The Indian government assured a separate consultation for startups after founders raised concerns about the Digital Personal Data Protection (DPDP) Rules in a closed-door meeting with officials on January 16, sources told Moneycontrol.
Key issues discussed included cross-border data transfer and the role of consent managers.
The meeting, chaired by MeitY Secretary S. Krishnan, was part of the two-day Startup Policy Forum, Startup Baithak, attended by executives from companies including Mobikwik, Ixigo, Razorpay, Oyo, Dream 11, Mobile Premier League, Fampay, Freo, Khatabook, Oyo, Progcap and others.
“The startup community aired many of the concerns surrounding provisions of cross-border data transfer, overlap with other sectoral regulations, and MeitY secretary provided clarifications,” a founder, speaking on condition of anonymity, told Moneycontrol.
Another startup founder told Moneycontrol that the government official reportedly said that caveats would be included in the rules when the founder inquired about data transfer restrictions for significant data fiduciaries.
Rule 12(4) of the DPDP Rules states that significant data fiduciaries (SDF), based on the decisions of a committee, can be restricted from transferring certain, specific personal data outside the country.
Another attendee said, “There were also questions on how DPDP Rules would align with sector-specific regulations.” For instance, sectors such as fintech, and insurance are already regulated under RBI, and IRDAI regulations, respectively.
Another startup founder said that there were queries on the consent manager provisions. “Who shall be a consent manager? Should it be a third party or a data fiduciary?” asked the founder.
The rules introduce consent managers as intermediaries to help individuals manage their data processing consent. Registered with the Data Protection Board, they must meet financial and technical requirements, including a Rs 2 crore net worth.
Additionally, a call to increase customer awareness regarding the data protection law was also made.
The draft rules were released for consultation on January 3. On January 14, IT minister Ashwini Vaishnaw attended the first public consultation meeting on the rules, where it was indicated that the time period to submit feedback may be extended beyond February 18.
“The objective was to keep the rules simple and not be prescriptive. We will get the right balance between innovation and regulation. The government will have a series of focused consultations with organisations,” Vaishnaw told media persons after the meeting.
The global industry is mainly seeking clarifications on the proposed restrictions on transfer of data, and is warning the government that ambiguity around these provisions can deter investment into India.
Ambiguity around certain provisions, such as sector-specific regulation and data localisation requirements, adds complexity and could deter investment or product launches in India,” Jacob Gullish, Executive Director for Digital Policy at the US-India Business Council (USIBC) had earlier told Moneycontrol.
Experts have often pointed out that there are overlaps between these existing regulations and the yet-to-be-implemented DPDP Act.
Another startup founder said that there were queries on the consent manager provisions. “Who shall be a consent manager? Should it be a third party or a data fiduciary?” asked the founder.
The rules introduce consent managers as intermediaries to help individuals manage their data processing consent. Registered with the Data Protection Board, they must meet financial and technical requirements, including a Rs 2 crore net worth.
Additionally, a call to increase customer awareness regarding the data protection law was also made.
The draft rules were released for consultation on January 3. On January 14, IT minister Ashwini Vaishnaw attended the first public consultation meeting on the rules, where it was indicated that the time period to submit feedback may be extended beyond February 18.
The draft rules were released for consultation on January 3. On January 14, IT minister Ashwini Vaishnaw attended the first public consultation meeting on the rules, where it was indicated that the time period to submit feedback may be extended beyond February 18.
“The objective was to keep the rules simple and not be prescriptive. We will get the right balance between innovation and regulation. The government will have a series of focused consultations with organisations,” Vaishnaw told media persons after the meeting.
The global industry is mainly seeking clarifications on the proposed restrictions on transfer of data, and is warning the government that ambiguity around these provisions can deter investment into India.
Ambiguity around certain provisions, such as sector-specific regulation and data localisation requirements, adds complexity and could deter investment or product launches in India,” Jacob Gullish, Executive Director for Digital Policy at the US-India Business Council (USIBC) had earlier told Moneycontrol.