Data Protection Act
SC issues notice to Centre on plea challenging 2023 data protection law
The Supreme Court on Monday issued a notice to the Centre on a plea challenging the constitutional validity of several provisions of the Digital Personal Data Protection (DPDP) Act, 2023. The plea, moved by The Reporters' Collective and renowned journalist Nitin Sethi, argues that the new data regime severely dilutes the Right to Information (RTI) Act and grants the Centre "sweeping powers" over personal data. A bench comprising Chief Justice Surya Kant and justices Joymalya Bagchi and Vipul M Pancholi, while agreeing to examine the legal complexities of the Act, refused to grant an interim stay on the impugned provisions. Representing the petitioners, advocate Vrinda Grover said that the Act lacks surgical precision in its attempt to protect privacy. "Instead of using a chisel, (the legislature) has used a hammer, and has thus rendered a body blow (to RTI), " the senior lawyer said. The petition said the DPDP Act creates a blanket bar on the disclosure of personal information, ..
 "SC issues notice to Centre on plea challenging 2023 data protection law")
India's DPDP rules explained: Here's how your personal data will be handled
The new DPDP rules will be introduced over the next 18 months to give organisations time to adapt to the guidelines.
 "India's DPDP rules explained: Here's how your personal data will be handled")
India's DPDP rules: Shaping future of personal data privacy in digital era
India's DPDP rules have set a framework for a more accountable digital economy through clear consent standards, data safeguards, with the goal to arm individuals with greater control over their personal data in the world's fourth largest economy. Here is what it means for businesses and individuals: First things first. These subordinate rules to the principal legislation -- Digital Personal Data Protection Act -- spell out operational norms for entities in collection and handling of personal data, and protects the rights of individuals. In simple terms, 'data fiduciaries' refer to entities that decide the purpose and means of processing of individual's data while 'data principals' are individuals or users (of a particular service) to whom personal data belongs. Consent notice to individuals: Companies must give clear, plain-language notice seeking informed consent with itemised data description, processing purpose, complaint mechanisms, and easy consent withdrawal process where eas
 "India's DPDP rules: Shaping future of personal data privacy in digital era")
DPDP rules notified: Digital privacy law a reality after 14 years
Implementation planned in phases over 12-18 months
 "DPDP rules notified: Digital privacy law a reality after 14 years")
Bundled consent mechanism likely to end as Meity plans stricter rules
DPDP Act may also ask intermediaries to keep detailed meta data records
DPDPA rules 2025: Advancing data privacy but challenges remain unresolved
New data protection rules boost transparency, yet compliance gaps persist
 "DPDPA rules 2025: Advancing data privacy but challenges remain unresolved")
Rules of protection: Draft regulations should enhance data security
The Act and the Rules refer to individual digital users as "data principals", and the Act is expected to offer individuals greater control over their personal information
 "Rules of protection: Draft regulations should enhance data security")
MeitY lets tech firms, data fiduciaries decide on parental consent methods
The Ministry of Electronics and Information Technology has urged tech firms to adopt advanced methods for obtaining parental consent while allowing them to determine the best practices independently
 "MeitY lets tech firms, data fiduciaries decide on parental consent methods")
Social media platforms worry new data law could affect child safety, ads
Tech giants Google, Meta, YouTube, and Snap are concerned over India's new Digital Personal Data Protection Act's restrictions on behavioural tracking of children as they may compromise child safety
 "Social media platforms worry new data law could affect child safety, ads")
Drafting of rules under data protection law in advanced stage: Vaishnaw
Drafting of rules under the data protection legislation is in advanced stage with industry-wide consultations slated soon, Union Minister Ashwini Vaishnaw said on Saturday, asserting that India will also look at doubling electronics production and adding jobs under the Modi 3.0 government. At the same time, the Minister for Electronics and IT assured that regulatory work will see "good continuity" and that the agenda on digital regulatory framework remains "intact". The timelines for semiconductor plants of Micron and Tata Group too are on track. The process of implementation of the Digital Personal Data Protection (DPDP) Act will be based on 'digital-by-design' principle, paving the way for a new way of working, and the work on creating this 'digital by design' platform is also moving in parallel. Such a platform or portal will be created in-house by the likes of NIC and DIC. The Parliament had passed the DPDP Act in August last year. The key piece of legislation aims to protect th
 "Drafting of rules under data protection law in advanced stage: Vaishnaw")
DPDP rules, IT rules amendment on Meity's 100-day agenda after LS polls
The notification of the rules to India's data privacy law have been long awaited
 "DPDP rules, IT rules amendment on Meity's 100-day agenda after LS polls")
Data protection law needs clarity on risk threshold for breaches: Group
BSA, which represents the global software industry, wants companies to get at least 72 hours to report data breaches
 "Data protection law needs clarity on risk threshold for breaches: Group")
Irdai sets up 11-member taskforce to examine the impact of DPDP Act
The task force is expected to submit the report within a period of 1 month from the issuance of the order
 "Irdai sets up 11-member taskforce to examine the impact of DPDP Act")
DPDP rules ready but unlikely to be tabled in winter session of Parliament
As India's first-ever dedicated legislation for digital privacy, the DPDP Act provides broad principles of collection and processing of personal information in digital form
 "DPDP rules ready but unlikely to be tabled in winter session of Parliament")
Majority organisations' very concerned' on impact of data law: EY study
While the rules that would provide exact processes of the DPDP Act are yet to be notified, the government has consistently claimed that large organisations must not require much time to comply
 "Majority organisations' very concerned' on impact of data law: EY study")
Meta mulls paid option for ad-free Instagram, Facebook in India: Details
It follows Meta's talks to launch a similar plan in the European Union (EU) to conform with its privacy concerns
 "Meta mulls paid option for ad-free Instagram, Facebook in India: Details")
Beyond due process
Invoking UAPA against a news outfit is overreaction
 "Beyond due process")
Only 9 out of 100 surveyed company websites seek clear consent: PwC report
Only 2 out of the 100 analysed websites provided consent in multiple regional languages
 "Only 9 out of 100 surveyed company websites seek clear consent: PwC report")
Only 9 of 100 firms obtain clear consent before collecting user data: PwC
Only 17% of Indian organisations have listed the email IDs of customer care or other functions for queries with respect to data protection
 "Only 9 of 100 firms obtain clear consent before collecting user data: PwC")
DPDP Act: Social media, telcos, startups lobby for 18-24 months to comply
The stakeholders also said that implementation of eKYCs may create an immense cost burden for startups and smaller organisations, considering that the number of users is in millions
 "DPDP Act: Social media, telcos, startups lobby for 18-24 months to comply")