Login
Register

Login
Register

Outcome Document on the ISAIL Policy Innovation Committee Session on the Draft Digital Personal Data Protection Rules, 2025 (January 25, 2025)

Outcome Document on the ISAIL Policy Innovation Committee Session on the Draft Digital Personal Data Protection Rules, 2025 (January 25, 2025)

0.00

This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Downloads - Creative Commons

Description

The Data Privacy Expert Group (DPEG) and the Policy Innovation Committee of ISAIL had hosted a virtual committee session on January 25, 2025, inviting legal and policy specialists and industry stakeholders to discuss the features, merits, and limitations in the January 3, 2025 draft of the Digital Personal Data Protection (DPDP) Rules, 2025, published by the Ministry of Electronics and Information Technology, Government of India.

The discussion broadly addressed the following key points:

Challenges and complexity in processing children’s data.
Obligation of Significant Data Fiduciaries and the ambiguities involved.
Personal data transfers and the implications of potential data localization requirements.
Impact of the DPDP Act and the Draft DPDP Rules on AI and innovation
Navigating compliance burdens for startups and MSMEs.
The need for recourse for Data Principals to seek compensation in the event of  breach.
Implementation challenges of data minimization and data retention periods.
The government’s power to call for information regarding specific purposes in the 7th Schedule.

Based on the discussion, the members identified gaps in implementation such as lack of simplified consent mechanisms, regulation of high risk processing, adequate oversight mechanisms and interoperability of consent managers, independent grievance redressal and review mechanisms, and regulation of manipulative design practices (dark patterns).

The document outlines these key areas where the DPDP Rules need refinement to enhance consumer protection, ensure business-friendly compliance, and align India’s data governance standards with global best practices.

Key Recommendations for MeitY:

Explicitly regulate dark patterns to prevent manipulative design tactics under the DPDP Rules.
Define clear penalties and grievance redressal processes to ensure robust enforcement.
Standardize age verification mechanisms to protect minors from data risks.
Clarify cross-border data transfer rules with sector-specific exemptions and global adequacy frameworks.
Ensure independent oversight of consent managers to maintain neutrality in data governance.
Ensure safeguards to prevent unfettered government access to data on vague grounds under draft rule 22.

The recommendations made in this document shall be submitted to the Ministry of Electronics and Information Technology (MeitY) as part of the public feedback collected by the Ministry until March 5, 2025

Additional information

VLiGTA Resource Identifier

AISTANDARDIO-PIC-0005-2025
Author(s)

, , ,

Publisher

Publication Type

Digital
Category Tags , , , , , , , , , , , , , , , , , , , , , , , , ,

Related products

The works published and displayed on IndoPacific.app are licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International

© Indic Pacific Legal Research LLP. All Rights Reserved.

Register

Learn on your own time from top universities and businesses.

Already on VLiGTA? Log in

Register with your organization

Having trouble logging in? Learner help center

This site is protected by reCAPTCHA Enterprise and the Google Privacy Policy and Terms of Service apply.