AIGF submits comments on Data Protection Rules to Meity

Prepend to the content

The All India Gaming Federation (AIGF), a representative body for online gaming in India, has submitted recommendations to the Ministry of Electronics and Information Technology (MeitY) on the Draft Digital Personal Data Protection Rules, 2025 (DPDP Rules). The recommendations address the need for a regulatory framework that maintains data privacy and security while supporting industry compliance.

AIGF’s recommendations highlight concerns regarding compliance challenges for businesses, particularly small and medium-sized enterprises (MSMEs) in the gaming sector. Representing over 120 members with a combined valuation of USD 10 billion, AIGF has suggested modifications to ensure data protection requirements do not create excessive regulatory burdens.

Key Recommendations Submitted by AIGF

1. Security Safeguards (Rule 6)

AIGF has recommended revising Rule 6(1)(a) to allow Data Fiduciaries to implement ‘appropriate measures’ instead of ‘reasonable measures’ for data protection. This would give businesses the flexibility to adopt security protocols suited to their operational needs without unnecessary financial strain. AIGF emphasized that encryption should not be mandatory, as it may not always be the most suitable option for every organization.

2. Personal Data Breach Reporting (Rule 7)

The federation suggests introducing a materiality threshold for reporting breaches to the Data Protection Board (DPB). Additionally, AIGF has proposed a staggered reporting system where initial breach notifications can be submitted within 72 hours, with detailed reports following after thorough internal assessments. This approach would prevent unnecessary alarms and improve compliance.

3. Notifying Affected Users (Rule 7)

AIGF advocates for a phased approach to notifying affected users in case of a data breach. This would provide Data Fiduciaries sufficient time to compile accurate information before reaching out to users, preventing unnecessary panic. The organization believes that immediate reporting without verification may cause confusion and compliance challenges.

4. Data Retention Timelines (Rule 8)

The organization has requested clarity on the application of retention timelines, specifically for online gaming intermediaries with over 50 lakh registered users. The recommendation seeks to simplify compliance for platforms operating multiple services under one entity. AIGF also urged the government to specify whether the threshold applies to an individual platform or the aggregate user base of a company.

5. Additional Obligations for Significant Data Fiduciaries (Rule 12)

AIGF has sought clarification on the due diligence measures required for evaluating algorithmic software. The organization also requested a precise definition of what constitutes a “risk to the rights of Data Principals.” Furthermore, AIGF emphasized the need for clear guidance on data localization requirements under Rule 12(4), especially since many companies use cloud-based services for storage and processing.

6. Processing of Personal Data Outside India (Rule 14)

AIGF has requested clarity on restrictions related to cross-border data transfers, particularly to foreign governments. The organization highlighted that businesses using global cloud infrastructure must understand how to comply with potential data transfer restrictions without violating laws in other jurisdictions.

7. Exemptions for Research and Statistical Purposes (Rule 15)

AIGF has sought confirmation on whether the exemptions for research activities extend to private sector initiatives such as AI model training and fraud detection. The organization believes that providing clear guidelines would encourage innovation while ensuring regulatory compliance.

Industry Perspective and Future Outlook

Regarding these recommendations, Roland Landers, CEO of AIGF, stated, “The DPDP Act and Rules are a significant regulatory development that will require substantial operational changes for businesses. We appreciate the consultative approach taken in shaping these regulations and look forward to actively participating in the stakeholder engagement process.”

AIGF remains committed to working with the government to ensure a seamless transition while helping its members navigate these regulatory changes. The organization aims to foster a secure and responsible gaming ecosystem while contributing to India’s growing digital economy.

The post AIGF submits comments on Data Protection Rules to Meity appeared first on G2G News.