sngre

Analysis on draft DPDP Rules

In  light of the PIL filed by Justice Puttaswamy for the right to privacy as an independent right, the Hon’ble Supreme Court (SC) unanimously affirmed status of the right to privacy as a fundamental right. The SC further laid out a three-fold test of legality, legitimacy and proportionality that a strong data protection law must satisfy. While the Digital Personal Data Protection Act, 2023 (“Act”) passes the test of legality and legitimacy, draft Digital Personal Data Protection Rules (“Rules”) that made the first weekend of 2025, need to pass the test of proportionality. This article primarily deals with important Rules and our analysis on the same.

  1. Notice for consent: Rule 3: Notice provided by the Data Fiduciary (“DF”) to the Data Principal (“DP”) must be clear, standalone and understandable on its own, without any other information. Notice shall include a detailed list of personal data; specific purpose of processing and mention description of goods or services to be provided or enabled, based on such processing. Notice must include communication link for DF’s website/app, and describe other means for DP to withdraw consent with ease, exercise rights under the Act and file complaints with the Data Protection Board (“Board”). As per the Act, DF is also required to issue a similar notice to DP, who would have earlier given consent for processing his/her personal data before commencement of the Act. But the Rules are silent on timelines for issuance of such notice by DF to DP. Further, no specific format is prescribed for issuance of such notice as it will be on-going and dynamic process. Lastly, Rules are silent about specific timelines within which DF must act upon for withdrawal of consent upon receipt of instructions from DP.
  2. Verifiable Consent for Child or differently abled person: Rule 10 and 11: DF are required to obtain verifiable consent of parent or lawful guardian before processing personal data of a child or a differently abled person, respectively. To ensure authenticity, age and identity of the parent must be validated using government-issued identity proof. Authenticity of guardian is verified based on appointment of guardian through court order or by designated committee or appointed under law applicable to guardianship. However, health and mental health establishments, educational institutions and daycare centres are exempted from obtaining such verifiable consent of parent or lawful guardian. The Rules do not put any obligation on DF to conduct mandatory periodic audit for processing personal data of a child and do not provide clarity on obtaining consent of child upon turning into adults. While the Rules consider long-term physically differently abled persons, they do not make a distinction of some physically differently abled persons who have the ability to provide consent on their own. There will be a need for DFs to establish robust processes to verify identity of individuals claiming to be parents to prevent children from circumventing these measures. In this regard, best practices can be drawn from frameworks such as the GDPR, the COPPA of USA, and the PDPA of Singapore.

Disclamier

This disclaimer may change from time to time without any prior notice, and yet will always be applicable to the visitors of the Platform. Please get update on the Disclaimer by going through the disclaimer section on the platform before using the Platform.

Please note that this disclaimer is valid for this Platform and all social media activities of or on behalf of SNG & RE. Hence, the usage Platform includes this website, facebook page, twitter page, LinkedIn page and any other page owned or managed or inspired by SNG & RE. It also includes activities on whatsapp, quora, linkedin, youtube, google, and other social platforms as well as different forms of media content – text, audio, video, books, pamphlets, brochures that exist or may come up in future.

Visitors access to and use of this Platform is subject to the following terms and conditions and all applicable laws. By accessing and browsing this Platform, you accept, without limitation or qualification, these terms and conditions visitors acknowledge and agree to abide by these terms and conditions as laid down below:

  1. The Firm do not warrant the accuracy and completeness of the material on the Platform. The Firm may make changes to the material from time to time, without notice. The material on the Platform may be out of date. Although the Firm strives to constantly update the content and material, and shall not be liable for any delays in the same.
  2. The information contained in or made available through Platform (including but not limited to information contained on videos, audios, message boards, comments, on calls, in emails, in text files, or in chats) cannot replace or substitute for the services of trained professionals in any field, including, but not limited to, financial, medical, psychological, or legal matters.
  3. In particular, visitors should regularly consult a professional in matters relating to Law.
  4. Under no circumstances shall the Firm be responsible for any loss or damage, resulting from use of information provided on the Platform, from any content posted on the Platform, or from the conduct of any visitors, whether online or offline, or damage arising as a result of any bugs, Trojan horses, viruses, worms or other harmful codes or errors.
  5. The Firm makes no warranties or guarantees that the use of the Platform and the information availed by Platform visitors and visitors fully agree that there are no guarantees as to the specific outcome or results you can expect from using the information you receive on the Platform. The information provided on the Platform are intended for the benefit of the general public and are not intended to replace or substitute advice from a qualified professional.
  6. To the fullest extent permitted by applicable law, the Firm shall not be liable to any visitors accessing or browsing the Platform, for any tort, equity or otherwise for any loss or damages arising out of its use of the Platform or by utilising the information provided on the Platform, whether any of the foregoing are, without limitation, special, incidental, indirect, punitive or consequential and/or whether any of the foregoing are, without limitation, occasioned by the negligence, fault, error, omission, act, by visitors. Without prejudice to the generality of the foregoing, under no circumstances shall the Firm be liable to any visitor for any consequential, economic or indirect loss or damages, loss of profits, revenue, business, capital, administrative time or loss of use of data or software, however
  7. Part of Platform may contain sponsorship. Sponsorship are responsible for ensuring that material submitted. The Firm takes no responsibility for third-party advertisements that are posted on Platform and shall not be responsible for any error or inaccuracy in the advertising materials.
  8. The Firm assume no responsibility for any error, omission, interruption, deletion, defect, delay in operation or transmission, communications line failure, theft or destruction or unauthorized access to, or alteration of, any visitor communication.
  9. Commentary and other materials posted on this Platform are not intended to amount to advice on which reliance should be placed. The Firm therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to the Platform, or by anyone who may be informed of any of its contents.
  10. Although the Firm may from time-to-time monitor or review postings, transmissions, bulletin boards, and the like on the Platform, the Firm is under no obligation to do so and assume no responsibility or liability arising from the content of any such locations nor for any error, defamation, libel, slander, omission, falsehood, obscenity, pornography, profanity, danger, or inaccuracy contained in any information within such locations on the Platform. Visitors are prohibited from posting or transmitting any unlawful, threatening, libellous, defamatory, obscene, scandalous, inflammatory, pornographic, or profane material or any material that could constitute or encourage conduct that would be considered a criminal offense, give rise to civil liability, or otherwise violate any law.
  11. Visitors acknowledge that they are participating voluntarily in using the Platform and that they are solely and personally responsible for their choices, actions and results, now and in the future. Visitors accept full responsibility for the consequences of their use, or non-use, of any information provided on or through this Platform, and agree to use their own judgment and due diligence before implementing any idea, suggestion or recommendation from Platform and the information to their business or usage.
  12. You hereby fully and completely agree to hold harmless, indemnify and release the Firm and any of agents, professionals, service providers, affiliates, joint venture partners, employees, shareholders, directors, staff, team members, or anyone otherwise affiliated with our organization from any and all causes of action, allegations, suits, claims, damages, or demands whatsoever, in law or equity, that may arise in the past, present or future that is in any way related to the usage of the Platform.
  13. Although every effort is made to ensure the accuracy of information shared on or through this Platform, the information may inadvertently contain inaccuracies or typographical errors. Visitors agree that the Firm is not responsible for the views, opinions, or accuracy of facts referenced on or through the Platform, or of those of any other individual or company affiliated with the Platform in any way. Because scientific, technology and business practices are constantly evolving, you agree that the Firm is not responsible for the accuracy of the Platform, or for any errors or omissions that may occur.

I Accept