.svg)
Headlines of the Week
1.DPDP Rules Nearly Ready; Industry Consultations Likely Soon
The new Union Minister of IT Ashwini Vaishnaw announced that the administrative rules for the DPDP Act are nearly ready, with industry consultations expected to commence before the upcoming parliamentary session in July. Vaishnaw assured continuity in terms of the digital regulatory framework that has been developed over time. Experts are of the opinion that DPDP Rules should be released soon for smoother compliance.
Source: Economic Times
2. Social Media Giants’ Express Child Safety Concerns with DPDP Act
Social media companies like Google, Meta and Snap are concerned that the new Data Protection Law may compromise child safety by introducing restrictions on behavioral tracking. The Act also requires verifiable consent from a legal guardian for processing data of children under 18. Social media companies argue that behavioral tracking is essential to use safety features that are designed to protect young users. The companies have also expressed concerns on lack of clarity on Verifiable Parental Consent.
Source: Business Standard
3. MeitY to Introduce 'Digital by Design' Platform for DPDP Implementation
The Ministry of Electronics and Information Technology (MeitY) plans to launch a 'Digital by Design' platform to streamline the implementation of the DPDP Act. The platform will be developed in-house in a joint effort between the Digital India Corporation (DIC) and the National Informatics Centre (NIC). This platform aims to enhance compliance and ease of adherence to the new regulations.
Source: Times of India
4. NITI Aayog Calls For Reforms to Regulate Use of Facial Recognition Technology
The NITI Aayog has proposed imposing liabilities as well as extent of liabilities from harms or damages that may occur due to use of Facial Recognition Technology. The aayog also suggested the need for an ethical committee which addresses the issues pertaining to transparency and accountability. This comes as a welcome step towards protecting and limiting the use of personally identifiable information.
Source: Economic Times
Insight of the Week
DPDP Applicability: Far and Wide
Read our blog about the applicability of the DPDP Act. The DPDP Act applies to digital personal data, defining 'Data Principles' and 'Data Fiduciaries' with specific rights and obligations. It covers data processed within India and, in some cases, outside. Certain scenarios, such as employment processes and state functions, are exempt. Full enforcement awaits the release of DPDP Rules and the establishment of the Data Protection Board.
Childproofing Consent: Adapting the DPDP law on Children’s Data
DPDP Act provides for a techno-legal framework that mandates parental consent for processing child’s personal data. The act prohibits the processing of data for activities harmful to a child's well-being. Read our blog for further information on age gating and parental consent mechanisms required for online businesses.
What are the Exemptions under the DPDP Act?
The DPDP Act exempts some types of businesses from its obligations. These exemptions can be seen in three ways - exemptions from consent, general exemptions and state exemptions. Consent exceptions include scenarios where the consent is not required to process personal data. General exemptions cover scenarios and industries where some provisions of the act do not apply. State-specific exemptions allow government bodies to perform their functions without observing the statutory requirement.
Compliance Tip of the Week
Start with Data Mapping
A comprehensive data audit helps map out every personal data point across your systems against the purpose for which you use those data points. This foundational step is crucial for identifying compliance gaps and ensuring that all personal data is managed in accordance with the DPDP Act.
Identify relevant Business Process
Determine Business Processes where user data is collected. Identify key internal data collection activities as well. Understand the nature of data collected and get legal understanding of liabilities that may arise, if any.
Explore Leegality Consent Manager
Discover how our Leegality Consent Manager can streamline your data protection processes and ensure compliance with the DPDP Act. Our Consent Manager offers:
- Compliant consent notices across all customer touchpoints
- Storage of verifiable and auditable records of each consent
- Dashboard for customers to change consent preferences and exercise data rights
- Oversight over the data practices of your third parties