Tuesday , February 18 2025
Digital Personal Data Protection

India releases draft Digital Personal Data Protection Rules

On Friday, the Indian government released the draft Digital Personal Data Protection Rules, requiring social media and online platforms to obtain verifiable consent from parents before children can create accounts.

Parents must validate their identity and age using voluntary identity proof issued by a recognized legal entity or the government, according to the draft rules.

150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

Indian government and educational websites, along with reputable financial brands, have experienced SEO poisoning, causing user traffic to be redirected...
Read More
150 Gov.t Portal affected  Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

The Cyber Threat Intelligence Unit of BGD e-GOV CIRT has found 600 vulnerable PRTG instances in Bangladesh, affected by the...
Read More
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru

Amazon Web Services (AWS) has been named in an FIR after a builder claimed damages to the tune of Rs...
Read More
Builder claims Rs 150 cr for data loss;  AWS faces FIR In Bengaluru

CISA Warns Active Exploitation of Apple iOS Security Flaw

CISA has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and iPadOS, known as CVE-2025-24200, which...
Read More
CISA Warns Active Exploitation of Apple iOS Security Flaw

Massive IoT Data Breach Exposes 2.7 Billion Records

A major IoT data breach has exposed 2.7 billion records, including Wi-Fi network names, passwords, IP addresses, and device IDs....
Read More
Massive IoT Data Breach Exposes 2.7 Billion Records

SonicWall Firewall Auth Bypass Vulnerability Exploited in Wild

A serious authentication bypass vulnerability in SonicWall firewalls, called CVE-2024-53704, is currently being exploited, according to cybersecurity firms. The increase...
Read More
SonicWall Firewall Auth Bypass Vulnerability Exploited in Wild

AMD Patches High-Severity SMM Vulns Affecting EPYC and Ryzen Processors

AMD has released security patches for two high-severity vulnerabilities in its System Management Mode (SMM). If exploited, these could let...
Read More
AMD Patches High-Severity SMM Vulns Affecting EPYC and Ryzen Processors

Lazarus Group Unleashes New Malware Against Developers Worldwide

Lazarus Group has initiated a complex global campaign aimed at software developers and cryptocurrency users. Operation Marstech Mayhem uses the...
Read More
Lazarus Group Unleashes New Malware Against Developers Worldwide

Daily Security Update Dated : 15.02.2025

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...
Read More
Daily Security Update Dated : 15.02.2025

Salt Typhoon to target Bangladeshi Universities, One identified

RedMike (Salt Typhoon) targeted university devices in Bangladesh, likely to access research in telecommunications, engineering, and technology, especially from institutions...
Read More
Salt Typhoon to target Bangladeshi Universities, One identified

Entities can only use personal data if individuals have consented through consent managers, who are responsible for managing consent records.

Digital platforms must verify that anyone claiming to be a child’s parent is an adult and can be identified for legal compliance when processing children’s data.

“A Data Fiduciary shall adopt appropriate technical and organizational measures to ensure that verifiable consent of the parent is obtained before the processing of any personal data of a child,” the draft rule said.

The Union Ministry of Electronics and Information Technology plans to assign trained data experts across various central government ministries to improve data usage. E-commerce, social media, and gaming platforms will be considered data fiduciaries.

Data fiduciaries must retain data only for the duration of consent and delete it afterward, according to the draft rules. Draft rules have been released after 14 months since Parliament approved the Digital Data Protection Bill 2023.

“Draft of rules proposed to be made by the central government in exercise of the powers conferred by sub-sections (1) and (2) of section 40 of the Digital Personal Data Protection Act, 2023 (22 of 2023), on or after the date of coming into force of the Act, are hereby published for the information of all persons likely to be affected thereby,” the draft notification said.

The draft rules have mentioned the process of suspending or cancelling registration of consent manager in case of repeated violation, but there is no mention of penalties that were approved under the DPDP Act, 2023.

The Act has the provision to impose a penalty of up to Rs 250 crore on data fiduciaries.

IndusLaw Partner Shreya Suri said that there was an anticipation of introducing thresholds for data breach reporting, where minor breaches could have had fewer compliance obligations.

“However, the current draft treats all breaches uniformly, requiring the same level of reporting and notification to the Data Protection Board and affected data principals, without granting any discretion whatsoever to data fiduciaries. Additionally, while the rules outline certain considerations for reasonable security practices, the lack of detailed guidance leaves room for varied interpretations,” Suri said.

Draft rules are open for public consultation until February 18. They can be viewed on the MyGov website for comments. Final rules will be made afterward.

Mayuran Palanisamy, a Partner at Deloitte India, stated that the draft rules provide important guidance for businesses in India. They outline compliance requirements for Significant Data Fiduciaries, the registration and responsibilities of Consent Managers, the establishment and operation of the Data Protection Board, data breach notification procedures, and timelines for Data Fiduciaries to address grievances.

“We foresee that businesses will face some complex challenges in managing consent as it forms the heart of the law. Maintaining consent artefacts and offering the option to withdraw consent for specific purposes could necessitate changes at the design and architecture level of applications and platforms,” Palanisamy said.

Organizations must invest in technical infrastructure and processes to meet requirements. This includes improving data collection practices, implementing consent management systems, establishing clear data lifecycle protocols, and ensuring these practices are effectively applied.

Check Also

Zuckerberg

Everything I Say Leaks,’ Zuckerberg Says in Leaked Meeting Audio

At an all-hands meeting at Meta on Thursday, Mark Zuckerberg did not mention the company’s …

Leave a Reply

Your email address will not be published. Required fields are marked *