Data Protection Rules to be published within a month: Union IT minister
A draft of the Digital Personal Data Protection Rules will be published for public consultation within thirty days, IT minister Ashwini Vaishnaw said on Monday.
A draft of the Digital Personal Data Protection Rules will be published for public consultation within thirty days, IT minister Ashwini Vaishnaw said on Monday.

“The entire digital framework has been completed. Its design, how the workflow will happen, how people will interact, how the Data Protection Board will take the cases, and take the applications, and take the appeals, how they will decide — we have prepared a digital structure for all of it,” Vaishnaw said.
While the minimum consultation period for such drafts is 45 days, the government is expected to give at least 60 days for the public to respond to the draft.
The rules are critical to implementing the Digital Personal Data Protection Act, 2023, which received Presidential assent in August 2023. Under the DPDP Act, a Data Protection Board will function as a “digital office” to deal with issues related to personal data breaches in a “digital by design” manner. Similarly, an appellate tribunal, to which complaints can be escalated if they are not satisfactorily resolved by the Board, will also be a “digital office”.
In June, Vaishnaw said that the digital platform for the Data Protection Board is being built parallelly within MeitY, adding that it will be created by the National Information Centre and the Digital India Corporation. This platform is currently being tested and will be launched after the rules are finalised, he said on Monday.
In July, a ₹2-crore fund was allocated to the ministry of electronics and information technology (MeitY) to meet the establishment and salary expenses of the Data Protection Board in FY25. This allocation is expected to grow as the act is brought into effect.
Vaishnaw also said that the government has resolved the issue around processing consent for children’s data and the details would be revealed when the draft rules are released for consultation. Processing children’s data has been a sticking point in discussions around the DPDP Rules.
HT reported in July that the government did not intend to prescribe a specific mechanism for data fiduciaries to verify parental consent for minors using digital services as officials acknowledged the technical challenges with verifying parental consent.
