Latest News

Significant controls to govt under DPDP bill to hit investments in data centres: ITI

Significant controls & exemptions to the government under the proposed DPDP bill will make it harder for companies to invest in data centres, said ITI

PSU Watch Bureau

New Delhi: Significant controls and exemptions to the government under the proposed Digital Personal Data Protection bill (DPDP) 2022 are likely to make it harder for companies to invest in data centres and data processing activities in India, according to global technology industry body ITI. The Ministry of Electronics and IT has floated the draft DPDP Bill 2022 and has invited comments on the same till January 2.

"The Bill grants significant controls to the executive arm of GOI (Government of India) and delegates much of the detailed rulemaking authority to separate, as yet undefined processes. GOI is also afforded a broad exemption from the Bill's application, which could make it harder for companies to invest in data centers and data processing activities in India," ITI said in its submission.

ITI represents global technology majors such Google, Microsoft, Meta, Twitter, Apple etc.

'DPDP exempts govt-notified data fiduciaries from several compliance burdens'

The draft DPDP has exempted government-notified data fiduciaries from several compliance burdens such as provisions dealing with informing an individual about the purpose for data collection, collection of children's data, risk assessment around public order, appointment of data auditor, etc.

The bill proposes to exempt government notified data fiduciaries from sharing details of data processing with the data owners under the "Right to Information about personal data".

The minister of state for electronics and IT Rajeev Chandrasekhar has said that the exemptions for the government will be only in special circumstances like maintaining public order, emergency, pandemic, national security etc.

The industry body, however, has supported the bill on various points such as permission to store data outside India, delineation of roles and responsibilities of entities that determine the purposes and means of the processing of personal data (Data Fiduciary), and entities that process personal data solely under direction and contract (Data Processor) etc.

'ITI considers this an important moment for developing robust & consistent data protection standards for India'

"The Digital Personal Data Protection Bill represents the cornerstone of India's broader digital ecosystem. ITI considers this an important moment for India to demonstrate global leadership in developing robust and consistent data protection standards that enable innovation and facilitate cross-border trade," ITI India Country Director Kumar Deep said on Monday evening.

ITI has suggested the government to remove the concept of a "consent manager" or "consent manager platform" as it is unclear the way in which Data Fiduciaries, consent managers, and Data Principals, should interact with each other.

Data breach notification rules are currently too broad: ITI

The industry body said that data breach notification rules are currently too broad, requiring each and every data breach to be notified to both the data protection board (DPB) and each affected Data Principal. It has recommended that only those breaches that are likely to have a material impact on the rights of the affected citizen should be reported to the board.

The DPB is proposed to work and execute provisions of the bill. It will also have power to penalise Data Fiduciaries, Data Principals etc.

In case of protection of children's data, ITI wants the government to reconsider imposing blanket prohibitions on tracking, behavioral monitoring and targeted advertising, and confine restrictions only to instances of data processing of children that can manifestly cause significant harm.

"Even where well-intentioned, such blanket restrictions can potentially deprive children and young persons from reaching useful content and prevent companies that provide services to children from blocking inappropriate advertising or harmful content. For instance, such prohibition can impede the availability of content related to mental health support services to young persons in need," ITI said.

(PSU Watch– India's Business News centre that places the spotlight on PSUs, Bureaucracy, Defence and Public Policy is now on Google News. Click here to follow. Also, join PSU Watch Channel in your Telegram. You may also follow us on Twitter here and stay updated.)

IIFCL in talks with ADB, Korean Exim Bank to raise $600 million

Govt notifies telecom cyber security rules; sets timelines for telcos to report security incidents

Govt invites job applications for PNGRB's Member post

Power Minister visits NHPC’s Nimoo Bazgo Power Station in Ladakh

Delegates from 18 countries attend RBI's policy conference of Global South central banks