PM Modi Highlights India’s Citizen-Centric Governance in Digital Personal Data Protection Rules, 2025
New Delhi, January 8: Prime Minister Narendra Modi has emphasized that the newly introduced Draft Digital Personal Data Protection Rules, 2025, exemplify India’s unwavering commitment to citizen-centric governance. Reacting to a post by Union Minister Ashwini Vaishnaw, Modi stated, “Union Minister, @AshwiniVaishnaw explains how the Draft Digital Personal Data Protection Rules, 2025, prioritises India’s commitment to citizen-centric governance. The rules aim to safeguard personal data while driving growth and inclusivity.”
On January 5, the Ministry of Electronics and Information Technology (MeitY) elaborated on the draft Digital Personal Data Protection (DPDP) Rules, which are designed to protect citizens’ rights in line with the Digital Personal Data Protection Act, 2023. The Ministry further announced that the public would have the opportunity to submit feedback on the draft rules until February 18, 2025, through the MyGov portal.
The DPDP Act and the accompanying draft rules are crafted to keep pace with the rapid evolution of digital technologies. One key feature is the establishment of a Data Protection Board, envisioned as a fully digital entity, which will allow citizens to lodge complaints and resolve disputes online, eliminating the need for physical presence. Additionally, the rules aim to raise awareness among citizens about their rights and empower them to manage their personal data through multilingual digital platforms.
Apart from gathering online feedback, the Ministry also plans structured consultations with stakeholders from civil society, industry, and government to refine the draft rules. Once finalized, the rules will be submitted to Parliament for approval.
The draft rules are designed to balance individual rights protection with the continued growth of digital practices. Organizations will have sufficient time to comply with the new regulations, minimizing compliance burdens. Data processing based on prior consent will remain allowed, with proper notices issued to individuals to ensure their rights are respected.
In terms of safeguarding children’s personal data, Data Fiduciaries will be required to implement measures to obtain verifiable parental consent. Startups will also benefit from reduced compliance requirements, while significant Data Fiduciaries will face stricter obligations. Furthermore, the DPDP Act introduces graded financial penalties, which will be determined based on the severity and duration of violations. Businesses may submit voluntary undertakings to the Data Protection Board to avoid penalties during proceedings, ensuring that enforcement remains fair and proportional.
Notably, the draft rules do not impose a blanket requirement for storing personal data within India. However, restrictions on cross-border data transfers may apply to certain categories of personal data as recommended by a designated committee.
By integrating digital-first mechanisms and maintaining a balanced regulatory framework, the draft DPDP Rules aim to protect citizens’ rights while fostering a thriving digital economy in India.
