Data Protection Newsletter (July, Issue I)

July 17, 2024

Nachiketa Singh

Founders Office

Summary

  • DPDP Rules to be implemented soon, with Industry Consultations just around the corner
  • Social Media Companies highlight child safety and procedural issues with the new DPDP Act, 2023
  • MeitY will introduce 'Digital by Design' platform for streamlining DPDP implementation
  • NITI Aayog proposes regulations for use of Facial Recognition Technology
  • Defining terms and extent of DPDP Act, 2023
  • Proposal on Childproofing Consents
  • Exemptions under the DPDP Act, 2023
  • How data mapping is the first step in your DPDP compliance journey
  • What steps to initiate as part of business review process

Headlines of the Week 

1.DPDP Rules Nearly Ready; Industry Consultations Likely Soon

The new Union Minister of IT Ashwini Vaishnaw announced that the administrative rules for the DPDP Act are nearly ready, with industry consultations expected to commence before the upcoming parliamentary session in July. Vaishnaw assured continuity in terms of the digital regulatory framework that has been developed over time. Experts are of the opinion that DPDP Rules should be released soon for smoother compliance. 

Source: Economic Times

2. Social Media Giants’ Express Child Safety Concerns with DPDP Act

Social media companies like Google, Meta and Snap are concerned that the new Data Protection Law may compromise child safety by introducing restrictions on behavioral tracking.  The Act also requires verifiable consent from a legal guardian for processing data of children under 18. Social media companies argue that behavioral tracking is essential to use safety features that are designed to protect young users. The companies have also expressed concerns on lack of clarity on Verifiable Parental Consent. 

Source: Business Standard

3. MeitY to Introduce 'Digital by Design' Platform for DPDP Implementation

The Ministry of Electronics and Information Technology (MeitY) plans to launch a 'Digital by Design' platform to streamline the implementation of the DPDP Act. The platform will be developed in-house in a joint effort between the Digital India Corporation (DIC) and the National Informatics Centre (NIC). This platform aims to enhance compliance and ease of adherence to the new regulations.

Source: Times of India

4. NITI Aayog Calls For Reforms to Regulate Use of Facial Recognition Technology

The NITI Aayog has proposed imposing liabilities as well as extent of liabilities from harms or damages that may occur due to use of Facial Recognition Technology. The aayog also suggested the need for an ethical committee which addresses the issues pertaining to transparency and accountability. This comes as a welcome step towards protecting and limiting the use of personally identifiable information. 

Source: Economic Times

Insight of the Week

DPDP Applicability: Far and Wide

Read our blog about the applicability of the DPDP Act. The DPDP Act applies to digital personal data, defining 'Data Principles' and 'Data Fiduciaries' with specific rights and obligations. It covers data processed within India and, in some cases, outside. Certain scenarios, such as employment processes and state functions, are exempt. Full enforcement awaits the release of DPDP Rules and the establishment of the Data Protection Board.

Read the Full Article

Childproofing Consent: Adapting the DPDP law on Children’s Data

DPDP Act provides for a techno-legal framework that mandates parental consent for processing child’s personal data. The act prohibits the processing of data for activities harmful to a child's well-being. Read our blog for further information on age gating and parental consent mechanisms required for online businesses.

Read the Full Article

What are the Exemptions under the DPDP Act?

The DPDP Act exempts some types of businesses from its obligations. These exemptions can be seen in three ways - exemptions from consent, general exemptions and state exemptions. Consent exceptions include scenarios where the consent is not required to process personal data. General exemptions cover scenarios and industries where some provisions of the act do not apply. State-specific exemptions allow government bodies to perform their functions without observing the statutory requirement.

Read the Full Article

Compliance Tip of the Week

Start with Data Mapping

A comprehensive data audit helps map out every personal data point across your systems against the purpose for which you use those data points. This foundational step is crucial for identifying compliance gaps and ensuring that all personal data is managed in accordance with the DPDP Act.

Identify relevant Business Process 

Determine Business Processes where user data is collected. Identify key internal data collection activities as well. Understand the nature of data collected and get legal understanding of liabilities that may arise, if any.

Explore Leegality Consent Manager

Discover how our Leegality Consent Manager can streamline your data protection processes and ensure compliance with the DPDP Act. Our Consent Manager offers:

  • Compliant consent notices across all customer touchpoints
  • Storage of verifiable and auditable records of each consent
  • Dashboard for customers to change consent preferences and exercise data rights
  • Oversight over the data practices of your third parties

Sign up for a demo and early trial access

Customized Demo for every use case
Deep dive into your unique needs and compliance challenges
Free access to testing account
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.