Union Minister Ashwini Vaishnaw has announced that the Digital Personal Data Protection (DPDP) Rules will be further refined to enhance the protection of children in the digital space, while simultaneously enabling their access to technology. The minister made these remarks on Tuesday, stating that the government plans to evolve the rules based on feedback and real-world insights gathered during their implementation.
Speaking to reporters, Vaishnaw outlined the government’s intent to strike a balance between empowering children with technology and safeguarding them from potential harm. “We will refine it (DPDP Rules) further to take the power of technology to children while saving them from many harms,” Vaishnaw stated. He emphasised that the focus would be on ensuring that children can benefit from the digital world without falling prey to its risks.
The government had unveiled the draft DPDP Rules 2025 on January 3, 2025. These draft rules are now open for public consultation, which will continue until February 18, 2024. The rules aim to provide a framework for handling personal data, with particular attention to how data is collected, processed, and protected, especially in the case of vulnerable groups such as children.
Key provisions of the DPDP rules
One of the key aspects of the DPDP Rules is that digital platforms will only be allowed to process the data of children if they have obtained explicit consent from a verifiable guardian or parent. The consent process will involve verifying the identity and age of the parent or guardian. The verification can be done using voluntarily provided identity details, or through a virtual token system. This token system would be issued by an entity designated by law, or by a state or central government agency entrusted with maintaining personal identification details.
The minister explained that the use of virtual tokens has already been successful in other instances, such as Aadhaar-based transactions. “The tokens will be temporary and limited to one transaction, after which they will be destroyed automatically,” Vaishnaw clarified, assuring the public that the use of such tokens would not compromise individual privacy.
Ensuring privacy and sector-specific guidelines
Vaishnaw also addressed concerns around privacy, asserting that the use of virtual tokens would pose no risk to an individual’s privacy. He highlighted that the DPDP Rules would continue to evolve in consultation with experts and stakeholders, particularly in cases where sector-specific guidelines are necessary. These additional guidelines would ensure that data protection measures are tailored to specific industries, balancing the need for digital innovation with the importance of safeguarding sensitive information.
The minister also reassured the public that the DPDP Act would not affect whistleblowers. Whistleblowers, he noted, are already protected under the law, and the new data protection rules would not alter this. “There will be no risk to the privacy of whistleblowers under the DPDP Act,” Vaishnaw emphasised.
Complaints process under the DPDP Act
Regarding complaints under the DPDP Act, Vaishnaw confirmed that no specific limit has been set for filing grievances. This means that individuals can lodge complaints if they believe their data privacy has been violated, with no restriction on the number of complaints or the timeframe in which they must be filed.
More Read
As the consultation period for the draft DPDP Rules progresses, the government is likely to gather additional feedback from civil society, industry leaders, and other stakeholders. Vaishnaw’s comments reflect the government’s commitment to refining and strengthening data protection regulations, ensuring they not only protect personal data but also foster the responsible use of technology, particularly for children.
The DPDP Rules are part of India’s broader efforts to address the growing concerns around data privacy, particularly in the wake of increasing digitalisation. As the rules evolve, they will likely play a crucial role in shaping the future of personal data governance in the country. The finalised regulations will also reflect India’s ongoing efforts to harmonise data protection laws with international standards, ensuring that personal data is protected while allowing the digital economy to thrive.
As the draft rules move through the consultation process, all eyes will be on how the government addresses concerns from various quarters, especially with regards to children’s privacy in the ever-expanding digital landscape.
