The Indian government is taking a cautious approach to ensure a seamless transition to the upcoming Data Protection Board establishment under the Digital Personal Data Protection (DPDP) Act. Minister of State for Electronics and Information Technology, Rajeev Chandrasekhar, emphasised that the government is committed to preventing any negative impact on consumers or industries by avoiding rigid timelines. The minister highlighted the importance of an orderly shift to the new regulatory framework.
Setting Up the Data Protection Board:
The Minister stated that the DPDP Act introduces a novel regulatory regime, and the government aims to prevent any abrupt disruptions. He emphasised that both consumer interests and industrial concerns are being considered before determining a timeline for establishing the Data Protection Board. Chandrasekhar noted that companies have requested varying durations, and a balanced approach is being sought to safeguard citizens” rights without undue delay.
Consultations and Rulemaking:
The minister confirmed that extensive consultations would be held with stakeholders. While there will be consultations, they will not revolve around the policy itself but will involve discussions with all relevant parties to ensure a comprehensive understanding of their perspectives.
Transition of the Telecom Disputes Settlement and Appellate Tribunal (TDSAT):
Regarding the transition of the TDSAT into its new role, Chandrasekhar expressed confidence in the tribunal”s capacity to handle the new adjudications to the DPDP Act. He indicated that the TDSAT”s existing experience in handling appeals in various domains positions it well to adapt to its expanded mandate.
Consent Management and User Fatigue:
Chandrasekhar addressed concerns about potential user fatigue due to the flood of consent notices on the day the law takes effect. He reiterated that obtaining consent from data principals before processing their data is a foundational principle of the law. He acknowledged that while the initial wave of notices might seem overwhelming, the approach is aligned with the law”s essence.
Multiple Consent Management Options:
When asked about consent management apps, the minister confirmed that the government intends to provide users with a range of trusted consent management options. This multiplicity of choices will enable data principals to select the consent manager they are most comfortable with.
Government Exemptions and Public Interest:
Chandrasekhar clarified that government exemptions, particularly to national security and law enforcement, will not be arbitrarily interpreted. He cited the existing IT Act as an example, emphasising the need for specific orders from relevant ministries in cases of threats to national security. The Data Protection Board’s suggestion of blocking orders is dependent upon repeated violations of the law and the emergence of public interest concerns.
Minister Rajeev Chandrasekhar highlighted the government”s commitment to a smooth transition to the DPDP Act”s new regulatory framework. The emphasis is on considering the interests of consumers, industries, and citizens while avoiding undue disruption and respecting fundamental data protection principles.