In 2025, India is stepping into a new chapter in its digital journey with the rollout of the Digital Personal Data Protection Act, 2023 and its recently released Draft Rules. For everyday internet users, businesses and digital platforms, this means one thing: data privacy is no longer just a buzzword—it’s becoming law.
So, what’s changing?
At the core of the new rules is a simple but powerful idea: your data, your control. Companies must now clearly tell you what data they’re collecting, why they need it and how they plan to use it. No more vague “we value your privacy” banners. You’ll also have the right to take back your consent, ask for corrections or even request your data to be erased. And if your data is ever breached, companies must report it within 72 hours.
Protecting the most vulnerable—our children
A big win in these new rules is for children’s data. Platforms will need verifiable parental consent before collecting any information from users under 18. Plus, they won’t be allowed to target kids with ads or track their behaviour online—finally, a step toward a safer internet for young users.
A new kind of digital helper: Consent Managers
Ever felt overwhelmed managing app permissions? That’s where Consent Managers come in. Think of them as digital assistants who help you keep track of where your data is going and who’s using it—kind of like having a privacy watchdog in your corner.
Data localisation and international sharing
India is also being cautious about where our data ends up. While some data can be shared with countries that meet safety standards, certain types—especially sensitive personal information—may need to stay within India’s borders. It’s about protecting national digital sovereignty while staying connected globally.
What businesses need to do
For companies, these changes mean serious homework. From fintech and e-commerce to health and gaming platforms, they’ll need to upgrade security, appoint data protection officers and ensure they’re storing and handling data responsibly.
Why it matters
These rules aren’t just legal formalities—they’re about putting people first in the digital world. Whether you’re sharing your location on a food app or uploading ID documents for a loan, you should know how your data is used, and more importantly, be able to say “no” when you want.
India’s move in 2025 isn’t just about catching up—it’s about setting the tone for a future where privacy is a right, not a privilege.
