Navigating New Digital Data Protection Rules: A Landmark Draft

The government has rolled out the Digital Personal Data Protection Rules draft, necessitating parental consent for minors on online platforms. The draft mandates data fiduciaries to obtain consent before processing data, highlights consent managers, and provides guidelines for compliance but lacks penalty details acknowledged in the DPDP Act.

Devdiscourse News Desk | New Delhi | Updated: 03-01-2025 23:17 IST | Created: 03-01-2025 23:17 IST

Navigating New Digital Data Protection Rules: A Landmark Draft

Country:
India

The government unveiled its draft for the Digital Personal Data Protection Rules on Friday, introducing new regulations for parental consent on children's accounts on social platforms. It specifies that social media platforms must secure verifiable parental consent alongside proof of identity and age.

These newly proposed rules emphasize the role of consent managers, tasked with maintaining consent records for data processing. Companies, identified as data fiduciaries, are required to ensure these processes align with legal standards, with data retention limited to the duration of the provided consent.

Despite being anticipated for over a year, the draft lacks detailed guidance on penalties as stated in the DPDP Act. Experts highlight the complexities businesses will face, especially around consent, urging firms to invest in infrastructure and overhaul data practices. Comprehensive public consultations will help refine these rules.

(With inputs from agencies.)