The Ministry of Electronics and Information Technology (MeitY) unveiled the draft Digital Personal Data Protection (DPDP) Rules on Sunday, aimed at safeguarding citizens' personal data, preventing unauthorized commercial use, and addressing digital harms. 

The government described the rules as a citizen-centric framework that balances data protection with innovation in India’s expanding digital economy.

Empowering citizens and ensuring safety

The draft rules grant citizens enhanced control over their personal data, including provisions for informed consent, the right to erasure, and a grievance redressal mechanism. Parents and guardians are also empowered to ensure children's online safety under the proposed framework, MeitY stated.

By placing citizens at the core of the data protection framework, the rules require Data Fiduciaries to provide clear and accessible information on how personal data is processed, enabling individuals to give informed consent.

Balancing regulation and innovation

The government emphasized that the framework strikes a unique balance between fostering innovation and regulating data use. Unlike more restrictive global models, India's approach prioritizes citizen welfare while promoting economic growth. MeitY described the DPDP rules as a potential global template for data governance.

"Startups and small businesses will face lower compliance burdens, while significant data handlers, termed Significant Data Fiduciaries, will have higher obligations," the statement said. A transition period will be provided to ensure smooth compliance for stakeholders across the spectrum.

Promoting digital-first governance

The draft rules adopt a 'digital by design' philosophy, ensuring ease of living and business operations. The proposed Data Protection Board will function as a digital office, enabling citizens to file complaints and have them resolved entirely online. 

Workflows will prioritize speed and transparency, enhancing trust between citizens and Data Fiduciaries.

Penalties for non-compliance will consider factors like the severity of the breach and efforts to mitigate its impact. Additionally, Data Fiduciaries can voluntarily provide undertakings during proceedings, potentially leading to case dismissal.

Inclusive and transparent law-making

The draft DPDP rules are based on extensive stakeholder inputs and a study of global best practices. The government has invited public feedback through the MyGov platform until February 18, reflecting its commitment to inclusive and transparent law-making.

To ensure widespread understanding, the government plans a comprehensive awareness campaign to educate citizens about their rights and responsibilities under the new framework, fostering a culture of data responsibility.

By combining robust data protection measures with a streamlined compliance framework, the draft DPDP rules aim to establish India as a leader in global data governance.

IANS