Data Protection Bill
DPDP norms nudge insurance firms to boost tech systems, consent frameworks
Industry leaders say phased deadlines through 2027 give them time, but the compliance effort will require major process redesign
 "DPDP norms nudge insurance firms to boost tech systems, consent frameworks")
India's DPDP rules explained: Here's how your personal data will be handled
The new DPDP rules will be introduced over the next 18 months to give organisations time to adapt to the guidelines.
 "India's DPDP rules explained: Here's how your personal data will be handled")
DPDP rules notified: Digital privacy law a reality after 14 years
Implementation planned in phases over 12-18 months
 "DPDP rules notified: Digital privacy law a reality after 14 years")
DPDP rules: Training AI models using data likely to need a rethink
The new rules require informed consent along with easy provisions to revoke it for any personal data processing
 "DPDP rules: Training AI models using data likely to need a rethink")
DPDP rules mandate deleting user data after three years of inactivity
Ecommerce, gaming, and social media intermediaries must erase dormant user data with prior notice
 "DPDP rules mandate deleting user data after three years of inactivity")
Bundled consent mechanism likely to end as Meity plans stricter rules
DPDP Act may also ask intermediaries to keep detailed meta data records
 "Bundled consent mechanism likely to end as Meity plans stricter rules")
Implementing robust legal guardrails: How to make AI safe and trusted
AI systems need ongoing monitoring and control mechanisms that can detect and prevent potential misuse or intended/unintended harm
 "Implementing robust legal guardrails: How to make AI safe and trusted")
New data rules: E-commerce, social media to delete user info after 3 years
The platforms are required to notify users at least 48 hours before data deletion, providing them the opportunity to log in or initiate contact to retain their information
 "New data rules: E-commerce, social media to delete user info after 3 years")
Govt cracks down on unauthorised PAN use ahead of data protection law
With the Digital Personal Data Protection Act set to roll out, the government intensifies scrutiny on unauthorised Permanent Account Number data use by technology firms, aiming to protect citizens' pe
 "Govt cracks down on unauthorised PAN use ahead of data protection law")
Govt likely to release draft data protection rules within a month: Vaishnaw
The government is likely to release draft rules under the Digital Personal Data Protection Act within a month, union minister Ashwini Vaishnaw said on Monday. The minister said the government has first worked on digital implementation of the Act and framed rules accordingly. "The framework is ready, and the draft rules for consultation are expected to be released within a month," Vaishnaw told reporters here. The minister said the final draft of the rules was reviewed last week, and it is expected to be in the public domain within a month.
 "Govt likely to release draft data protection rules within a month: Vaishnaw")
Nigeria slaps $220 mn fine on Meta over violation of data protection laws
Nigeria's government on Friday announced a fine of USD 220 million on Meta, saying its investigations found multiple and repeated violations of the country's data protection and consumer rights laws on Facebook and WhatsApp. A statement from Nigeria's Federal Competition and Consumer Protection Commission, or FCCPC, listed five ways that Meta violated data laws in the West African country, including by sharing the data of Nigerians without authorization, denying consumers the right to self-determine the use of their data, discriminatory practices as well as abuse of market dominance. "Being satisfied with the significant evidence on the record, and that Meta Parties have been provided every opportunity to articulate any position ... the Commission has now entered a Final Order, and issued a penalty against Meta Parties," FCCPC chief executive Adamu Abdullahi said in a statement. A spokesperson for Meta didn't immediately respond to a request for comment. Nigeria, which is Africa's
 "Nigeria slaps $220 mn fine on Meta over violation of data protection laws")
MeitY lets tech firms, data fiduciaries decide on parental consent methods
The Ministry of Electronics and Information Technology has urged tech firms to adopt advanced methods for obtaining parental consent while allowing them to determine the best practices independently
 "MeitY lets tech firms, data fiduciaries decide on parental consent methods")
Drafting of rules under data protection law in advanced stage: Vaishnaw
Drafting of rules under the data protection legislation is in advanced stage with industry-wide consultations slated soon, Union Minister Ashwini Vaishnaw said on Saturday, asserting that India will also look at doubling electronics production and adding jobs under the Modi 3.0 government. At the same time, the Minister for Electronics and IT assured that regulatory work will see "good continuity" and that the agenda on digital regulatory framework remains "intact". The timelines for semiconductor plants of Micron and Tata Group too are on track. The process of implementation of the Digital Personal Data Protection (DPDP) Act will be based on 'digital-by-design' principle, paving the way for a new way of working, and the work on creating this 'digital by design' platform is also moving in parallel. Such a platform or portal will be created in-house by the likes of NIC and DIC. The Parliament had passed the DPDP Act in August last year. The key piece of legislation aims to protect th
 "Drafting of rules under data protection law in advanced stage: Vaishnaw")
Govt to introduce 'risk-based' framework for age-gating on social media
The framework will operate as a part of the Digital Personal Data Protection Act, of 2023, which was passed by the parliament in August
 "Govt to introduce 'risk-based' framework for age-gating on social media")
DPDP Act 2023: Consent managers crucial in data protection amid transition
Amidst digital transformation, industry grapples with new privacy mandates
 "DPDP Act 2023: Consent managers crucial in data protection amid transition")
Only 9 of 100 firms obtain clear consent before collecting user data: PwC
Only 17% of Indian organisations have listed the email IDs of customer care or other functions for queries with respect to data protection
DPDP Act: Firms in disarray, seek more time, clarity for implementation
Companies feel that the "timelines are too short," as the new DPDP Act will require a complete overhaul of their entire internal systems
Big Tech told to show strong case for time to comply with data law
The Data Protection Board is also likely to be set up in 30 days
 "Big Tech told to show strong case for time to comply with data law")
Entities may be given a year to comply with data protection norms: MoS IT
Entities may be given about a year to tune their systems to comply with norms of Digital Personal Data Protection Act, 2023, Minister of State for Electronics and IT Rajeev Chandrasekhar said on Wednesday. Speaking to reporters on the sidelines of consultation with the industry, Chandrasekhar said the Data Protection Board and guidelines for the eight rules, including consent management, will be put in place within a month. "Industry wants some more time for age-gating, different timelines for transition for different data fiduciaries. We expect transition for most of the rules except age-gating will happen in 12 months from now," the minister said. The consultation was attended by about 125 people representing various companies, including Meta, Lenovo, Dell, Netflix, among others. The Digital Personal Data Protection Act, 2023, which comes after six years of the Supreme Court declaring 'Right to Privacy' as a fundamental right, has provisions to curb the misuse of individuals' da
Privacy and penalty: Managing business with new data protection law
Stringent legal obligation to prevent breaches has companies reviewing their security practices
 "Privacy and penalty: Managing business with new data protection law")
