The Indian government has officially implemented new derivative rules under the Digital Personal Data Protection Act 2023, significantly tightening data collection practices by global technology companies. This stringent new regulation mandates that companies, including tech giants like Meta, Google, OpenAI, and other generative AI platforms, must now restrict their data collection solely to information that is truly relevant and absolutely necessary for their stated purposes.
This landmark policy marks a crucial step in the implementation of India’s digital privacy regime. As a nation boasting nearly a billion internet users and one of the largest global markets for burgeoning AI services such as ChatGPT, Perplexity, and Google Gemini, India’s move holds substantial weight. The government emphasizes that these new rules empower citizens with greater control over their personal data, a critical development given the exponential growth in the usage of artificial intelligence-powered services.
Under the latest rules, which were formally enacted last Friday (November 14), technology companies are now permitted to collect data only in a limited and specific manner, strictly for purposes explicitly outlined to users. Furthermore, these companies are obliged to provide clear opt-out options for data processing and must promptly notify users in the unfortunate event of a data breach or security incident involving their personal information.
This proactive measure aligns India’s digital governance with esteemed global data protection standards, notably drawing parallels with the European Union’s comprehensive General Data Protection Regulation (GDPR). The GDPR has become a global benchmark, guiding numerous countries in structuring a more secure and transparent digital ecosystem, a vision India now shares.
“This marks the most significant operational step in India’s new privacy regime since the DPDP Act 2023 came into effect,” stated Dhruv Garg from the Indian Governance and Policy Project, as quoted by Reuters on Saturday (November 15).
Stricter Oversight Ahead
Beyond these immediate privacy regulations, the Indian government is actively preparing a series of additional digital sector rules. These upcoming measures will encompass enhanced compliance standards for AI companies, social media platforms, and other major technology platforms that process user data on a massive scale, signaling a comprehensive approach to digital governance.
With the activation of the DPDP 2023’s derivative rules, India is positioning itself as one of Asia’s nations with the most progressive digital privacy regulatory frameworks. The government anticipates that this policy will not only significantly bolster citizen data protection but also foster more responsible technology governance amidst the rapid and widespread expansion of AI services across the nation.
Summary
India has officially implemented new derivative rules under the Digital Personal Data Protection Act 2023, significantly tightening data collection practices by global technology companies like Meta, Google, and OpenAI. These regulations mandate that companies restrict data collection solely to information that is truly relevant and necessary for their stated purposes. Furthermore, companies must provide clear opt-out options for data processing and promptly notify users in the event of a data breach.
This landmark policy aligns India’s digital governance with esteemed global data protection standards, notably drawing parallels with the European Union’s GDPR. As a nation with nearly a billion internet users, India aims to bolster citizen data protection and foster more responsible technology governance amidst the rapid expansion of AI services. The government is also preparing additional digital sector rules, including enhanced compliance standards for AI companies and social media platforms.
