Definitions

Written By BareMinLaw

Rule 1: Short Title & Commencement

1(1).

  • These rules are formally titled the Digital Personal Data Protection Rules, 2025.

1(2).

  • Rules 1, 2 and 17 to 21 will start applying immediately.

  • They will come into effect on the day they are published.

  • The publication must be made in the Official Gazette.

  • All other rules will come into force on dates notified separately.

    1. Rule 1 deals with: Short title and commencement.

    2. Rule 2 deals with: Definitions.

    3. Rule 17 deals with: Appointment of Chairperson and other Members.

    4. Rule 18 deals with: Salary, allowances and other terms and conditions of service of Chairperson and other Members.

    5. Rule 19 deals with: Procedure for meetings of Board and authentication of its orders, directions and instruments.

    6. Rule 20 deals with: Functioning of Board as digital office.

    7. Rule 21 deals with: Terms and conditions of appointment and service of officers and employees of Board.

1(3).

  • Rule 4 will not apply immediately.

  • It will come into force one year after the date of publication..

  • The publication will be made in the Official Gazette.

  • Rule 4 deals with:

1(4).

  • Rules 3, 5 to 16, 22 and 23 will not apply immediately.

  • They will come into force eighteen months after the date of publication.

  • The publication will be made in the Official Gazette.

    1. Rule 3 deals with: Notice given by Data Fiduciary to Data Principal.

    2. Rule 5 deals with: Processing of personal data for issue of subsidy, benefit, service, certificate, licence or permit by State and its instrumentalities.

    3. Rule 6 delas with: Reasonable security safeguards.

    4. Ruled 7 deals with: Intimation of personal data breach.

    5. Rule 8 deals with: Time period for specified purpose to be deemed as no longer being served

    6. Rule 9 deals with: Contact information of person to answer questions about processing

    7. Rule 10 deals with: Verifiable consent for processing of personal data of child.

    8. Rule 11 deals with: Verifiable consent for processing of personal data of person with disability who has lawful guardian.

    9. Rule 12 deals with: Exemptions from certain obligations applicable to processing of personal data of child

    10. Rule 13 deals with: Additional obligations of Significant Data Fiduciary

    11. Rule 14 deals with: Rights of Data Principals.

    12. Rule 15 deals with: Transfer of personal data outside the territory of India.

    13. Rule 16 deals with: Exemption from Act for research, archiving or statistical purposes.

    14. Rule 22 deals with: Appeal to Appellate Tribunal.

    15. Rule 23 deals with: Calling for information from Data Fiduciary or intermediary

Rule 2: Definitions

2(1).

  • Certain words and expressions have fixed meanings under these rules.

  • These meanings apply across all the rules.

  • If the context clearly demands a different meaning, that meaning will be used instead.

  • (a).

    1. Act means the Digital Personal Data Protection Act, 2023.

    2. The Act is the parent legislation under which these rules are framed.

  • (b).

    1. Techno-legal measures include both technical and legal safeguards.

    2. They combine technology-based protections with legal compliance requirements.

    3. The term Techno-Legal Measures must be read together with Rules 20 and 22.

  • (c).

    1. A user account means the online account created by a Data Principal with a Data Fiduciary.

    2. It is not limited to just a login ID or username.

    3. The definition expressly includes:

      1. Profiles

      2. Pages

      3. Handles (such as social media handles)

      4. Email addresses

      5. Mobile numbers

      6. Any other similar digital identifiers

    4. The key idea is that any digital presence through which a Data Principal accesses a Data Fiduciary’s services is treated as part of the user account.

    5. Therefore , all linked identifiers are covered under data protection obligations and cannot be excluded by technical structuring.

  • (d).

    1. Verifiable consent refers to a form of consent that is not merely claimed, but capable of being proved.

    2. Such consent must be obtained in the manner specified under rule 10 or rule 11.

2(2).

  • Some words and expressions are used in the Rules without being defined in the Rules themselves

  • If such words are defined in the Act, then the meaning of those words will be taken from the Act.

  • So , the same meaning assigned in the Act will apply in the Rules.

BareMinLaw https://bareminlaw.com
Next

Notice Obligations and Consent Manager Framework