BACK TO DPDP RULES INDEX
DPDP Rules 2025 Phase 1 (In force — 13 November 2025) ADMINISTRATIVE

Rule 2

Definitions

Practical Note

Rule 2 definitions are operative immediately. Key new definitions: 'User Account' (any online account including social media, email, banking, streaming) and 'Specified Purposes' (purposes for which consent notice templates are issued). These definitions shape compliance interpretation across all Rules.

THE STATUTE

Original Text

In these rules, unless the context otherwise requires, — (a) 'Act' means the Digital Personal Data Protection Act, 2023; (b) 'Board' means the Data Protection Board of India established under section 18 of the Act; (c) 'Chairperson' means the Chairperson of the Board appointed under sub-section (3) of section 19 of the Act; (d) 'section' means a section of the Act; (e) 'User Account' has the meaning assigned to it by rule 12; [additional definitions follow].

Analysis & Details

Rule 2 supplements the definitions in DPDP Act Section 2 with additional terms used in the Rules. The most operationally significant new definition is 'User Account' — which is defined expansively in Rule 12 to cover virtually all forms of an individual's online presence: social media accounts, email, banking apps, streaming subscriptions, e-commerce accounts, and any other account where personal data is accessible. This broad definition means that any Data Fiduciary operating an online platform where users create accounts must comply with the account-related provisions (notice, consent, erasure on account deletion). Another key defined term is 'Specified Purposes' — referring to the purpose categories for which the Central Government may issue standardised consent notice templates under Rule 3. The Rule 2 definitions interact with and extend the Act's Section 2 definitions, creating a two-tier definitional framework that must be read together.

GDPR Parallel

Article 4 (Definitions)

IT Act Impact

Rule 2's 'User Account' definition will shape how IT Act Section 79 (intermediary safe harbour) interacts with DPDP obligations — intermediaries maintaining User Accounts will have DPDP-specific obligations layered on their IT Act duties.

Common Queries

Under Rule 2 read with Rule 12, a 'User Account' is any account created and maintained by a Data Fiduciary on behalf of a Data Principal — including social media accounts, email accounts, banking app accounts, streaming subscriptions, e-commerce accounts, and any other platform where personal data is accessible through a login. The definition is deliberately broad to capture the full range of digital relationships between platforms and their users.

Key Rules & Provisions

'User Account' defined expansively — covers social media, banking, streaming, e-commerce accounts.

'Specified Purposes' definition links to Rule 3's consent template mechanism.

Definitions in Rule 2 supplement (not replace) Act Section 2 definitions.