MeitY Invites Feedback on Draft Digital Personal Data Protection Rules, 2025

The Ministry of Electronics and Information Technology (MeitY) has released the Digital Personal Data Protection Rules, 2025, designed to facilitate the implementation of the Digital Personal Data Protection Act, 2023 (DPDP Act). These draft rules aim to enhance the legal framework for safeguarding digital personal data by providing actionable details and a robust operational structure. Stakeholders are encouraged to provide feedback or comments on the draft rules through the MyGov portal by February 18, 2025. Key Features of the Draft Rules:

The draft rules align with the principles of the SARAL framework, focusing on simplicity and clarity through the use of straightforward language, contextual definitions, and illustrations. This approach ensures better accessibility and comprehension for all stakeholders.

The Digital Personal Data Protection Rules, 2025, cover various critical aspects, including:

1. Notice Requirements for Data Fiduciaries: Guidelines on how individuals should be informed about data collection and processing.
2. Registration and Obligations of Consent Managers: Standards for entities managing user consent for data usage.
3. Data Processing for Government Subsidies and Services: Provisions for lawful data processing to enable delivery of government benefits and services.
4. Security Safeguards: Requirements for implementing reasonable measures to protect personal data.
5. Handling Data Breaches: Protocols for reporting and managing personal data breaches.
6. Individual Rights: Procedures for individuals to exercise their rights concerning their personal data.
7. Child and Disabled Persons' Data: Guidelines for processing personal data belonging to children or persons with disabilities.
8. Data Protection Board of India: Rules for establishing the Board, including the appointment of its Chairperson and members, service conditions, and operational procedures.
9. Digital Office and Appellate Tribunal: Provisions for the Board’s digital operations and the appeals process to the Appellate Tribunal.

The explanatory notes accompanying the draft rules further simplify their interpretation, making the framework user-friendly for stakeholders.

Invitation for Feedback

Stakeholders from industry, academia, civil society, and the general public are invited to review the draft rules and provide their feedback. Submissions can be made via the MyGov portal at https://innovateindia.mygov.in/dpdp-rules-2025. The deadline for submitting comments is February 18, 2025.

Background on the DPDP Act

The Digital Personal Data Protection Act, 2023, received Presidential assent and establishes a comprehensive framework for the processing of digital personal data. The Act seeks to balance individuals’ rights to data privacy with the necessity of processing personal data for lawful purposes, such as governance, economic development, and security.

By enabling clarity and operational detail through these draft rules, the Ministry aims to operationalize the DPDP Act in a manner that fosters trust and accountability in digital ecosystems. The rules also underscore the government’s commitment to safeguarding the digital rights of citizens while facilitating the lawful and secure processing of data.

For more information and to access the draft rules and explanatory notes, visit https://www.meity.gov.in/data-protection-framework.