The Supreme Court of India has agreed to examine petitions challenging the constitutional validity of the Digital Personal Data Protection (DPDP) Act, 2023, focusing on concerns about its impact on the Right to Information Act.
The draft rules have been issued after Parliament approved the Digital Data Protection Bill 2023 about 14 months back.
'One has to be very mindful because it will be applicable for big tech platforms and even for banks and insurers, whose business is completely different.'
The "construct of the DPDP Act" cannot be changed at this stage, though there may be some minor tweaks in the language of the Rules and formats in certain legitimate cases.
Prime Minister Narendra Modi is promoting India as a global hub for digital infrastructure and artificial intelligence, highlighting the government's incentives for data center investments and inviting the world's data to reside in India.
The new rules allow for a staggered implementation road map, giving companies, data fiduciaries, data principals, and other stakeholders up to 18 months to comply with the administrative guidelines under the DPDP Act.
'We are in touch with industry to further compress the timelines.'
Entities may be given about a year to tune their systems to comply with norms of Digital Personal Data Protection Act, 2023, Minister of State for Electronics and IT Rajeev Chandrasekhar said on Wednesday. Speaking to reporters on the sidelines of consultation with the industry, Chandrasekhar said the Data Protection Board and guidelines for the eight rules, including consent management, will be put in place within a month. "Industry wants some more time for age-gating, different timelines for transition for different data fiduciaries.
The government on Thursday tabled the Digital Personal Data Protection Bill 2023 in the Lok Sabha with an aim to protect the privacy of Indian citizens, while proposing a penalty of up to Rs 250 crore on entities for misusing or failing to protect digital data of individuals.
DPDP Act (2023) gives individuals the right to decide how their personal data is collected and used. For many businesses, this means reworking longstanding data practices, notes Ravi Duvvuru.
Companies, particularly those that are notified as Significant Data Fiduciaries, will have to make extensive investments in data mapping, process modification, consent management tools, tools to enable Data Principal Rights, and establish a well-structured Data Privacy Officer organisation.
Microsoft CEO Satya Nadella on Tuesday announced plans to invest $17.5 billion in India to help build infrastructure and sovereign capabilities for the country's AI-first future, marking the third major AI-driven investment in the country in the past two months. Microsoft said that the $17.5 billion (around Rs 1.58 lakh crore) investment builds on the $3 billion (around Rs 26,955 crore) funding announced earlier this year, which the company is on track to spend by the end of CY (calendar year) 2026.
The court is hearing appeals against a CCI order imposing a penalty on Meta and WhatsApp.
"All they have done in their entire report is privacy regulation," counsel appearing for WhatsApp told the appellate tribunal.
The DPDP rules, which have come into effect, require companies to implement a data protection and consent management system by November 2026.
After withdrawing the personal data protection bill, the government is hopeful of getting a new legislation passed by the next Budget session of Parliament, Union Minister Ashwini Vaishnaw has said.
Rahul Gandhi claims the Indo-US trade deal will compromise the data security of 1.5 billion Indians, alleging Prime Minister Modi is surrendering India's data resources to the US. He warns of potential job losses in the IT sector due to AI and the importance of controlling India's data pool.
'There were two options before the government -- create a complex, cumbersome law, which will cause a tremendous amount of compliance challenges for startups or say let's go back and do a clean slate, where we do a framework of laws and policies'
Hours after Congress leader Manish Tewari on Thursday said the government might get the Digital Data Protection Bill classified as a money bill, Union IT Minister Ashwini Vaishnaw refuted the charge and termed it a "normal bill".
'By extending the definition of 'personal' to include institutions and not just individuals, the State has equipped itself with a tool to block access to most kinds of information.'
Sarvam's LLM will have more than 17 trillion tokens with 17 to 20 per cent coming from Indian data
After withdrawing the personal data protection bill, the government is hopeful of getting a new legislation passed by the next Budget session of Parliament, Union minister Ashwini Vaishnaw has said. The government on Wednesday withdrew the Personal Data Protection Bill from the Lok Sabha. The Joint Committee on Personal Data Protection Bill, 2019, headed by BJP member P P Chaudhary, had tabled its report in Lok Sabha on December 16, 2021.
'The impact will be minimal and it will only increase compliance cost on consent, data flows, localisation timelines, internal audits, data mapping, and new tooling.'
'By leveraging user data from WhatsApp, Meta can enhance its technology.' 'It (user data) is collected by me, it's my personal property. Shall I give it to my competitors?'
The report touches on variety of issues including consent, rights of children, data protection authority and right to recall data.
'Companies will need to revisit compensation structures, contracts, staffing models, and human resources system.'
Since the deadline for Justice B N Srikrishna Committee's feedback is December 31, the government is unlikely to table a data protection Bill in the winter session of Parliament.
'Instead of the government and telecom operators solving the mess of their own creation, they're telling us we need to give access to our phones perpetually.'
'Look at what kind of sites the child is visiting, what kind of games they are playing and then tell them about the pitfalls.' 'After the child sleeps, parents can check the history of sites visited and block sites that could be dangerous or inappropriate.'
Recently, an Air India flyer sent a legal notice to the airline seeking damages of Rs 30 lakh for the breach of personal data of 4.5 million passengers, including her husband and herself. Air India had informed the complainant of the data leak a month earlier, after it emerged that its passenger service system provider fell prey to a cyberattack in February. However, in the absence of a data protection law, India lacks a mechanism for compensation or grievance redress of consumers in such cases, say experts. Advocate Virag Gupta, a New Delhi-based cyber law expert, explains that a legal notice is a good beginning in the Air India case, but it raises many questions. These include whether sensitive personal information has been leaked and whether the airline is responsible or not, given that a passenger service system provider was also involved.
Significant controls and exemptions to the government under the proposed Digital Personal Data Protection bill 2022 are likely to make it harder for companies to invest in data centres and data processing activities in India, according to global technology industry body ITI. The ministry of electronics and IT has floated draft Digital Personal Data Protection (DPDP) Bill 2022 and has invited comments on the same till January 2. "The Bill grants significant controls to the executive arm of GOI (Government of India) and delegates much of the detailed rulemaking authority to separate, as yet undefined processes.
The draft digital personal data protection (DPDP) rules, which require banks to obtain explicit consent from their customers before using their data for purposes beyond the original intent, although is being followed in spirit, leaves no room for regulatory arbitrage, experts said. They said that the potential business impact is difficult to assess at this stage, but the formalisation of these rules will mean banks now need to establish clear data processing agreements with third-party entities to ensure compliance.
This Budget positions India's taxation ideology as not merely a revenue source but as a strategic catalyst for growth, inclusion and long-term confidence.
The government will "notify such countries or territories outside India to which a data fiduciary may transfer personal data", according to the draft unveiled on Friday for public feedback.
From Rs 73k to over Rs 1.2L between January-December 2025 -- is buying gold in 2026 still sensible?
'Unless the government comes up with the rulebook, the technical requirements will not be clear to us.' 'Going by the Act, non-technical provisions can be complied with within six months.' 'But we need up to 24 months for provisions like parental consent.'
'The real story of 2025 is that India officially stopped being a 'market of the future' and started acting as the world's primary economic engine.'
A 10-part series that explains all you want to know about how India's EPF turns a slice of your monthly salary into long-term savings, pension, and life insurance.
Gaming and cyber security experts suggest how kids and parents can stay aware to fight the growing threats and miscreants who act from behind the screen.
In a first of its kind move, the Indian Railways Catering and Tourism Corporation (IRCTC), the ticket booking arm of the Indian Railways, is looking to monetise its bank of passenger data while conducting business with private and government companies. IRCTC has a large bank of data related to every online railway ticket ever generated as it is the country's only railway ticketing platform, an IRCTC official told Business Standard. The public sector undertaking, which has sought the services of a consultant to assist with the monetisation process, plans to raise Rs 1,000 crore through this exercise.
© 2026 Rediff.com - Investor Information - Advertise with us - Disclaimer - Privacy Policy - Sitemap - Feedback - About us - Terms of use - Grievances