New Digital Data Protection Rules Unveiled

The Indian government has released the much-anticipated draft of the Digital Personal Data Protection Rules. This new framework aims to enhance the protection of personal data, especially for children. The rules require social media and online platforms to obtain verifiable consent from parents before allowing children to create accounts. This move is part of a broader effort to safeguard the privacy of minors in the digital space. The draft rules have been published for public consultation and will be finalized after February 18, 2024.

Key Provisions for Children’s Data Protection

One of the most significant aspects of the draft rules is the requirement for parental consent. Social media and online platforms must verify the identity and age of parents before allowing their children to create accounts. This verification must be done using identity proof issued by a legally recognized entity or the government. The rules emphasize that digital platforms must conduct due diligence to ensure that the person claiming to be a parent is indeed an adult. This measure aims to prevent unauthorized access to children’s accounts and protect their personal information.

The draft rules also outline that data fiduciaries, which include e-commerce, social media, and gaming platforms, must adopt appropriate technical and organizational measures. These measures are designed to ensure that verifiable consent from parents is obtained before processing any personal data of children. This requirement highlights the government’s commitment to protecting minors in the digital landscape, where they are increasingly exposed to various online risks.

Consent Management and Data Fiduciaries

The draft rules introduce the concept of consent managers. These entities will be responsible for managing the records of consents given by individuals. Data fiduciaries can only use and process personal data if individuals have provided their consent to these consent managers. This system aims to create a more structured approach to data management, ensuring that individuals have control over their personal information.

Moreover, data fiduciaries are required to retain personal data only for the duration of the consent provided. Once the consent period expires, the data must be deleted. This provision is crucial in preventing the misuse of personal data and ensuring that individuals’ privacy is respected. However, the draft rules do not specify penalties for data fiduciaries who violate these regulations, despite the Digital Personal Data Protection Act allowing for fines of up to Rs 250 crore.

Challenges and Compliance for Businesses

Industry experts have noted that the draft rules present both opportunities and challenges for businesses. Mayuran Palanisamy, a partner at Deloitte India, highlighted that the rules provide much-needed clarity on compliance obligations. These include the responsibilities of significant data fiduciaries, the registration of consent managers, and the functioning of the Data Protection Board. However, he also pointed out that businesses may face complex challenges in managing consent, which is central to the new law.

Maintaining consent records and allowing users to withdraw consent for specific purposes may require significant changes to the design and architecture of applications and platforms. Organizations will need to invest in technical infrastructure and processes to meet these requirements effectively. This includes revising data collection practices, implementing consent management systems, and establishing clear data lifecycle protocols. The successful implementation of these measures will be crucial for businesses to comply with the new regulations and protect user data.

Public Consultation and Future Steps

The draft rules have been made available for public consultation, allowing stakeholders to provide feedback before the final version is adopted. This process is essential for ensuring that the regulations are practical and effective in addressing the challenges of digital data protection. The government aims to incorporate public input into the final rules, which will be crucial for their successful implementation.

As the digital landscape continues to evolve, the need for robust data protection measures becomes increasingly important. The draft rules represent a significant step towards enhancing the privacy and security of personal data, particularly for children. With the finalization of these rules, India aims to establish a comprehensive framework that balances the needs of businesses with the rights of individuals in the digital age.

Observer Voice is the one stop site for National, International news, Editor’s Choice, Art/culture contents, Quotes and much more. We also cover historical contents. Historical contents includes World History, Indian History, and what happened today. The website also covers Entertainment across the India and World.

Follow Us on Twitter, Instagram, Facebook, & LinkedIn