Sign In
Learn bits
Polity & Governance
Mahesh

17/01/25 09:13 AM IST

Draft data protection rules

In News
  • The Ministry of Electronics and Information Technology released the the draft rules for implementing the Digital Personal Data Protection (DPDP) Act, 2023.
Data Localisation
  • The draft rules introduce a data localisation mandate that extends beyond the original scope of the legislation.
  • Data localisation refers to measures that restrict the flow of data within a jurisdiction’s borders.
  • While the DPDP Act permits the government to limit personal data transfers, it confines such restrictions to specific notified countries.
  • In contrast, the rules propose the creation of a government-appointed committee to define which classes of data cannot be exported from India.
  • This mandate will apply to significant data fiduciaries (SDFs), as designated by the government based on the volume and sensitivity of the personal data they process.
  • Major tech companies, such as Meta, Google, Apple, Microsoft, and Amazon, are expected to fall within this classification.
  • The localisation provision likely stems from the challenges law enforcement agencies face in accessing cross-border data during investigations.
  • In 2018, the Reserve Bank of India implemented a similar mandate, requiring payment data operators to localise their data within the country. Currently, financial, payment, and insurance data must be stored domestically, with copies of payment data allowed overseas solely to facilitate international transactions.
Section 36 of the DPDP act
  • Section 36 of the DPDP Act, read in conjunction with Rule 22, empowers the Union government, through the designated authorised person, to demand “any” information from a data fiduciary or intermediary (entities processing personal data) in the interest of India’s sovereignty, integrity, or national security.
  • Experts have cautioned that such sweeping discretionary powers are susceptible to misuse, potentially enabling surveillance or the suppression of dissent.
  • Additionally, these provisions could compel social media intermediaries to compromise end-to-end encryption of messages—a concern raised by Meta-owned WhatsApp last year in its challenge to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.
  • Rule 22 further prohibits companies from disclosing information about such government demands if doing so could “prejudicially affect the sovereignty and integrity of India or the security of the State.”
Source- The Hindu

More Related Current Affairs View All

05 Mar

First-ever comprehensive survey of India’s river dolphins

'Prime Minister Narendra Modi released the results of the first-ever comprehensive population estimation of riverine dolphins – Gangetic and Indus dolphins – done in In

Read More

05 Mar

Arresting women at night

'The Madurai Bench of the Madras High Court in Deepa versus S. Vijayalakshmi and Others ruled that the legal provision in the Bharatiya Nagarik Suraksha Sanhita (BNSS), 2023, which

Read More

05 Mar

Digital Personal Data Protection Act, 2023

'The Ministry of Electronics and Information Technology (MeitY) looking to wrap up public consultations on the draft Rules for the Digital Personal Data Protection Act, 2023 by Mar

Read More

India’s First Ai-Driven Magazine Generator

Generate Your Custom Current Affairs Magazine using our AI in just 3 steps