As India advances its digital transformation, the proposed Digital Personal Data Protection (DPDP) Rules, 2025 are crucial to enhancing privacy protections. However, it is vital to ensure that these regulations foster innovation, protect individual rights, and maintain an open and secure Internet.
The Internet Society has submitted its comments to the Ministry of Electronics and Information Technology (MeitY), offering insights and recommendations to align the DPDP Rules with global best practices.
Key Recommendations from Internet Society
1. Promoting Globally Recognized Best Practices for Privacy
Regulations should be guided by internationally accepted privacy standards, ensuring data protection without stifling economic growth or user access to essential online services.
2. Avoiding Mandated Age Verification and Parental Consent
While protecting children online is essential, the proposed verifiable parental consent requirement raises serious concerns regarding:
- Privacy and security risks: Collecting additional personal data for age verification increases the risks of data breaches and identity theft.
- Barriers to access: Many minors rely on online platforms for education, healthcare, and safety resources. Strict age verification could block access to these vital services.
- Threats to anonymity: Online pseudonymity is crucial for individuals seeking support on sensitive issues such as mental health or domestic violence.
Internet Society recommends investing in privacy-preserving age verification technologies that do not require excessive data collection.
3. Opposing Data Localization Mandates
The draft DPDP Rules propose storing certain categories of personal data within India. While intended to enhance security, this could lead to:
- Increased costs for businesses: Requiring local data storage adds compliance burdens, particularly for startups and small businesses, discouraging innovation.
- Reduced Internet resilience: Data localization can slow network efficiency and make India’s digital infrastructure less robust.
- Barriers to global digital trade: Restrictions on cross-border data flows may harm international business operations and limit India’s participation in the global digital economy.
Instead, Internet Society advocates for strong encryption and security measures that protect personal data regardless of its physical location.
Shaping India’s Digital Future
The DPDP Rules, 2025, present an opportunity to balance privacy protection, economic development, and an open Internet. ISOC urges MeitY to reconsider strict localization and age verification mandates in favor of globally recognized best practices.
For further discussions, contact apac@isoc.org.
