Event Summary
India has officially implemented the Digital Personal Data Protection Act (DPDPA), 2023, with the formal notification of the DPDP Rules on 14 November 2025, marking the country’s first comprehensive digital privacy law. These rules apply to a wide range of sectors, including social media, banks, e-commerce, and government portals, imposing strict obligations on companies such as transparent data handling, informed consent, secure data processing, and breach notifications. Citizens gain enforceable rights to access, correct, and delete their personal data, and to file complaints with the newly established Data Protection Board (DPB). Special protections for children and people with disabilities are also included. Non-compliance can lead to fines up to ₹250 crore.
The implementation is phased, with immediate enforcement of key provisions and a 12-18 month transition for companies to meet compliance standards. The rules follow an extensive public consultation process, reflecting input from industry, civil society, and citizens.
For citizens, the DPDP enhances trust by empowering them with greater control over their personal data. For companies, it forces changes to data-handling practices, including improved consent mechanisms and cybersecurity. The establishment of the Data Protection Board brings formal oversight to the digital space, which may strengthen rule of law.
While the DPDP Rules 2025 establish various beneficial norms like more defined responsibilities for private entities, stronger consent criteria, and the assurance of enhanced digital accountability, the new framework simultaneously raises significant concerns regarding the enabling environment for civil society. A key concern raised by specialists and organizations is that the Act may undermine the Right to Information (RTI) framework. Broadening the definition of “personal data” could allow government entities to deny RTI requests on privacy grounds, even in cases where public interest or accountability is at stake. This might hinder journalists, researchers, and CSOs from examining government actions closely. Additionally, smaller organizations, especially nonprofits, may struggle to comply with the rules due to limited resources.