Data protection Act: Govt to discuss transition timeline, consent mechanism with industry

Data protection Act: Govt to discuss transition timeline, consent mechanism with industry

Almost a month after the data protection Act was notified into law, the Centre will kick start discussions on contours of subsequent rules which are crucial for its operationalising.

Officials from the IT Ministry will meet representatives of top tech companies such as Meta Google, Apple and Amazon today (September 20) to discuss issues including the timeline for compliance, contours of specific rules and whether all entities will be given the same amount of time to adhere to the law.

The Digital Personal Data Protection Act, 2023, even though notified as law, depends heavily on subordinate legislation – at least 25 rules have to be formulated to operationalise the Act, and the government has also been empowered to enact rules for any provision that it deems fit. A senior government official told this paper that most of the rules are already ready.

Minister of State for Electronics and IT Rajeev Chandrasekhar, who will chair the meeting, had earlier told The Indian Express that the government will follow a graded approach in the way the data protection Act will be implemented for different entities. The government will implement the law first for big tech companies and offer a longer transition timeline for its own agencies and departments, smaller entities, and start-ups.

IT Minister Ashwini Vaishnaw had earlier told this paper that the Centre will introduce “detailed safeguards” for the protection of personal data in rules issued subsequent to the data protection Act while operationalising exemptions for the government and its agencies.

Other issues that will be discussed during the consultation range from developing a consent mechanism for obtaining “verifiable parental consent” before processing the personal data of children and persons with disabilities.

The law requires companies to gather personal data of users through a consent-based mechanism, even as it allows some relaxations to that end for certain “legitimate uses”. The penalty for not being able to take enough safeguards for preventing a data breach could go as high as Rs 250 crore.

Most Read

Farida Jalal recalls the time when Amitabh Bachchan-Jaya Bachchan were dating: ‘They would pick me up at night, we would go for long drives’
Jawan box office collection day 12: Shah Rukh Khan’s blockbuster nears Rs 900 crore gross worldwide

The data protection Act also allows significant concessions to small businesses and start-ups from some key provisions including exempting them from the requirement to maintain the accuracy of a user’s personal data which is to be used to make a decision that affects the user.

The law has retained the contents of the original version of the legislation proposed last November, including those that were red-flagged by privacy experts, such as exemptions for the Centre. In its new avatar, the proposed law has also accorded virtual censorship powers to the Centre.

It empowers the Central government to block any platform that has violated its provisions on at least two different instances. The Act also allows the central government to exempt its instrumentalities from adhering to any and all provisions of the law while processing citizens’ personal data for reasons including national security, and public order, among other things.

You must be logged in to post a comment Login