The rules will help in effective implementation of Data Protection Act,2023. GDPR (General Data Protection Regulation) is the EU counterpart of this act.

Features

• Focuses on management of digital personal data in and from India.
• The act will be implemented in staggered manner to enable companies have sufficient time to implement the provisions.
• The act is valid for both companies within and outside the country that are dealing with the data of Indian citizens.
• Clear informed consent must be obtained by companies stating what will be done with the data collected from the person. In this purpose for which the data is used must be explicitly mentioned . This will enable individuals understand how their data is used clearly.
• If any data breach is happening ,it need to be immediately conveyed to the data privacy authorities within 72 hours.
• Large-scale Data Fiduciaries like e-commerce sites have to delete personal data after three years ,unless specific permission is taken.
• The new law creates consent managers who are intermediaries between users and companies.
• A new category called as Significant Data Fiduciaries are appointed by the central government based on the volume of data processed, sensitivity of the personal data handled.
• Cross-border data transfer is permitted with adequate safety measures undertaken by the companies.
• Verifiable parental consent is essential for children under the age of 18.

 Note: UPSC can ask questions about the specific provisions in the new rules. It is advisable to go through above provisions for prelims as well as mains perspective.

Source: The Hindu