Headlines of the Week
Final Draft of DPDP Rules Ready for Public Review in 2 Weeks
The Digital Personal Data Protection Rules will be released for public review in 2 weeks. The government has finalized the draft of the rules and aims to notify the rules in the current session of the parliament. The rules are going to go through an extensive consultation process.
Source: Economic Times
Online Frauds and Data Privacy Concerns Key Hurdles in E-Commerce Growth, Economic Survey 2023-24
Economic Survey 2023-24 tabled in Parliament on Monday, 22nd of July noted Data Privacy and Online Frauds as key hurdles in E-Commerce growth. The survey highlighted that the E-Commerce industry is expected to cross USD 350 Bn and called for the need of educating users on safe use of e-commerce platforms. The survey called for implementing strong security measures, compliance with privacy regulations, and innovations.
Source: Economic Times
Industry Experts Call for Stringent Data Localization Norms
Ola’s founder Bhavish Aggarwal, has noted the need for stringent data localization norms amid Microsoft’s Global Outage. India’s Data Protection law (yet to be enforced) allows cross-border data transfer other than to countries blacklisted by the Centre. Bhavish called for stricter data localization norms considering 80% of India’s data currently is stored outside India.
Source: Economic Times
MeitY Leaning Towards Not Prescribing Tech Measures for Parental Consent under Data Protection Rules
The IT ministry may not prescribe tech measures for companies to gather verifiable parental consent and may leave it up to the tech companies. In a meeting with tech-giants, including Meta and Google, the ministry is understood to have said that it does not want to prescribe technologies and cause disruptions to the industry. Inability to arrive at a conclusion on how to proceed with verifiable parental consent is the biggest reason behind the delay in releasing the data protection rules.
Source: Indian Express
Angel One Denies Data Leak Concerns
Angel One denied concerns about a new data leak and claims that they had a data breach incident back in April, 2023. The company assured its customers that enhanced protection measures are in place to protect customer data. The firm also pointed out that the April, 2023 data leak incidents were reported to relevant authorities. The clarification comes after a news agency reported that Angel One observed a massive data breach incident affecting 7.9 mn customers.
Source: Live Mint
Insight of the Week
How to Comply with the DPDP Act?
Read our blog to understand about the compliance with the DPDP Act in 7 simple steps. The DPDP Act imposes strict data protection norms for Indian businesses. Implementing consent in your data collection processes is a key step in DPDP compliance journey. DPDP compliance process should include data mapping, updating UIs, appointing DPO and implementing robust security measures. Staying updated about the recent developments is also necessary to ensure compliance with evolving regulations.
Difference between GDPR & DPDP Act
GDPR & DPDP Act though similar in nature, have notable differences. The DPDP Act covers only digital data whereas GDPR covers certain offline data as well. DPDP Act relies primarily on consent as grounds for data processing, whereas GDPR has a broader range of lawful bases. Breach notification is stricter under the DPDP Act. DPDP Act differs from GDPR on compliance responsibility, placing the responsibility primarily on Data Fiduciaries. Read further about the key differences between GDPR & DPDP Act on our Consent Blog.
The Future of Cross-Border Data Transfers Under The DPDP Act
The DPDP Act, 2023 provides for a framework for data protection in India Under the law, the government may impose restrictions on cross-border data transfer to specific countries. Furthermore, sector-specific laws impose stricter data localization rules, overriding DPDP Act provisions if they offer more protection. Read our blog for further details on the nature of data that could be restricted under the provisions of the act.
Compliance Tip of the Week
Provide Explicit Consent Check-Boxes against the relevant purposes during Data Collection
DPDP Act introduces consent at the forefront of Data Collection and Processing activities. It is necessary for Indian businesses to take user consent for every purpose for which personal information is collected.
Institute Robust Access Controls and Employee Authentication Mechanisms to Limit Access to Personal Data
DPDP Act imposes heavy penalties for any instances of data breaches and systemic failures in compliance with the DPDP Act. A brief overview of breach in customer data in Indian businesses highlight the role of staff members in providing access to the user data to unauthorized parties. As a standard practice, Indian businesses should determine the employee’s accessibility to classes of data. Accessibility should be provided on need-only basis and technological security measures should be implemented such that unauthorized access is restricted. Further, the organizations should also introduce a system of disaster management to provide for post-breach scenarios.
Explore Leegality Consent Manager
Discover how our Leegality Consent Manager can streamline your data protection processes and ensure compliance with the DPDP Act. Our Consent Manager offers:
- Compliant consent notices across all customer touchpoints
- Storage of verifiable and auditable records of each consent
- Dashboard for customers to change consent preferences and exercise data rights
- Oversight over the data practices of your third parties