The Digital Private Knowledge Safety Guidelines (DPDP), 2025 have been notified this week, kicking off the formation of the Knowledge Safety Board of India (DPBI), and the authorized framework for safeguarding the information of Indian folks on-line. The DPDP Act itself was handed in Parliament in August 2023, and a draft of the Guidelines that have been notified on Friday (November 14, 2025) have been launched for session in January.
What do the DPDP Act and Guidelines do?
The DPDP Act, 2023 is India’s model of knowledge safety legal guidelines similar to Europe’s Normal Knowledge Safety Regulation (GDPR) and related regimes in lots of different international locations, similar to Singapore’s Private Knowledge Safety Act, 2012. Like these regimes, the Act units out some baselines for a way firms (“information fiduciaries”) deal with information of their customers in India (“information principals”). For example, there should be entry management and encryption, together with safety audits for big companies (“important information fiduciaries”).
Knowledge principals are additionally required to take “knowledgeable” consent from their customers, and anybody whose information they gather, by giving a abstract of what information they’re accumulating, and the way they are going to use it. The Act additionally offers customers the precise to erase or modify information they supply to companies, or to delete it. After a specified interval of inactivity, companies are below an obligation to delete the information they’ve on customers. A Knowledge Safety Officer needs to be appointed by massive companies, who will oversee compliance.
The Act additionally restricts focused promoting and sure information assortment for youngsters. The Guidelines carve out an exemption right here for folks monitoring their youngsters’s location.
To permit customers to train rights throughout quite a lot of fiduciaries (accounts over a number of platforms), the Act and Guidelines set out the framework for a “Consent Supervisor,” a service that may permit customers to handle their information throughout a number of fiduciaries, much like permissions supervisor settings on a smartphone.
Knowledge breaches should be reported as quickly as attainable, the Act says. Fines for non-compliance for various components of the regulation vary from ₹10,000 to ₹250 crore.
Are these necessities in pressure?
No. Whereas over two years have passed by for the reason that Act was notified, the Ministry of Electronics and Info Expertise (MeitY) has chosen to offer companies as much as 18 extra months to conform. Some necessities, like having a DPO be appointed for big companies, goes into impact one yr from now.
Some components of the Act have been kicked into motion — such because the DPBI’s formation. The DPBI will oversee the Act’s implementation and might be a subordinate workplace of MeitY. The physique can have 4 members.
One other a part of the Act that goes stay is the modification to the Proper to Info Act, 2005, which has been furiously resisted by digital rights and transparency teams alike.
How is the RTI Act amended? Why is the modification controversial?
The 2023 Act amended Part 8(1)(j) of the Proper to Info Act, 2005, which permits residents to request public data from authorities our bodies. That part allowed authorities our bodies to refuse requests for “private data,” however mentioned that this exemption wouldn’t apply if there was a bigger public curiosity in disclosing the knowledge.
The DPDP Act eliminated that carve-out, permitting authorities organizations extra discretion in what’s and is not private data, and decline it even when doing so can be within the public curiosity. The 2023 regulation was not going to be in pressure — together with this modification — till the Union authorities notified it. Transparency activists, similar to these belonging to the Mazdoor Kisan Shakti Sangathan (MKSS) and the Nationwide Marketing campaign for the Individuals’s Proper to Info (NCPRI), spent years (for the reason that DPDP Act’s 2022 draft was printed) resisting this alteration.
However on Friday, the federal government disregarded that pushback, and particularly invoked its energy to push the modification via within the type of a notification. One other modification, to the Info Expertise Act, 2000, isn’t but in pressure.
Organizations like MKSS have labored with grassroots actions to get entry to ration “muster rolls” and work order logbooks, permitting them to scrutinize public data for indicators of graft and misspending. With a broad definition of “private data,” they’ve argued, residents could don’t have any room to conduct such social audits. The modification may be used to protect highly effective officers’ misconduct, they’ve mentioned.
Nikhil Dey, an MKSS founding member, vowed that “'(w)e the folks’ will combat again” after the modification went into pressure.
Printed – November 15, 2025 02:32 pm IST