Union Minister Ashwini Vaishnaw on DPDP rules: Regulations here won’t stifle innovation like European laws

India unveils draft rules for data privacy, charting a different path from Europe.

By
| January 6, 2025 , 8:29 am
The draft rules, open for public comment until February 18, aim to strike a balance between industry needs and user privacy rights. They arrive as India's tech sector, one of the world's largest, has been anxiously awaiting guidance on compliance requirements.
The draft rules, open for public comment until February 18, aim to strike a balance between industry needs and user privacy rights. They arrive as India's tech sector, one of the world's largest, has been anxiously awaiting guidance on compliance requirements.

In a move that could reshape India’s digital landscape, the government released long-awaited rules for personal data protection on Friday, emphasizing a lighter regulatory touch than its European counterparts.

Ashwini Vaishnaw, India’s Minister for Electronics and Information Technology, defended the 16-month gap between the passage of the Digital Personal Data Protection Act and the publication of its implementing rules, saying the government maintained focus on digital transformation despite the intervening national elections.

The stringent regulations that have stifled innovation in Europe won’t be replicated here, Vaishnaw said in an exclusive interview with CNBC TV18.

Read more: EXCLUSIVE: Data protection rules under translation; expected to be out in January’25

The draft rules, open for public comment until February 18, aim to strike a balance between industry needs and user privacy rights. They arrive as India’s tech sector, one of the world’s largest, has been anxiously awaiting guidance on compliance requirements.

Written in plain language and accompanied by illustrations, the rules outline security measures for data storage and processing. Companies will have two years to achieve full compliance, a timeline Vaishnaw says was developed in consultation with industry stakeholders.

One notable provision requires parental consent for children’s data, implementing a digital token system that leverages existing infrastructure. The potential for harm to children is significant, Vaishnaw said, adding that we must take necessary precautions.

The rules also grant the central government authority to regulate international data transfers, aligning with existing regulations like the Reserve Bank of India’s requirement for domestic storage of financial data.

Read more: DPDP Act: MeitY releases draft data protection rules for public consultation

Government entities providing public services received certain exemptions, though Vaishnaw emphasized that the law’s fundamental principles apply broadly. If consent has been given for one government service,” he said, it shouldn’t need to be repeated for another.

The approach marks the nation’s distinct vision for data protection, as it seeks to protect consumer privacy while maintaining its competitive edge in the global digital economy.

Read more:

Leave a comment