Sign In
By signing in or creating an account, you agree with Associated Broadcasting Company's Terms & Conditions and Privacy Policy.
By signing in or creating an account, you agree with Associated Broadcasting Company's Terms & Conditions and Privacy Policy.
New Delhi: The Ministry of Electronics and Information Technology (MeitY) asked social media and digital companies to send their feedback on accelerating the implementation of the key provisions of the Digital Personal Data Protection (DPDP) Act and Rules in India. The ministry has provided the stakeholders with time up to February 4 in order to respond.
This action comes after consultations took place on January 22, during which the officials discussed plans to reduce compliance timelines and promote the implementation of select rules. Some of the major recommendations include shortening the transition time of the data fiduciaries, which currently is 18 months, to 12 months.
MeitY in an email issued following the meeting stated that it is contemplating three significant changes and requested industry feedback. One of the proposals aims to reduce the compliance date of the data fiduciaries by 12 months as compared to 18 months and years.
The ministry also dwells on the immediate implementation of the DPDP Rules 15 and 23. Rule 15 establishes the circumstances under which personal data is used in research, archiving, and statistical work in de-anonymised form, whereas Rule 23 addresses the procedural issues.
The other change to be reviewed is the activation of Rule 8(3) in three months. With this, the companies are allowed to store personal data outside of its intended use when this is needed by the law, court proceedings, or legal investigations so long as there are measures taken to protect this data.
During the January meeting, officials presented a presentation that indicated that certain regulations, such as those associated with cross-border data transfer as well as data classification, may be adopted immediately, as they do not involve complete system restructurings.
Shortening the rule 13, which regulates Significant Data Fiduciaries (SDFs), to 12 months was also proposed by the ministry. This contains conditions with respect to the handling of some types of personal data in India, pursuant to the recommendation of a government-appointed committee.
MeitY also addressed the issue of implementing Section 17(2) of the DPDP Act at once. This would include informing the authorised agencies and establishing an exemption system for certain processing operations.
Formal classifications of significant data Fiduciaries are likely to include large technology firms once such classifications start being instituted. It is defined by data volume, its sensitivity and the risk to sovereignty, the order in society and elections.
SDFs have to comply with even more stringent conditions, such as an annual assessment of data protection impact, independent audits, and verification of the correctness of algorithmic systems in violation of user rights. The regulations also grant the Centre the authority to limit transfers across borders of some groups of personal information that these companies work with.
The urgency of the push by the government is likely to be opposed by industry players who have repeatedly stated that compliance with DPDP entails a lot of technical and operational change in consent systems, data infrastructure, and grievance systems.
The authorities clarified that it is not a final decision yet. MeitY is taking feedback and is yet to proceed with any formal amendment to the DPDP Rules.
