Mint Quick Edit | India’s new privacy rules: A mixed bag
- Draft rules under India’s Digital Personal Data Protection law are out. Tokenized age-gating should serve us well, but rules on data localization, security and breaches are too stiff. How well will our privacy be shielded?
More than a year after the Digital Personal Data Protection (DPDP) Act was passed, the government has released the draft rules that will enable this law’s implementation.
Public feedback has been sought until 18 February, after which the final rules will be notified.
Given India’s rising cases of data theft and privacy invasion, it’s a relief that a regulatory framework is imminent.
Also read: India’s data protection law may not be enough to secure people’s privacy
While the rules are expansive, their requirement of parental consent for under-18-year-olds to join social media and gaming platforms could deliver a pragmatic age-gating regime.
If the identity-linked age verification process is well tokenized for anonymity, it will balance privacy concerns with the need to safeguard children online.
Also read: Delay in privacy act stalls tech firms in India
That said, the return of data localization requirements will place an avoidable burden on private enterprise, as also the overly stringent rules on data security and breaches.
The draft rules do little to reassure critics who contend that government agencies will get a peek into personal data with rather few restraints.
While national security is a valid reason for authorities to maintain a vigil, all our online protocols should aim for an appropriate equilibrium with the Right to Privacy.
Also read: Businesses had better adapt quickly to India’s new privacy law
topics
