India’s Digital Personal Data Protection (DPDP) Act, a long-awaited data protection law, has taken a step closer to implementation. The government has drafted rules for the DPDP Act and plans to release them for public consultation. Simultaneously, work is underway to develop the digital architecture for the Data Protection Board, which is mandated by the DPDP Act to function as a digital office for handling complaints, conducting hearings, and making decisions. The DPDP Act received presidential assent on August 12, and this development marks a significant step toward its implementation.
“In its current form, the Act creates a very good balance between innovation and protection. So practically every company we have spoken to is very happy with the Bill and they are looking forward to the implementation,” Ashwini Vaishnaw said.
The implementation of India’s Digital Personal Data Protection (DPDP) Act will follow a specific sequence of steps, according to Ashwini Vaishnaw, the Minister of Electronics and Information Technology. First, the draft rules will be published for public consultation for a minimum of 45 days. Simultaneously, the digital infrastructure for the Data Protection Board (DPB) will be developed. Once the rules are approved by Parliament, the DPB will be established. The 25 sets of rules required for the DPDP Act’s implementation will be published for public consultation simultaneously, and the earliest they can be tabled in Parliament is in the truncated winter session expected in December.
“The government is not inclined [to give companies 12-18 months to comply with the Act],” Vaishnaw said further, as per a report in Hindustan Times.
“Why should people ask for so much time for data protection? Practically the entire industry is attuned to it given that the [the European Union’s] GDPR, Singapore Data Protection Act, etc. have been in effect,” Vaishnaw added
The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 have faced legal challenges, with over 20 lawsuits pending in different high courts and the Supreme Court. Critics argue that these rules exceed the scope of the parent act, the Information Technology Act, and are ultra vires.
Minister Ashwini Vaishnaw highlighted that most platforms have complied with government notices, such as the one issued to Telegram, YouTube, and X (formerly Twitter) to remove child sexual abuse material (CSAM) on October 6. He emphasized that platforms should not have unlimited exemption from liability for third-party content, as global societies are demanding a strengthened moderation process.
Also Read: India’s 5G Innovations Set To Inspire Global Applications: Ericsson India MD