Subscribe Now! Get features like
The government has drawn up the draft rules under the Digital Personal Data Protection (DPDP) Act and will release them for public consultation soon, electronics and information technology minister Ashwini Vaishnaw told the media during the India Mobile Congress on Friday.
The DPDP, the long-awaited data protection law, was given a presidential assent on August 12.
“In parallel, the digital architecture for the Data Protection Board is also [making] good progress,” he said. The DPDP Act requires a Data Protection Board to function “as far as practicable” as a digital office and thus needs a digital system to be set up to receive and allocate complaints, and conduct hearings and pronouncements for its decisions.
“In its current form, the Act creates a very good balance between innovation and protection. So practically every company we have spoken to is very happy with the Bill and they are looking forward to the implementation,” he said.
ALSO READ: ‘India’s startup ecosystem among top 3 today’: PM Modi at India Mobile Congress
Vaishnaw clarified that steps related to the implementation of the DPDP Act must happen in sequence. First, the draft rules will be placed in the public domain for public consultation for at least 45 days. Parallelly, the digital architecture for the DPB will be developed. The notified rules will then be placed before the Parliament for approval and after that approval, the Board will be put in place. Appointment to the DPB will happen after parliamentary approval for the notified rules, he clarified.
The earliest the Rules can be tabled in the Parliament after notification is in December when the truncated winter session is expected to take place.
The DPDP Act requires the notification of 25 sets of rules to enable the enactment of the Act. Vaishnaw said that all 25 sets will be released for public consultation in one go and will be notified at the same time.
“The government is not inclined [to give companies 12-18 months to comply with the Act],” he said. “Why should people ask for so much time for data protection? Practically the entire industry is attuned to it given that the [the European Union’s] GDPR, Singapore Data Protection Act, etc. have been in effect,” he said.
The IT ministry has run into trouble with making rules that are, more expansive than the parent act allows them to be. More than 20 lawsuits are pending against the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 across different high courts and the Supreme Court. Amongst other issues, all of them argue that the IT Rules 2021 are ultra vires of the parent act, that is, the Information Technology Act.
‘Social media platforms are almost 100% compliant’
“Practically every notice the government has issued, all the platforms have followed. Almost 100 percent compliance is there,” Vaishnaw said.
He was referring to the notice that the ministry sent to Telegram, YouTube and X (formerly Twitter) on October 6 to take down child sexual abuse material (CSAM) from their platforms.
Vaishnaw insisted that platforms cannot continue to have “unfettered, unlimited” exemption from liability for third party content.
“Time has come when societies across the world are demanding that the moderation process should be further strengthened,” Vaishnaw said.
Aditi covers technology policy, online free speech, privacy, cybersecurity, and surveillance.
Draft rules under privacy law almost ready: IT minister – Hindustan Times
Leave a comment