The Ministry of Electronics and Information Technology (MeitY) is expected to extend the consultation period for the draft Digital Personal Data Protection (DPDP) Rules, with focus groups set to be formed for in-depth discussions on specific aspects of the proposed regulation. The move follows the first consultation session, attended by over 300 industry stakeholders and led by Minister Ashwini Vaishnaw.
"The objective was to keep the rules simple and not be prescriptive. We will get the right balance between innovation and regulation. The government will have a series of focused consultations with organisations," Vaishnaw told media persons after the meeting.
Currently, the consultation period is scheduled to end on February 18, and the government is seeking comments on the draft regulation from stakeholders.
During the meeting held at the India Habitat Centre, IT minister Vaishnaw, secretary S Krishnan and others listened to industry on their concerns regarding various provisions of the rules.
From the industry side, in attendance were members of companies like Meta, Google, Snap, Sharechat, OpenAI and so on. Members from industry bodies such as Nasscom, IAMAI, DSCI, The Software Alliance, Ficci, Broadband India Forum, apart from other lawyers and policy professionals were also present.
Most of the points that were raised included on the provisions on restriction on processing of children's data, the consent manager mechanism, obligations for significant data fiduciaries including the data transfer restriction requirement and so on.
There are concerns in the industry regarding how the identification system for children would work in the rules.
Executives also questioned the ambiguity and lack of clarity over the restrictions on data transfer that have been proposed for data fiduciaries.
"The data localisation requirements can potentially clash with regulations of other governments, and that is something very concerning for the industry," said an attendee.
It was also pointed out to the government that the proposed requirement that all "cyber incidents" be reported to the Data Protection Board can increase compliance requirements massively for all types of companies. A risk-based threshold for the "cyber incident" reporting provisions was proposed.
"Idea was to make these rules simple and accessible. We have taken taken note of all points, and we have assured that consultation process will be extensive as it can be," Vaishnaw said.
He added, "The architecture required will be fully digital in implementation, that's why we delayed the publication of rules because we wanted the architecture in place."
Earlier in the day, Moneycontrol reported how USIBC's executive director for digital economy Jacob Gullish has sought clarity on the various provisions including localisation requirements and sector-specific regulation.
"While the DPDP Rules are generally light-touch and flexible, it’s important that the actual compliance requirements are risk-based, pragmatic and fit for purpose to promote innovation and investment from smaller companies and new entrants.
“Ambiguity around certain provisions, such as sector-specific regulation and data localisation requirements, adds complexity and could deter investment or product launches in India," Gullish told Moneycontrol.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
