Summary
The Asia Internet Coalition, which represents major tech companies like Apple, Google, Meta, and Microsoft, has reached out to India's IT Ministry seeking an extension to comply with the recently enacted data protection law governing user data processing in India. These requirements include provisions for data processing and user data deletion and the requested extension is of 12-18 months.
India's Digital Personal Data Protection Act is one of the strictest regulations in the world, with fines for violations and limitations on international data transfers. Its main goal is to create a complete system for safeguarding the personal information of Indian citizens. This legislation pertains to the collection of personal data within the geographical boundaries of India, regardless of whether such data is acquired through online or offline means and subsequently converted into digital format. Moreover, even when data processing occurs outside of India but concerns the provision of goods or services to individuals within India, the provisions of this bill remain applicable. The bill was officially enacted into law after being signed by President Droupadi Murmu on August 11th.
The Asia Internet Coalition has recommended a 12-month deadline for companies to adhere to a new provision that mandates data fiduciaries to issue a notice when seeking consent for personal data processing, and this notice must be available in 22 Indian languages. Implementing this notice system would require structural changes within organizations, and the industry group anticipates significant challenges during the transition.
“This exercise will be fairly new to domestic and international business entities alike, since compliance with data laws of other jurisdictions like GDPR do not have such provisions. Hence, businesses would require fundamental changes in the technology architecture of their platform,” -Asia Internet Coalition (Source: Economic times) |
The law introduces concepts such as consent managers and grants data principals the rights to modify, delete, or access their personal information. The industry group emphasizes the need for harmonization of timelines for a smooth transition. India is a significant market for many tech companies, and its digital economy is expected to grow substantially by 2030 to reach approximately $1 trillion.
What do you think about India’s data protection bill? Join the conversation in our Yes We Trust community, a free discussion group for data privacy professionals and enthusiasts, on LinkedIn: