Pressmediaofindia
Related Articles
17-11-2025
Bureau Report
NEW DELHI/ BENGALURU: India put new privacy rules into force on Friday that will make Meta, Google, OpenAI and other companies minimize collection of personal data and give people more control over their information.
The rules, akin to the broader goals of the European Union’s landmark GDPR privacy law, come as countries are scrambling to safeguard personal data with the rising adoption of AI.
Companies will only be able to collect data that is necessary for a specified purpose under the rules, which will enforce India’s stringent 2023 Digital Personal Data Protection law.
Firms will also have to give Indian users a clear explanation for the collection, allow them to opt out and tell them if their information is involved in a data breach.
With nearly a billion users online, AI services including ChatGPT, Perplexity and Google Gemini count India among their biggest markets.
“This marks the most significant operational step in India’s new privacy regime since the DPDP Act 2023 came into force,” Dhruv Garg of the Indian Governance and Policy Project research group said.
India is also drafting a host of other regulations in the digital space, including higher compliance requirements for AI companies and social media firms.
The government passed the data privacy law in 2023. Its formalization of the rules governing it on Friday effectively puts it into practice.
Two years ago, Indian lawmakers have passed a data protection law that will dictate how tech companies process users’ data amid criticism that it will likely lead to increased surveillance by the government.
The law will allow companies to transfer some users’ data abroad while giving the government power to seek information from firms and issue directions to block content on the advice of a data protection board appointed by the federal government.
The Digital Personal Data Protection Bill, 2023 gives the government powers to exempt state agencies from the law and gives users the right to correct or erase their personal data.
The new legislation comes after India withdrew a 2019 privacy bill that had alarmed tech companies like Facebook and Google with its proposals for stringent restrictions on cross-border data flows.
The law proposes penalties of up to 2.5 billion rupees ($30 million) for violations and non-compliance.
The Internet Freedom Foundation, a digital rights group, has also said that the law does not contain any meaningful safeguards against “over-broad surveillance”, while the Editors Guild of India has said it affects press freedom and dilutes the Right to Information law.
Deputy Minister for information technology Rajeev Chandrasekhar has said that the law will protect the rights of all citizens, allow the innovation economy to expand, and permit the government legitimate access in the case of national security and emergencies like pandemics and earthquakes.
India on Friday proposed a new data privacy law that will allow companies to transfer some users’ data abroad, while giving the federal government powers to exempt state agencies from the law in the interests of national security.
The proposed law would be the latest regulation that could impact how tech giants such as Facebook and Google process and transfer data in India’s fast-growing digital market. It comes after India in August withdrew a 2019 privacy bill that had alarmed companies by proposing stringent restrictions on cross-border data flows.
