New Delhi: In a significant move to modernise India’s digital governance landscape, the government has announced that digital data accessed by Income Tax (I-T) officials will be handled in full compliance with the Digital Personal Data Protection (DPDP) Act.
This update follows the presidential assent to the new Income Tax Act 2025 on August 22. The Act, replacing the Income Tax Act of 1961, will take effect from April 1, 2026, and aims to simplify tax administration while strengthening digital enforcement mechanisms.
Redefining ‘Computer Systems’ for Better Access
While presenting the Bill in the Rajya Sabha, Finance Minister Nirmala Sitharaman highlighted the need to empower tax officials to access digital devices during investigations. She noted that some individuals attempt to block access by claiming their devices do not fall under the legal definition of a “computer system.”
To counter this, the new Act expands that definition, aiming to close loopholes often exploited by tax evaders.
CBDT Assures Adherence to Privacy Protocols
Addressing concerns over potential privacy violations, RN Parbat, Member (Legislation) at the Central Board of Direct Taxes (CBDT), confirmed that tax officials will follow strict guidelines laid out under the DPDP Act.
“We will work in tandem with the Data Protection Act. Clear instructions on managing digital data during searches and seizures will be included in the Standard Operating Procedure (SoP),” he stated.
Despite the expanded enforcement scope, Parbat reiterated the department’s trust-based approach: “We believe in our taxpayers. Of the many returns filed, only around two lakh are scrutinised annually.”
Simplified Tax Compliance on the Horizon
To make compliance easier for taxpayers, the CBDT also plans to introduce standardised and digital-friendly tax forms. This includes smart forms for TDS, TCS, and advance tax filings, part of the broader effort to modernise tax administration.
DPDP Act Moves Closer to Implementation
More than 16 months after it was passed, the DPDP Act is finally nearing operational rollout. The Home Ministry has approved the draft rules, and the Ministry of Electronics and Information Technology (MeitY) is set to release them for public consultation shortly. Final rules will be notified and implemented in phases.
Stronger Safeguards and Penalties Introduced
The DPDP Act outlines a robust framework for digital privacy, covering key principles like user consent, data minimisation, purpose limitation, and rights to access or delete data. Companies will be required to disclose what personal data they collect, how it is used, and how long it will be retained.
Special provisions will apply for minors, and some exemptions may be granted in specific contexts. A new Data Protection Board will be set up to resolve disputes between users and data-handling entities.
Entities found violating the Act could face penalties of up to ₹250 crore per breach.
