India Rolls Out New Privacy Rules Giving Users More Control Over Their Data
Published
Key Takeaways
- New rules implemented: India enforced new regulations under its 2023 Digital Personal Data Protection law, impacting how tech companies handle user information.
- Data minimization mandated: Big tech companies must collect only the personal data necessary for a specified purpose.
- Enhanced user control: The rules grant Indian users greater control over their data, including the right to opt out of collection and receive notifications of data breaches.
India has officially operationalized its new India data privacy rules, enforcing the stringent 2023 Digital Personal Data Protection law. As of Friday, major technology firms, including Meta, Google, and OpenAI, must adhere to stricter regulations governing the collection and processing of personal information.
Implications for AI and Big Tech
Companies are now required to practice data minimization, collecting only information that is essential for a clearly stated purpose. The rules are designed to give India's nearly one billion internet users more control over their data, establishing a framework that shares core principles with the European Union's GDPR.
The timing of these regulations aligns with other countries globally working to establish guardrails for the rapidly expanding field of artificial intelligence, according to Reuters.
Under the new rules, firms must provide users with clear explanations for data collection, offer straightforward opt-out mechanisms, and promptly disclose any data breaches involving their information.
This move represents a major step in establishing a comprehensive privacy regime in one of the world's largest digital economies.
A New Era of Data Governance in India
The formalization of these rules marks the practical implementation of the 2023 data privacy law. This GDPR-like privacy law in India is part of the Indian government's broader push to regulate the digital space more comprehensively.
With services like Perplexity, OpenAI’s ChatGPT, and Google Gemini counting India as a major market, AI data compliance becomes a critical operational requirement, and compliance regulations targeting AI companies and social media platforms are also in development.
According to Dhruv Garg of the Indian Governance and Policy Project, this enforcement is "the most significant operational step in India's new privacy regime," signaling a new era of data accountability for companies operating in the country.
Earlier this year, TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi were accused of sending data from the EU to China, and DeepSeek was questioned by the DPA and Euroconsumers on user data processing.
In other news, the Chinese state-sponsored GTG-1002 was seen using Claude AI for cyberespionage, targeting tens of organizations.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular