The Supreme Court of India has agreed to examine petitions challenging the constitutional validity of the Digital Personal Data Protection (DPDP) Act, 2023, focusing on concerns about its impact on the Right to Information Act.
Digital Personal Data Protection (DPDP) law aims to protect the privacy of Indian citizens while proposing a penalty of up to Rs 250 crore on entities for misusing or failing to protect digital data of individuals.
A new law that defines how companies should process users' data came into force with the President giving assent to the Digital Personal Data Protection (DPDP) Act passed by Parliament in the just-concluded monsoon session. The law arms individuals with greater control over their data while allowing companies to transfer users' data abroad for processing, except to nations and territories restricted by the Centre through notification. It also gives the government power to seek information from firms and issue directions to block content.
The draft rules have been issued after Parliament approved the Digital Data Protection Bill 2023 about 14 months back.
The "construct of the DPDP Act" cannot be changed at this stage, though there may be some minor tweaks in the language of the Rules and formats in certain legitimate cases.
'One has to be very mindful because it will be applicable for big tech platforms and even for banks and insurers, whose business is completely different.'
Prime Minister Narendra Modi is promoting India as a global hub for digital infrastructure and artificial intelligence, highlighting the government's incentives for data center investments and inviting the world's data to reside in India.
The new rules allow for a staggered implementation road map, giving companies, data fiduciaries, data principals, and other stakeholders up to 18 months to comply with the administrative guidelines under the DPDP Act.
The data protection bill introduced in Parliament on Thursday enables the government "to call for information" from data protection board, data collecting entities or intermediary, and safeguards the Centre from legal proceedings for "action taken in good faith" under the provisions of the legislation.
Entities may be given about a year to tune their systems to comply with norms of Digital Personal Data Protection Act, 2023, Minister of State for Electronics and IT Rajeev Chandrasekhar said on Wednesday. Speaking to reporters on the sidelines of consultation with the industry, Chandrasekhar said the Data Protection Board and guidelines for the eight rules, including consent management, will be put in place within a month. "Industry wants some more time for age-gating, different timelines for transition for different data fiduciaries.
'We are in touch with industry to further compress the timelines.'
The government on Thursday tabled the Digital Personal Data Protection Bill 2023 in the Lok Sabha with an aim to protect the privacy of Indian citizens, while proposing a penalty of up to Rs 250 crore on entities for misusing or failing to protect digital data of individuals.
India needs a paradigm shift in personal data management that transforms the current organisation-centric data sharing system to an individual centric approach that promotes user control on data sharing for empowerment, said Niti.
DPDP Act (2023) gives individuals the right to decide how their personal data is collected and used. For many businesses, this means reworking longstanding data practices, notes Ravi Duvvuru.
The Rajya Sabha on Wednesday passed the Digital Personal Data Protection Bill 2023 by voice vote following a walkout by opposition members over the Manipur issue.
Companies, particularly those that are notified as Significant Data Fiduciaries, will have to make extensive investments in data mapping, process modification, consent management tools, tools to enable Data Principal Rights, and establish a well-structured Data Privacy Officer organisation.
'Digital arrests are the cutting edge of the problem and the most challenging part of the ecosystem right now.'
The government on Wednesday withdrew the Personal Data Protection Bill from Lok Sabha and said it will come out with a 'set of fresh legislations' that will fit into the comprehensive legal framework.
'We do have some concerns with the timeline being shortened from 18 to 12 months.'
The court is hearing appeals against a CCI order imposing a penalty on Meta and WhatsApp.
Microsoft CEO Satya Nadella on Tuesday announced plans to invest $17.5 billion in India to help build infrastructure and sovereign capabilities for the country's AI-first future, marking the third major AI-driven investment in the country in the past two months. Microsoft said that the $17.5 billion (around Rs 1.58 lakh crore) investment builds on the $3 billion (around Rs 26,955 crore) funding announced earlier this year, which the company is on track to spend by the end of CY (calendar year) 2026.
The DPDP rules, which have come into effect, require companies to implement a data protection and consent management system by November 2026.
The Union Cabinet on Friday approved Rs 11,718 crore for conducting the Census of India, 2027, which would include the caste enumeration for the first time.
"It's easier, easier than ever now to impersonate someone, to create deep fakes, to manipulate images, to misuse personal data. And most women, unfortunately, we don't know how to fight back," says Soha Ali Khan.
Rahul Gandhi claims the Indo-US trade deal will compromise the data security of 1.5 billion Indians, alleging Prime Minister Modi is surrendering India's data resources to the US. He warns of potential job losses in the IT sector due to AI and the importance of controlling India's data pool.
'There were two options before the government -- create a complex, cumbersome law, which will cause a tremendous amount of compliance challenges for startups or say let's go back and do a clean slate, where we do a framework of laws and policies'
Hours after Congress leader Manish Tewari on Thursday said the government might get the Digital Data Protection Bill classified as a money bill, Union IT Minister Ashwini Vaishnaw refuted the charge and termed it a "normal bill".
After withdrawing the personal data protection bill, the government is hopeful of getting a new legislation passed by the next Budget session of Parliament, Union Minister Ashwini Vaishnaw has said.
'By extending the definition of 'personal' to include institutions and not just individuals, the State has equipped itself with a tool to block access to most kinds of information.'
...on par with oil, power, and defence, and to restrict its storage under foreign control.
Sarvam's LLM will have more than 17 trillion tokens with 17 to 20 per cent coming from Indian data
After withdrawing the personal data protection bill, the government is hopeful of getting a new legislation passed by the next Budget session of Parliament, Union minister Ashwini Vaishnaw has said. The government on Wednesday withdrew the Personal Data Protection Bill from the Lok Sabha. The Joint Committee on Personal Data Protection Bill, 2019, headed by BJP member P P Chaudhary, had tabled its report in Lok Sabha on December 16, 2021.
'The impact will be minimal and it will only increase compliance cost on consent, data flows, localisation timelines, internal audits, data mapping, and new tooling.'
'By leveraging user data from WhatsApp, Meta can enhance its technology.' 'It (user data) is collected by me, it's my personal property. Shall I give it to my competitors?'
Personal data like mobile numbers, PAN, addresses and pre-existing medical conditions of about 3.1 crore customers of Star Health Insurance is allegedly available on a website created by a hacker identified as xenZen. The hacker claimed that Star Health's Chief Information Security Officer (CISO) sold all the data and later tried to change the terms of their deal.
"All they have done in their entire report is privacy regulation," counsel appearing for WhatsApp told the appellate tribunal.
The report touches on variety of issues including consent, rights of children, data protection authority and right to recall data.
Since the deadline for Justice B N Srikrishna Committee's feedback is December 31, the government is unlikely to table a data protection Bill in the winter session of Parliament.
Once the OS layer is opened to the State, it doesn't close, notes Lieutenant General Prakash Katoch (retd).
© 2026 Rediff.com - Investor Information - Advertise with us - Disclaimer - Privacy Policy - Sitemap - Feedback - About us - Terms of use - Grievances