Active Stocks
Fri Dec 08 2023 15:59:53
  1. Tata Steel share price
  2. 129.2 -0.62%
  1. HDFC Bank share price
  2. 1,653.1 1.38%
  1. State Bank Of India share price
  2. 614 0.35%
  1. NTPC share price
  2. 285.25 0.42%
  1. ITC share price
  2. 449.15 -1.95%
Business News/ Technology / News/  Data protection board, relevant rules likely in a month
Back Back

Data protection board, relevant rules likely in a month

The first set of necessary rules under the Act will be issued within 30 days, said minister Rajeev Chandrasekhar

Rajeev Chandrasekhar, minister of electronics and information technology. (Reuters)Premium
Rajeev Chandrasekhar, minister of electronics and information technology. (Reuters)

New Delhi: The government will set up the data protection board (DPB), the appellate authority for grievance redressal under the Digital Personal Data Protection Act, within the next 30 days, Rajeev Chandrasekhar, minister of state for electronics and information technology said on Wednesday. The first set of ‘necessary rules’ under the Act will also be issued within the same time frame.

“The DPB will be notified in the next 30 days and all the relevant rules will also be notified in the next 30 days. The time between 11 August when the Act was notified and when the DPB is constituted, should not be considered a safe harbour or immunity period for companies. If there’s a data breach during this time, the DPB will take it up once it is operational," the minister clarified.

Speaking at the consultation for timeframes needed by the industry to transition to the DPDPA, the minister said that there are likely to be three categories of data fiduciaries that will be given a graded timeline for transition for compliance to the provisions in the Act.

The first category comprising government entities at the Centre or state, panchayats or MSMEs that do not have the digital readiness for storing or processing data, are likely to get the most time for transition, followed by smaller private entities and start-ups. However, big tech or companies like Google, Meta, Apple and others that would already be complying with global data protection or privacy laws such as the GDPR, would be expected to comply at the earliest.

“They would have to make a strong case why they need more time for transition. Companies that were aligned with GDPR should not take time, but wherever there are requirements that go beyond GDPR, so to speak, they should specify the time needed for transition. Non-digital companies will be given longer time period. Where there is a need for architectural enhancement (reference to right to erasure or verifiable parental consent for processing data of children) and more time is needed, we will look into it," the minister said.

On whether the ministry would look at tiers of six months to a year, Chandrasekhar said that while the government wants to ensure that there would be zero disruption, it won’t give extended deadlines for compliance with the rules. “Age gating, parental consent requires an EKYC framework to be in place, so that till take longer transition period. Not more than 12 months (will be given)," he said.

During the consultation, which lasted for over an hour, the minister declined to give an exemption to financial or lending services providers that are regulated by the financial services regulator, stating that the Act provides for regulation by two bodies.

While the DPDPA has been in force since 11 August, the rules under the law are still to be issued. A senior official in the ministry had earlier said that most of the 25 rules that were needed to enable the Act, were drafted and ready. The law has made it mandatory for companies to collect user data through a consent-based mechanism but for some legitimate uses, the law provides for some relaxations. The law also prescribes penalties for data breaches of 250 crore, which can be raised to 500 crore.

The law provides several exemptions to the Centre and enables it to block any platform in the event of two instances of violations.

Milestone Alert!
Livemint tops charts as the fastest growing news website in the world 🌏 Click here to know more.

Gulveen Aulakh
Gulveen Aulakh is Senior Assistant Editor at Mint, serving dual roles covering the disinvestment landscape out of New Delhi, and the telecom & IT sectors as part of the corporate bureau. She had been tracking several government ministries for the last ten years in her previous stint at The Economic Times. An IIM Calcutta alumnus, Gulveen is fluent in French, a keen learner of new languages and avid foodie.
Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
More Less
Published: 20 Sep 2023, 01:13 PM IST
Next Story footLogo
Recommended For You
Switch to the Mint app for fast and personalized news - Get App