India Enforces New Data Privacy Rules, Tightening Controls on Big Tech

India has officially brought into force a new set of data privacy rules that significantly tighten restrictions on how companies like Meta, Google, OpenAI and other digital platforms collect and process personal information. The regulations, aligned with the broader objectives of the EU’s GDPR, are designed to give citizens greater control over their data amid the rapid expansion of AI technologies. The rules operationalize the Digital Personal Data Protection (DPDP) Act of 2023, marking a major milestone in India’s evolving digital governance framework.

Under the new rules, companies may collect only the data strictly necessary for specific purposes and must clearly explain the reasons for doing so. Firms are required to offer users the option to opt out, notify them in the case of a data breach, and ensure transparent data-handling practices. With India being one of the world’s largest online markets—home to nearly a billion internet users—AI platforms including ChatGPT, Perplexity and Google Gemini are expected to undergo significant operational adjustments. Dhruv Garg of the Indian Governance and Policy Project noted that this rollout represents the most substantial step in enforcing India’s privacy regime since the DPDP Act was passed.

The government is simultaneously working on additional digital regulations, including heightened compliance requirements for AI developers and social media platforms. The formalization of these privacy rules reinforces India’s commitment to strengthening data protection and safeguarding citizens’ information in a fast-evolving technological landscape.

Pic Courtesy: google/ images are subject to copyright