The Internet and Mobile Association of India (IAMAI), which represents over 550 Indian and multinational tech companies, has urged the government to provide a two-year extension for complying with certain provisions of the Digital Personal Data Protection (DPDP) Act.
The DPDP Act, which provides a framework for processing citizens' personal data, became a law after it was passed in Parliament in August. However, the law has not been implemented yet.
IAMAI's request is in line with other industry bodies which have maintained that several provisions of the Act would require technical, product, policy and process-level changes, and that they would require ample time to make these changes and make them DPDP-compliant.
However, it is important to note that the government has reiterated that it was disinclined from giving platforms a long time for being compliant-ready.
Last week, Minister for Electronics and Information Technology (MeitY) Ashwini Vaishnaw said, ""Why should people ask for so much time for data protection? Practically, the entire industry is attuned to it, given that the GDPR, Singapore Data Protection Act and so on are in effect."
‘Lack of clarity on how the notice is to be served’
In its submission to MeitY, a copy of which Moneycontrol has reviewed, IAMAI, at first, requested a 12-24 month period to comply with the DPDP Act's requirement that platforms provide notice to citizens on processing their personal data. Sources said that the letter was submitted last week.
IAMAI said there was lack of clarity on how the notice was to be served to users, and that the government has to prescribe rules in that regard. "Once the manner of providing notice is prescribed.. data fiduciaries will need time to align requirements of notice..." the submission read.
Also read: What the Digital Personal Data Protection Bill means for you
Confusion over consent managers
Secondly, the IAMAI has requested 24 months to comply with the requirement of establishing consent managers. A consent manager will represent a user and will take action on his/her behalf when granting, managing, reviewing, or revoking consent.
"Consent managers are a relatively new concept and thus need extended timelines for implementation," the submission read, while further requesting the government to undertake a consultation on this specific provision.
IAMAI has also requested the government for an extension of a "minimum period" of 24 months to comply with the additional obligations that the DPDP Act levies on significant data fiduciaries (SDFs).
According to the law, the central government can notify any data fiduciary as an SDF, based on the volume of personal data that it processes, the potential risk that this processing may have on users, risk to democracy, and so on.
"The government has not yet defined which entities will get classified as SDFs while attaching broad new requirements to these entities," said the submission.
The industry has also requested an extension period of two years for complying with the requirement of erasure of personal data .
For other requirements such as allowing users to withdraw consent from processing of personal data and processing of personal data of children, IAMAI has requested an 18-month period to comply with these provisions. For processing children's data, platforms will have to establish age-gating mechanisms.
"Platforms may be required to build new and external APIs, and digital infrastructure to collect and process consent to operationalise the verifiable consent requirement under this provision, as well as operationalise appropriate age-verification mechanisms. Building, testing, and implementing such mechanisms in a safe and secure manner would require time," the submission read.
Moneycontrol has reached out to IAMAI for a comment on the matter, and this report will be updated when a response is received.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
