India Finalizes Digital Personal Data Protection Rules, Awaits Legal Clearance

The Government of India has finalised the operational rules under the Digital Personal Data Protection Act, 2023 (DPDP Act). It has marked a significant milestone in the country’s journey toward comprehensive data governance. The rules, which detail the implementation framework for the landmark legislation, are now awaiting final legal vetting before formal notification. 

The DPDP Act, passed by Parliament in August, establishes a legal regime for the processing of personal data, introducing obligations for data fiduciaries, rights for individuals, and penalties for non-compliance. It also sets up the Data Protection Board of India, which will oversee enforcement and adjudicate disputes. 

According to officials from the Ministry of Electronics and Information Technology (MeitY), the finalised rules cover key operational aspects such as notice formats, consent mechanisms, grievance redressal procedures, breach reporting timelines, and exemptions for certain categories of data handlers. The rules are expected to clarify how entities that range from startups and multinational corporations to government departments must comply with the Act’s provisions.

The government had earlier conducted extensive public consultations, receiving over 6,900 comments from industry bodies, civil society organisations, legal experts, and technology firms. These inputs were reviewed to ensure the rules are practical, inclusive, and aligned with global standards. Once legally cleared, the rules will be notified in the official gazette, triggering the enforcement phase of the DPDP Act. MeitY is expected to issue phased compliance timelines, prioritising high-risk data processors and large platforms. Training modules and awareness campaigns are also being planned to support implementation, especially among small and medium enterprises.    

📰 Mini Headlines   

ADGM Introduces New Data Protection Rules to Balance Privacy and Public Interest 

 Abu Dhabi Global Market (ADGM) has issued updated Data Protection Regulations. It aims at balancing individual privacy rights with broader public interest. The rules introduce clearer definitions of legitimate interest, data subject rights, and conditions for cross-border data transfers. ADGM also strengthens accountability requirements for data controllers and processors, including mandatory impact assessments for high-risk processing. The framework aligns with global standards such as GDPR while addressing regional needs.   

Data Protection Regulation 

Read More →   https://www.mondaq.com/data-protection/1687008/adgms-new-data-protection-rules-balancing-privacy-and-public-interest    

 Paris Prosecutor Investigates Apple’s Siri Over Alleged Privacy Violations

 The Paris Prosecutor’s Office has launched an investigation into Apple’s voice assistant Siri, following complaints about potential violations of France’s data protection laws. The probe focuses on how Siri collects, stores, and processes voice data, particularly whether users are adequately informed and consent is properly obtained. French regulators are examining whether Apple’s practices comply with the EU’s General Data Protection Regulation (GDPR). The investigation could lead to enforcement action or fines if breaches are confirmed. Apple has yet to issue a formal response, but maintains that Siri is designed with privacy as a core principle.  

Read More →  https://beritasriwijaya.co.id/paris-prosecutors-office-probing-siri-apples-voice-assistant-2/      

 Norway’s data protection authority, Datatilsynet, has recommended a national ban on remote biometric identification technologies, citing risks to privacy and civil liberties. The watchdog argues that systems capable of identifying individuals from a distance, such as facial recognition in public spaces, pose disproportionate surveillance threats. Datatilsynet emphasised that biometric tools should only be used in tightly controlled, high-security contexts and warned against normalising mass identification in everyday settings. The recommendation is now under government review. 

Data Protection Authority 

Read More →    https://www.biometricupdate.com/202510/norways-data-privacy-watchdog-seeks-ban-on-remote-biometric-identification