Public consultations for draft Digital Personal Data Protection (DPDP) rules have been completed and the final version can be brought in the next eight weeks or so, sources in the government said, adding that there will not be major changes from the draft.
Sources said that there will not be another extension for receiving the comments.
“No requests have come for any extension, and we have received quite a bit of feedback and also done a lot of in-person sessions. I don’t think there will be major changes from what we had published earlier,” a senior official at the Ministry of Electronics and Information Technology (MeitY) told businessline.
The official said some doubts from the industry on consent management, such as who will be the manager and so forth, and some doubts on parental control and verifiable parents, and data localisation were received, which have been cleared.
“So we will relate all the doubts and feedback, and accordingly do a proper examination before coming out with the final version… we just need to put everything together and seek feedback from other Ministries/ Departments/ States for any clarification before the final version,” the official added.
The official further said that MeitY has hosted a session with software industry body Nasscom and their feedback was on “expected lines”, which will be incorporated.
MeitY had opened the draft DPDP rules for public consultation from January 3 till February 18, but because of the request from the industry, it had extended the deadline to March 5 for the comments.
The DPDP Act was passed in Parliament in August 2023, and the rules have been much awaited.
The final rules are also expected to give a clarity regarding setting up of the Data Protection Board, appointment and service conditions of the Chairperson and other members of the Board.
Data transfer
Speaking on the data transfer, which is one of the major concerns from the software industry, Ashwini Vaishnaw, Minister of Electronics and IT had said that any restriction on data movement under the DPDP rules will be done after consultation with stakeholders and a Committee (to be constituted), and also external sectoral experts before any final decision.
“We will work as per sectoral requirement as there may be some sectors where there might not be any requirement for restrictions (on transfer of data) and there might be certain sectors where there is an extreme requirement like for financial sectors…therefore there will discussions/consultations with the stakeholders before any decision,” he had said.