New Indian Government Rules for Digital Marketing | DPDP Rules 2025

The Indian Government has made a decisive move in the digital space. It has released rules for Digital Personal Data Protection (DPDP). These rules are open for public consultation. The main goal is to enhance the Digital Data Protection Act 2023. Moreover, this Act aims to provide more safety to citizens over their digital data. Continue reading to learn all about the new rules for digital marketing.

1. Responsibilities of Data Fiduciaries

Under these proposed rules, companies that handle personal data are called data fiduciaries. They will need to provide clear and concise information. This is related to how they process personal data. Therefore, this ensures that users can give informed consent.

Citizens will have rights regarding their personal data. They can demand the erasure of their data if required. Also, they can appoint digital nominees. These nominees can manage their data after they pass away or are unable to maintain it. Additionally, there will be user-friendly mechanisms. These will be installed for people to handle their data efficiently.

2. Security Measures for Companies

Digital Marketing Companies in India must follow strict security measures to protect their data. These measures include encryption, access control, and regular data backups. The proposed rules have enlisted several key provisions.

The first includes detecting and addressing data breaches quickly. Along with this, they must maintain logs of all data operations. They must notify the Data Protection Board (DPB) of any breaches within 72 hours. Also, they must delete their personal data after 3 years. Citizens will be notified 48 hours before deletion.

Moreover, they must display the contact details of a designated Data Protection Officer (DPO). This is for users to contact in an emergency. Obtaining verifiable parental consent for processing data of children under 18 must be maintained. Along with this, data on individuals with disabilities also has to be dealt with carefully. There will be exceptions for certain scenarios.

The provisions also include conducting an annual Data Protection Impact Assessment (DPIA) and audit. The results must be reported to the DPB. Also, they must follow federal government rules for cross-border transfers.

3. Safeguards for Citizens

The draft rules also include safeguards for citizens. This is when government agencies process their data. This ensures that the processing is lawful and transparent. The DPDP Act was enacted in 2023. The Act came after several revisions. This started in 2018. This law follows a significant ruling from India’s top court in 2017. The court recognized the right to privacy as a fundamental right.

4. Penalties for Non-Compliance

Organizations that fail to protect digital data may face penalties. This can be for not notifying the DBP about data breaches as well. The penalties can come up to Rs. 250 crores. This is around $30 million. The Ministry of Electronics and Information Technology (MeitY) is seeking public feedback. This is for the draft regulations. The deadline for submission is February 18, 2025.

5. Recent Developments in Telecommunications

The Department of Telecommunications introduced the Telecommunications (Telecom Cyber Security) Rules in 2024. Due to this, the draft rules were released. These rules aim to secure communication networks. Also, they impose strict guidelines for data breach disclosures.

Telecom companies must report security incidents to the government within 6 hours. Additionally, they must share more information within 24 hours. Each telecom company must appoint a Chief Telecommunication Security Officer (CTSO). This must be an Indian citizen and resident.

6. Critique from Internet Freedom Foundation

However, the Internet Freedom Foundation (IFF) has raised concerns about the new rules. They have criticized the overboard phrasing. Also, they have commented on the removal of the definition of traffic data. IFF warned that this could lead to potential misuse of the rules.

7. Public Consultation and Stakeholder

Public consultation on this release is ongoing. The government has urged all stakeholders to participate. This is required to create a strong framework. The framework is for data protection and cyber security. Thus, it is inherent for citizens to understand these rules. The main purpose is to secure personal data. Along with this, it provides citizens with more control over their data.

The draft of the DPDP rules is inherent in this effort. They aim to enhance transparency, security, and accountability. Citizens will have more rights over their personal data. The rules also state strict penalties for those who do not abide. This is a positive move towards ensuring digital safety in the country.

The government is committed to making these rules work for everyone. Input from the public is crucial in shaping a strong data enforcement system. Stakeholders must engage in these discussions. Thus, they can help create a safer digital environment for citizens. For digital marketing in India, this is a landmark moment. It will decide how data will be protected and used in the future. The final regulations will have a lasting impact on the citizens.

Leave a Comment