The rules for the eagerly awaited Digital Personal Data Protection (DPDP) Act may be released by end of the ongoing session of the Parliament, sources said.

It was nearly a year back when the DPDP Act was passed in the Parliament. However, India's first legislation, which brings safeguards to prevent personal data breaches, has still not yet been implemented. That is because many of the bill's provisions require additional clauses, which the Rules will bring in.

Sources told the publication that the government has given a green light for the draft to be released for public consultation, either by the end of this week or by the end of the ongoing Parliament session -- likely to be August 12.

A government official said that the rules are very close to completion, without committing to a specific timeline for their release. However, the official said that there will be a month-long consultation meeting.

As of last month, the government was still unsure about certain provisions of the rules, especially on how to verify children's age. The DPDP Act defines a child as someone below the age of 18 and Section 9 of the Act mandates that such children have to be verified and parental consent will be required before processing the data of a minor

It held a consultation meeting with social media firms regarding this issue, where it told the firms that the government is not going to prescribe any method for verifying children's age.

The IT ministry also asked these firms to send their solutions on how to deal with this problem. The publication now understands that the platforms have sent across these deliverables.

Also read: MeitY asks social media platforms to devise methods for age verification of children

Earlier, in an interview with Moneycontrol, IT ministry secretary S Krishnan had said that notifying the DPDP (Digital Personal Data Protection) Act’s rules quickly is a 'priority' for the new National Democratic Alliance government.

What could the DPDP Rules have

Exemptions on the processing of children's data: The government may exempt educational institutions, health establishments, and certain government entities from the restrictions on the processing of children's data mandated under the DPDP Act

Data breach and data protection board: Any platform processing the personal data of users, whether a private or government entity, must immediately notify the Data Protection Board (DPB) of any data breach upon becoming aware.

Onus on platforms to ensure consent: When taking permission to process data of children or disabled persons, the onus may be on platforms to ensure that consent is obtained from the child's parents or legal guardians, and the same should be verified with the help of government-mandated IDs