The DPDP rules, which have come into effect, require companies to implement a data protection and consent management system by November 2026.
'We are in touch with industry to further compress the timelines.'
Companies, particularly those that are notified as Significant Data Fiduciaries, will have to make extensive investments in data mapping, process modification, consent management tools, tools to enable Data Principal Rights, and establish a well-structured Data Privacy Officer organisation.
'The impact will be minimal and it will only increase compliance cost on consent, data flows, localisation timelines, internal audits, data mapping, and new tooling.'
The Supreme Court of India has agreed to examine petitions challenging the constitutional validity of the Digital Personal Data Protection (DPDP) Act, 2023, focusing on concerns about its impact on the Right to Information Act.
The new rules allow for a staggered implementation road map, giving companies, data fiduciaries, data principals, and other stakeholders up to 18 months to comply with the administrative guidelines under the DPDP Act.
'Digital arrests are the cutting edge of the problem and the most challenging part of the ecosystem right now.'
The draft digital personal data protection (DPDP) rules, which require banks to obtain explicit consent from their customers before using their data for purposes beyond the original intent, although is being followed in spirit, leaves no room for regulatory arbitrage, experts said. They said that the potential business impact is difficult to assess at this stage, but the formalisation of these rules will mean banks now need to establish clear data processing agreements with third-party entities to ensure compliance.
Sarvam's LLM will have more than 17 trillion tokens with 17 to 20 per cent coming from Indian data
DPDP Act (2023) gives individuals the right to decide how their personal data is collected and used. For many businesses, this means reworking longstanding data practices, notes Ravi Duvvuru.
"All they have done in their entire report is privacy regulation," counsel appearing for WhatsApp told the appellate tribunal.
'One has to be very mindful because it will be applicable for big tech platforms and even for banks and insurers, whose business is completely different.'
'By leveraging user data from WhatsApp, Meta can enhance its technology.' 'It (user data) is collected by me, it's my personal property. Shall I give it to my competitors?'
'By extending the definition of 'personal' to include institutions and not just individuals, the State has equipped itself with a tool to block access to most kinds of information.'
The "construct of the DPDP Act" cannot be changed at this stage, though there may be some minor tweaks in the language of the Rules and formats in certain legitimate cases.
The draft rules have been issued after Parliament approved the Digital Data Protection Bill 2023 about 14 months back.
Digital Personal Data Protection (DPDP) law aims to protect the privacy of Indian citizens while proposing a penalty of up to Rs 250 crore on entities for misusing or failing to protect digital data of individuals.
'Check every SMS you get. Many people ignore them.' 'Remember if there is an activity in your account, your financial institution will send you an SMS, not a WhatsApp message.'
During an open house discussion with stakeholders on the draft Digital Personal Data Protection (DPDP) bill 2022, Chandrasekhar said that the right to privacy is a fundamental right while the right to information is not. "Right to privacy is a fundamental right and right to information is not.
A new law that defines how companies should process users' data came into force with the President giving assent to the Digital Personal Data Protection (DPDP) Act passed by Parliament in the just-concluded monsoon session. The law arms individuals with greater control over their data while allowing companies to transfer users' data abroad for processing, except to nations and territories restricted by the Centre through notification. It also gives the government power to seek information from firms and issue directions to block content.
The government on Thursday tabled the Digital Personal Data Protection Bill 2023 in the Lok Sabha with an aim to protect the privacy of Indian citizens, while proposing a penalty of up to Rs 250 crore on entities for misusing or failing to protect digital data of individuals.
India is unlikely to join the ongoing negotiations for a plurilateral deal on e-commerce at the World Trade Organization (WTO), notwithstanding a change in stance on data localisation and cross-border flow of data. Under the new draft digital personal data protection (DPDP) Bill, put out on Friday for public consultation, the government has proposed free cross-border flow of data with 'friendly' nations, significantly easing its earlier stance on data localisation. India has so far stayed out of a group of 87 countries, including the US, European Union, China, and Japan that are negotiating trade-related aspects on e-commerce since December 2017.
'Unless the government comes up with the rulebook, the technical requirements will not be clear to us.' 'Going by the Act, non-technical provisions can be complied with within six months.' 'But we need up to 24 months for provisions like parental consent.'
India is headed for general elections early next year, and the DIA is expected to be legislated only after the 2024 polls and the formation of the government.
Significant controls and exemptions to the government under the proposed Digital Personal Data Protection bill 2022 are likely to make it harder for companies to invest in data centres and data processing activities in India, according to global technology industry body ITI. The ministry of electronics and IT has floated draft Digital Personal Data Protection (DPDP) Bill 2022 and has invited comments on the same till January 2. "The Bill grants significant controls to the executive arm of GOI (Government of India) and delegates much of the detailed rulemaking authority to separate, as yet undefined processes.
What all global leaders need to understand is that no Generative AI regulation will work unless they start with the basics, which is data collection, asserts Prosenjit Datta.
The Rajya Sabha on Wednesday passed the Digital Personal Data Protection Bill 2023 by voice vote following a walkout by opposition members over the Manipur issue.
After the draft data protection bill, the government is now all set to bring another key legislation -- Digital India Bill -- that will be made available for public consultation by the month-end, Minister of State for IT Rajeev Chandrasekhar said on Thursday. The Digital India Bill, which will replace the 22-year old Information Technology (IT) Act, will be contemporary and a modern piece of legislation, the Minister promised. The proposed bill, alongside the Digital Personal Data Protection (DPDP) Bill whose draft was released recently, will contribute to the evolving framework which is light on regulation, safeguards consumer rights and catalyses innovation, the minister said while speaking at CII Global Economic Policy Summit 2022.
It is sad that the legislative pre-consultation on such an important bill is being done in a very biased manner, notes Shailesh Gandhi, former Central Information Commissioner, recounting his experience with Minister Rajeev Chandrashekhar.
The government will "notify such countries or territories outside India to which a data fiduciary may transfer personal data", according to the draft unveiled on Friday for public feedback.
© 2026 Rediff.com - Investor Information - Advertise with us - Disclaimer - Privacy Policy - Sitemap - Feedback - About us - Terms of use - Grievances