In January 2025, the draft Digital Personal Data Protection Rules (Rules) were published by the Ministry of Electronics and Information Technology (MeitY)

The executive branch controls the Data Protection Board (DPB).

One of the main problems with the draft Rules is the Union government's latitude in choosing members of the DPB, a quasi-judicial body charged with resolving disputes involving the protection of personal data.

The Rules, which give the government considerable control over the DPB's member selection procedure, have sparked questions about the Board's independence and the separation of powers.

The Appeals Process and the Role of the TDSAT

Another issue is the appeals process outlined in the draft Rules. The Rules stipulate that the TDSAT has a strict six-month deadline to decide digital appeals against DPB decisions.

There are several doubts regarding the feasibility of this approach, despite the noble objective of guaranteeing timely resolution. The TDSAT is already overburdened with cases, particularly from the telecom sector, which consumes a significant portion of the tribunal's time.

Lack of Data Protection Expertise

Another concern brought up by the draft Rules is the requirement for specific data protection expertise within the TDSAT. Tribunals typically deal with sector-specific cases and assign technical members who are experts in the relevant fields.

However, data protection issues are distinct from those related to general governance or telecommunications, and they necessitate a particular understanding of privacy laws, permission processes, and the nuances of data processing, storage, and transfer.

Lack of Technical Infrastructure for Digital Filings The draft Rules also recommend that appeals be filed online. There have been concerns expressed about whether the TDSAT's IT infrastructure is adequate to manage these filings, despite the fact that this is consistent with the trend toward digital governance.

The tribunal's current digital infrastructure has been criticized for being hard to use and accessible, and many parties have expressed their lack of trust in it.

Lack of Transparency and Accountability

Finally, there are problems with the DPB's operations, the TDSAT's lack of accountability and transparency, and the way the Digital Personal Data Protection Act is being implemented. The draft Rules don't specifically address the creation of thorough annual reports or details on how these entities function.

A major change in India's digital governance structure is outlined in the draft Digital Personal Data Protection Rules of 2025, which designate the TDSAT as the final arbiter of data protection disputes. However, the TDSAT needs significant institutional adjustments in order for this system to work well.

The TDSAT will be better able to handle data protection appeals and enforce the rule of law in India's quickly changing digital environment by putting changes into place.