The government of India has notified the rules to operationalize the Digital Personal Data Protection (DPDP) law, originally passed by Parliament in August 2023. This action establishes a consent-based regime aimed at providing millions of online citizens with guaranteed control over their digital data across various online activities, including social media, e-commerce, and government services.
Key requirements include social media companies obtaining verifiable parental consent for users under 18 years of age. Companies and organizations violating these regulations face potential penalties, which can reach up to Rs 250 crore for serious failures in data protection and breaches. Furthermore, companies are mandated to promptly inform both users and the new data protection board about any data breaches.
The law also strengthens user rights, allowing individuals to access, correct, update, or erase their personal data, and to nominate another person to exercise these rights on their behalf, with Data Fiduciaries required to respond within 90 days. For transparency, companies must display contact information for data protection inquiries. Implementation of these rules will be gradual, with an 18-month transition window provided for companies, overseen by a central government-constituted committee.
Source: https://timesofindia.indiatimes.com/india/8-years-after-supreme-court-made-privacy-a-fundamental-right-indias-digital-personal-data-protection-law-set-to-go-live/articleshow/125341044.cms