By Arpit Ratan
India’s digital economy is poised to grow 6x to $1 trillion by 2030 as digital services are quickly becoming integral to India’s 700 million plus internet users, including 350-million digital payment users and 220-million online shoppers. As more people transact online and bad actors become more sophisticated in their approach to breach into the company’s system and access consumer data, a better regulated framework was required to shield consumers’ private data and propel company growth.
India stands on the cusp of digital transformation and as the economy becomes more interconnected, data protection becomes paramount.
The law mandates creation of the Data Protection Board of India (DPBI) with government-appointed leadership. Citizens can appeal data fiduciaries’ redressal to this board. The board anticipates Rs. 25 crores for initial capital and Rs. 10 crores annually from the Consolidated Fund of India. The law changes with the November 2022 draught. Data breach penalties are Rs. 250 crores (previously Rs. 500 crores). If fiduciaries violate rules or incur penalties twice, government can restrict or disable their platform—an addition to this version. The law allows 60-day DPBI decision Telecom Disputes Settlement and Appellate Tribunal appeals.
The law requires enterprises and data fiduciaries to obtain approval before utilizing personal data. Data fiduciaries must decide why and how long to store personal data. Data sharing between telecom, banks, and insurers without consent is prohibited. Data fiduciaries and consent managers offer grievance redressal for data sharing inquiries. Problems can be raised to the government’s Data Protection Board. For example, software companies must gain consent before integrating third-party tools, building transparent relationships and e-commerce platform users actively opt in to receive tailored marketing emails, reducing spam, and fostering personalized interactions.
For data collection involving minors, parental permission is required. The data trustee must ensurethat acquired data does not endangerminors. These data cannot be used for child surveillance, behavior monitoring, or child-targeted advertising.
As per media reports, the ‘Ministry of Electronic and Information Technology’ (MeitY) will start implementing the act on Big Tech companies as they handle large volumes of data, followed by small companies and startups. The new law will need small business entities to revamp their backend and frontend to align with the new regulations. This could lead to an extended adjustment period for compliance. In addition, certain startups, particularly in fintech and crypto sectors, might be categorized as ‘Significant Data Fiduciaries,’ potentially increasing their regulatory obligations.
The law compels entities to process data only with individual agreement and disclose the purpose and data retention duration. Also, the designation of a data protection officer is required to manage complaints from data principals.
To establish transparency and data security, the lawmaker has impelled businesses to request for customer’s authorization, accompanied or preceded by a notice documenting the information collected and the manner it will be processed.
Regarding matters of India’s sovereignty, state security, and public order, individual consent is not required for government data processing. The government holds the right to retain data indefinitely, therefore, requests for data deletion are inapplicable. Private entities are also exempt in specific circumstances, including court proceedings, law enforcement, mergers, amalgamations, and debt recovery.
Final Thoughts
In addition to these effects, the Data Protection Act 2023’s alignment with the EU’s GDPR and its commitment to fundamental principles signify a comprehensive approach that extends its impact into the distant future by fostering trust, positioning India globally, promoting innovation, empowering consumers, ensuring accountability, influencing cross-border practices, and driving ethical technology. This legislation will probably mold a digital environment in which data privacy is safeguarded, businesses thrive, and technology and ethics coexist in harmony.
The author is CBO and co-founder,Signzy
Follow us on Twitter, Facebook, LinkedIn
Leave a Reply