The much-awaited draft of the Digital Personal Data Protection (DPDP) Rules, which is out for public feedback, has evoked a balanced response. “The feedback has been balanced, with constructive suggestions for improvement, rather than negative. One difficult issue to address is verifiable parental consent, as collecting more information to verify consent could undermine the purpose of personal data privacy,” S Krishnan, Secretary of MeitY, has said.
He hinted that the government might extend the deadline for providing feedback if needed.
On the government’s powers to access individual data, he clarified that the government isn’t being given new powers, but rather that existing powers are being regulated. He stressed that government entities are subject to the same penalties as private entities for data breaches, with fines of up to ₹250 crore. This provision holds the government accountable for protecting data.
Krishnan stated that government access to data is in accordance with the Justice Puttuswamy judgment, which establishes the right to privacy as a fundamental right. He said the government aimed to use data to improve services and target subsidies effectively while adhering to privacy safeguards. The goal is to implement the principle of “ask only once” to reduce the burden on citizens.
- Also read: Breakfast with businessline: India to follow a three-pronged approach to promote AI
Krishnan explained that the DPDP rules provide for the “erasure of collected data” once the purpose for which it was collected is fulfilled. Enforcement will occur through technical verification during audits. The DPDP Act recognises individuals as data principals with clear rights, including the right to complain to the Data Protection Board if their data has not been erased or if their data protection rights have not been upheld.
Krishnan clarified that companies are required to inform individuals “without delay” upon becoming aware of a data breach. Within 72 hours of the breach, the Data Protection Board must be informed of the severity of the breach and the steps taken to mitigate its impact.
Krishnan acknowledged concerns about copyrights, especially regarding AI’s use of content, and said that this issue is currently before the courts. He suggested the possibility of “enabling regulation” that compensates content creators without necessitating a full copyright infringement procedure.
businessline Editor Raghuvir Srinivasan flagged the issue of data piracy, which is causing significant losses to the media industry. “We spend a lot on generating content,” he said.
Digital Competition Bill
Replying to a question on the status of the Digital Competition Bill, Krishnan clarified that the bill falls under the purview of the Ministry of Corporate Affairs. A committee had been formed, and a report with a draft bill was circulated earlier. At that stage, industry consultations took place, after which it was considered premature in the Indian context to introduce ex-ante regulation for digital competition, as it could stifle innovation.
Since the Ministry of Corporate Affairs has not returned with an actual bill for inter-ministerial consultations, Krishnan said that he and MeitY will get into the specifics and details, consulting with their stakeholders to determine what needs to be done, if and when that occurs.
Since the Ministry of Corporate Affairs has not yet presented an actual bill for inter-ministerial consultations, Krishnan said that he and MeitY will get into the specifics, consulting with their stakeholders to determine what needs to be done, if that happens.
