable identity through their platform, the DF can go ahead and process the minor's personal data to create their user account.

一旦孩子告知 DF 自己是未成年人，DF 需要讓未成年人的家長能夠透過 DF 網站、應用程式或「其他適當方式」證明自己的身份。一旦 DF 透過其平台確認了家長的可靠身份，DF 就可以繼續處理未成年人的個人資料以建立其使用者帳戶。

Case 2: Child wants to make an account in a DF platform, where the parent does not have an account

案例2：孩子想在DF平台上註冊帳戶，而家長沒有帳戶

The initial steps are similar to the first case, but here, the DF needs to verify the parent's identity using a reference of details issued by an "entity entrusted by law or the Government with the maintenance of the said details or to a virtual token mapped to the same". The parent may "voluntarily make such details available using the services of a Digital Locker service provider".

最初的步驟與第一種情況類似，但在這裡，DF 需要使用“受法律或政府委託維護上述詳細信息的實體或映射的虛擬代幣”發布的詳細信息參考來驗證父母的身份。 。家長可以「使用數位儲物櫃服務提供者的服務自願提供此類詳細資訊」。

ALSO READ

另請閱讀

In the case of guardians in charge of minors, the data fiduciary needs to obtain verifiable consent from the person identifying [themselves] as the lawful guardian of a person with disability and "shall observe due diligence to verify that such guardian is appointed by a court of law, a designated authority or a local level committee, under the law applicable to guardianship."

對於負責未成年人的監護人，資料受託人需要獲得自稱為殘疾人合法監護人的人的可核實的同意，並且「應進行盡職調查，以核實該監護人是由法院指定的」根據適用於監護權的法律，指定機構或地方委員會。

While these apply to children's accounts, an extra layer of protection is guaranteed to all data principals by the DPDP, where the person whose data is processed by online platforms, and so on, can at any time access all information about their data and even erase such information.

雖然這些適用於兒童帳戶，但 DPDP 為所有資料主體提供了額外一層保護，其中資料由線上平台等處理的人可以隨時存取有關其資料的所有信息，甚至刪除資料此類資訊。

For this and any escalations regarding the same, the platforms (DF) need to publish and maintain a proper grievance redressal system and ensure its effectiveness, including adhering to the period of time decided for the cases.

對於此問題以及任何與此相關的升級，平台（DF）需要發布和維護適當的申訴補救系統並確保其有效性，包括遵守為案件決定的期限。

MeitY publishes draft DPDP rules, invites public feedback

MeitY 發布 DPDP 規則草案，邀請公眾回饋

The government published the draft data protection rules in the Gazette, inviting feedback from stakeholders and the public through the Ministry of Electronics and Information Technology (MeitY).

政府在公報上公佈了資料保護規則草案，並透過電子和資訊技術部（MeitY）徵求利害關係人和公眾的回饋意見。

The Centre hopes to finalize the 'Digital Personal Data Protection Rules, 2025' (DPDP) soon after incorporating such feedback. "The submissions will be held in fiduciary capacity in MeitY and shall not be disclosed to anyone at any stage, enabling persons to submit feedback/comments freely without any hesitation. A consolidated summary of the feedback/comment received, without attribution to stakeholder, shall be published after the finalization of the rules," said the ministry about the stakeholder publications.

該中心希望在納入此類回饋後儘快敲定《2025 年數位個人資料保護規則》(DPDP)。 「提交的內容將以受託人身份保存在MeitY 中，並且在任何階段都不得向任何人披露，使人們能夠毫不猶豫地自由提交反饋/評論。收到的反饋/評論的綜合摘要（不歸屬於利益相關者）應將在規則最終確定後發布”，該部在談到利益相關者出版物時表示。

For public feedback, the ministry added, "The submissions will not be disclosed and held in fiduciary capacity, to enable persons submitting feedback to provide the same freely. No public disclosure of the submissions will be made."

對於公眾反饋，該部補充說，“這些意見書不會被披露，也不會以信託身份持有，以便提交反饋的人能夠自由地提供同樣的意見。不會公開披露這些意見書。”

The last date for submitting feedback on the draft DPDP rules is February 18, 2025. The feedback can be submitted through the MyGov portal at https://innovateindia.mygov.in/dpdp-rules-2025/

提交有關 DPDP 規則草案回饋的最後日期是 2025 年 2 月 18 日。

The new DPDP rules, a massive change in how India views and uses the internet, are expected to roll out soon this year.

新的 DPDP 規則預計將在今年很快推出，這是印度看待和使用網路方式的巨大改變。