Industry experts have praised the government’s initiative to implement Rules under the Digital Personal Data Protection Act (DPDPA), 2023, officially launching India’s first dedicated personal data protection framework. The Ministry of Electronics and Information Technology (MeitY) announced on Friday that social media platforms, online payment systems, and other entities managing personal data must provide users with a comprehensive account of the information collected and clarify its intended use. Ivana Bartoletti, Chief Privacy and AI Governance Officer at Wipro, remarked, “There is no doubt that India has entered a new era of privacy. In the age of AI, trust is crucial. And because AI depends on large volumes of data, strong privacy protections must come first.
This development marks an important step in strengthening India’s digital ecosystem and aligns closely with the country’s recent AI governance guidelines.” Bartoletti emphasized that the new regulations incorporate robust data governance, characterized by clear responsibilities, established structures, consent, and privacy by design. This framework will allow organizations to develop sustainably and responsibly as innovation accelerates and technology becomes increasingly integrated into everyday life. As per the rules, users will have straightforward methods to withdraw their consent or file complaints with the Data Protection Board (DPB) regarding violations. Consent managers, authorized entities representing users, are given 12 months to register with the DPB, while companies have 18 months to meet the compliance requirements.
Nikhil Narendran, Partner – TMT (Technology, Media, and Telecommunications) at Trilegal, stated, “With the notification of the Rules and the Act, the government has finally put all uncertainty to rest.”
