The Government of India has received 6,915 valuable inputs from citizens, experts, and stakeholders on the Draft Digital Personal Data Protection Rules, 2025. These rules aim to implement the Digital Personal Data Protection (DPDP) Act, 2023 and lay the groundwork for a safe and accountable digital environment in India.
Balancing Data Rights and Lawful Processing
The DPDP Act, 2023, is a landmark legislation that balances the right to privacy with the need for lawful data processing. It ensures that Data Fiduciaries—entities that handle personal data—are held accountable for breaches and must adopt technical safeguards.
The Draft DPDP Rules 2025 were published earlier this year for public consultation. Citizens and organizations were encouraged to share feedback. This inclusive approach received a strong response with 6,915 inputs, reflecting India’s growing awareness of digital data privacy.
Making Cyberspace Safer for All
The Government is committed to building a trusted and secure cyberspace. Several programs and policies are in place to support this goal:
- Regular cybersecurity training for government officials and IT professionals
- Nationwide campaigns like Cyber Security Awareness Month and Safer Internet Day
- Launch of CyberShakti in October 2024 to train women in cybersecurity roles
- Under the Information Security Education and Awareness (ISEA) programme, over 3,637 workshops have reached more than 8.2 lakh people
Digital Awareness at the Grassroots
The government has also made cybersecurity awareness multilingual and accessible. Materials like handbooks, advisories, videos, and posters are available in various languages.
These resources cover topics such as online scams, deepfakes, phishing, and safe internet practices. They can be accessed at official websites like:
National Cybersecurity Infrastructure Strengthened
The government has invested heavily in strengthening India’s cybersecurity infrastructure. Key institutions play a crucial role in protecting national data:
- National Critical Information Infrastructure Protection Centre (NCIIPC) protects vital systems under Section 70A of the IT Act
- Indian Computer Emergency Response Team (CERT-In) responds to cybersecurity threats and issues advisories under Section 70B
- National Cyber Coordination Centre (NCCC) facilitates real-time threat detection and inter-agency coordination
- Cyber Swachhta Kendra (CSK) offers free malware removal tools and promotes cyber hygiene for individuals
- National Cyber Security Coordinator (NCSC) ensures synergy among all cybersecurity agencies
Legal Framework for Data Protection
India’s IT Act, 2000, along with its 2011 Rules, prescribes reasonable security practices for protecting sensitive personal data. The DPDP Act expands on this by establishing a clear legal framework for digital personal data protection.
Data Fiduciaries are required to:
- Implement technical safeguards to prevent data breaches
- Adopt organizational measures that promote data security and user consent
- Ensure accountability and transparency in handling personal information
Public Participation is Key
The collection of 6,915 public inputs shows that Indians are becoming more engaged with digital governance. Feedback from citizens, civil society, academia, and industry helps shape data protection rules that are both robust and practical.
This move not only empowers users but also strengthens the democratic foundation of digital policymaking.
Union Minister’s Statement
Union Minister of State for Electronics and IT, Shri Jitin Prasada, shared this information in the Rajya Sabha on July 25, 2025. He highlighted the government’s ongoing work in cybersecurity and digital safety for all citizens.
The Road Ahead
India is building a digital future that values privacy, accountability, and inclusivity. With the DPDP Act in place and the 2025 Rules underway, India moves closer to aligning its digital governance with global data protection standards.
Upcoming steps include:
- Finalizing DPDP Rules based on public input
- Strengthening grievance redressal mechanisms
- Expanding digital literacy to rural and semi-urban areas
- Launching new tools and platforms to combat deepfakes and digital fraud
Conclusion
India’s digital journey is not just about infrastructure—it’s about people’s safety and trust. The Digital Personal Data Protection Rules, 2025 are a key step in making India’s digital ecosystem more secure, inclusive, and accountable.
The public’s active participation in shaping these rules is a powerful reminder: Cybersecurity is a shared responsibility.
