Today, August 12, 2024, marks the end of the first year under India's data protection law, the Digital Personal Data Protection Act (DPDPA). But even after a year, it is essentially useless because the clauses are still unenforceable in the lack of specific regulations that have not yet been announced. The Act's efficacy has diminished due to this delay.
Aruna Sharma, former secretary, Ministry of Electronics and Information Technology (MeitY), said the delay in notification of rules has made the Act redundant.
“There are humongous amounts of private data in the digital zone available and the intention (through the DPDPA) was to protect them. Awaiting rules and this is resulting in different interpretations and confusions,” she said.
Digital rights and advocacy groups said the delay in notification of rules is creating business uncertainty.
“The end user feels helpless without any recourse to an easy process for data breaches. He is squeezed between a callous government that wants to extract all kinds of data without offering any assurance of protection and companies that want to offer convenience in exchange of data,” said Mishi Choudhary, Founder, Software Freedom Law Centre.
However, reports suggest that companies that deal with vast amounts of data are finding it hard to comply with the Act, which has been in place for a year now but without the rules.
A data fiduciary, under the DPDP Act, is any entity or individual that determines the purpose and means of processing personal data. Experts believe once the rules are out, they will probably impact the AI supply chain by regulating entities handling personal data. They may also be classified as data fiduciaries or processors subject to the law's provisions.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.