The Indian government has meticulously crafted the preliminary regulations for the Digital Personal Data Protection (DPDP) Act, as revealed by the Minister of Electronics and Information Technology, Ashwini Vaishnaw. These draft rules, which have been long-anticipated, are poised for imminent release for public scrutiny, following their endorsement by President on August 12. Vaishnaw also indicated significant progress in developing the digital infrastructure necessary for the efficient operation of the Data Protection Board, a pivotal component of the DPDP Act.
The DPDP Act is widely perceived to strike a commendable balance between fostering innovation and safeguarding privacy, an alignment that has garnered substantial approval from various corporate entities. Vaishnaw, while stressing the importance of sequencing in implementing the DPDP Act, delineated the road ahead: the draft rules will initially undergo a 45-day public consultation period, concomitantly with the development of the digital framework for the Data Protection Board. Subsequently, upon parliamentary endorsement of the rules, the Board will be formally established, with appointments being made thereafter. The earliest prospect for parliamentary consideration of the rules is during the truncated winter session in December.
Vaishnaw made it clear that the government does not lean towards granting corporations 12-18 months for compliance with the Act, as the industry has had ample exposure to similar regulations, such as the European Union’s GDPR and Singapore’s Data Protection Act.
However, it is worth noting that the Ministry of Information Technology has faced legal challenges regarding regulations that some argue exceed the scope permitted by the parent act, the Information Technology Act. Over 20 lawsuits challenging the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 are pending across various high courts and the Supreme Court.
In the realm of social media platform compliance, Vaishnaw expressed satisfaction, noting that government directives have been predominantly adhered to, resulting in nearly 100% compliance. He pointed to recent notices sent to platforms like Telegram, YouTube, and X (formerly Twitter), instructing them to remove child sexual abuse material. Moreover, he emphasized that platforms should not enjoy unchecked immunity from liability for third-party content and underlined the global trend towards strengthening content moderation processes.