New Delhi, Jan 3 (IANS): The Ministry of Electronics and Information Technology on Friday released the draft rules for the Digital Personal Data Protection Act which make it mandatory for a Data Fiduciary to ensure verifiable consent of a parent before processing any personal data of a child.
The Act was passed in Parliament in August 2023 and the government is seeking feedback on the draft rules through the MyGov portal till February 18, 2025.
According to the draft rules, “A Data Fiduciary shall adopt appropriate technical and organisational measures to ensure that verifiable consent of the parent is obtained before the processing of any personal data of a child and shall observe due diligence, for checking that the individual identifying herself as the parent is an adult who is identifiable.”
The identity must be established through government-issued IDs or digital tokens linked to identity services like Digital lockers.
This is aimed at ensuring the privacy of a child on various social media platforms and other websites.
The government will also extend exemptions from these specific provisions pertaining to processing of children’s data to educational institutions, and child welfare organisations, the draft rules proposed.
The draft rules also state that consent managers must register with the Data Protection Board and must have a minimum net worth of Rs 12 crore.
The rules propose the establishment of a Data Protection Board as a regulatory body which will operate as a digital office, with remote hearings. It is envisaged to have powers to investigate breaches and enforce penalties.
According to the draft rules, a Data Fiduciary shall protect personal data in its possession or under its control, including in respect of any processing undertaken by it or on its behalf by a Data Processor, by taking reasonable security safeguards to prevent a personal data breach. Such steps would include securing personal data through its encryption and appropriate measures to control access to the computer resources used for the data.
The rules also make it mandatory for the Data Fiduciary to immediately intimate any personal data breach “to each affected Data Principal, in a concise, clear and plain manner and without delay”.
The rules further state that the processing of personal data outside India is subject to the restriction that the Data Fiduciary shall meet such requirements as the Central government may, by general or special order, specify in respect of making such personal data available to any foreign state, or to any person or entity under the control of or any agency of such a state.
The rules are expected to provide clarity on various provisions of the law such as the notice by data fiduciary to individuals, processing of personal data of children, and registration and obligations of consent manager.
The rules also provide clarity regarding the setting up of the Data Protection Board, appointment and service conditions of the Chairperson and other members of the board.
MeitY has said that the submissions made during the consultation will not be disclosed, and that only a summary of the feedback received will be published after the finalisation of the rules.
Commenting on the rules, Deloitte India partner Mayuran Palanisamy said: “We foresee that businesses will face some complex challenges in managing consent as it forms the heart of the law. Maintaining consent artefacts and offering the option to withdraw consent for specific purposes could necessitate changes at the design and architecture level of applications and platforms. Further, organisations will need to invest in both technical infrastructure and processes to meet these requirements effectively. This includes relooking into data collection practices, implementing consent management systems and establishing clear data lifecycle protocols.”
–IANS
sps/vd
Disclaimer
The information contained in this website is for general information purposes only. The information is provided by TodayIndia.news and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.
Through this website you are able to link to other websites which are not under the control of TodayIndia.news We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, TodayIndia.news takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.
For any legal details or query please visit original source link given with news or click on Go to Source.
Our translation service aims to offer the most accurate translation possible and we rarely experience any issues with news post. However, as the translation is carried out by third part tool there is a possibility for error to cause the occasional inaccuracy. We therefore require you to accept this disclaimer before confirming any translation news with us.
If you are not willing to accept this disclaimer then we recommend reading news post in its original language.
