All Articles

The DPDPA Issues ?

Posted by Advocate (Dr.) Prashant Mali on July 24, 2024 at 10:24pm in Blog
The DPDPA Issues ?

India's Data Protection Law namely The Digital Personal Data Protection Act or the DPDPA has been a topic of much discussion and debate in recent times. This Act aims to regulate the collection, storage, and processing of personal data in India, and ensure the protection of individuals' privacy rights to some extent. However, I feel India may be overprepared for the implementation of the DPDPA . Already in the budget, The Indian government has allocated a sum of Rupees Two crores to set up a dedicated Data Protection Board.
This is a beginning data protection space budget, this current allocation may be allocated only for the first 6 - 7 months of salary and expenses as major work would be carried out online. The DPDPA rules are just on the corner, money allocation is just the impetus but rules would be the bloodline. Parliamentary discussion on the rules would be fascinating and those students of data protection should follow these discussions and it would be the important point of Data Protection jurisprudence in India.

I also see many people undergoing training and certification for LLM in Data Privacy, CIPP from IAPP, ISO 27701 LA or LI courses for PIMS certification, DSCI Privacy Course, and other online courses and certifications.
I feel Data Protection Law and Compliance in India will see more qualified professionals, than the required demand shortly and there will be saturation in the profession for the following reasons:
1. The Data Protection Law of  India was on the horizon for many years, so preparation had begun with professionals.
2. Presence of CIPP and ISO-certified working employees.
3. Employees already working on GDPR compliance in privacy or assurance departments.
4. Indian GRC companies and traditional audit and compliance organizations like CA firms are taking over the data protection space.
5. Availability of AI-enabled GRC tools for compliance.
6. LLB will also have the DPDPA as a subject or part of a subject in the regular course. The DPDPA as a subject or part of a subject would be in the syllabus of BE, BTech, MSc, and MBA programs syllabus.
7. The basic DPDPA as a law unlike GDPR, section-wise is very small and has around 20-25 effective sections for compliance while the rest are procedural. With no specific case laws, the interpretation and applicability in various scenarios is yet to be ascertained.
8. Infosec people handling privacy assignments and CISO people donning the DPO hat and I feel that’s a natural progression in this initial period of 4-5 years.
9. No criminal action of corporate defaulters and penalties are by the Board which in turn would be politically appointed, so Maybe less application of judicious mind or jurisprudence values. The deterrence and legal risk perceived would be low, now the seriousness is corporates are comparing legal risk with GDPR cases and fines but this is India, remember here crores of rupees tax and fine for violation and loans are written off.
10. Law penetration and awareness in a big country like India takes time and this Indian Government knows it very well so lots of time would be granted so easily in the next five years we would have many professionals in the data protection space and not to forget AI

11. The DPDPA has introduced a new concept called "deemed consent," which is further narrowed down to the process called "certain legitimate uses" in Section 7 of the Act. The whole business here changes as organizations or data custodians might have the authority to handle the personal information of individuals for the explicit purpose for which the individual willingly shared their data unless they have expressly withheld consent for such use.

So where would be the zing and major application of mind and law?
Answer could be In higher courts, when the appeals and writs would start if the disputes are not settled in the board. When a question of a law arises or corporations would want to fight for their image and if they really trust their cybersecurity guys or vendors to prevent the leak or if they trust their consultants for actually doing great compliance.

As time passes by, any further rules & guidelines issued by the government will further strengthen the implementation of the regulatory and safeguarding mechanisms. Overall, India's Data Protection Bill is widely seen as toothless and ineffective in its current form. Without stronger enforcement mechanisms, clearer definitions, and provisions for cross-border data transfers, the law is unable to effectively protect the privacy and data of Indian citizens. It is crucial for the government to address these shortcomings and strengthen the DPDPA to ensure that individuals have control over their personal information and that companies are held accountable for their data practices.

 

Views: 22
Tags: dpdpa, dpdp, dpdparules, grc, dataprotectionlaw, dpdpacompliance, privacyjobs, dataprotectionaudit, ciso
E-mail me when people leave their comments –
Follow
Posted by Advocate (Dr.) Prashant Mali

Advocate (Dr.) Prashant Mali is a renowned International Cyber & Privacy Lawyer, Policy thought leader , Researcher, Trusted advisor, Published Author and TV Personality . He is Master's in Computer Science and Masters in Law with Phd in Cyberwarfare & International Cyberlaw. He is a Chevening Cybersecurity Fellow (UK) and IVLP (USA) Participant for Digital Policy and Cybercrime. He is well known for his futuristic views, out of the box thought leadership and elocution, Apart from his Law practice as a passion he trains the International police, Judges, Bureaucrats, Professors and Corporate decision makers and debates on Various TV Channels and online forums . His radically innovative and published views on many key issues are well appreciated and also under implementation by some government agencies that include proposal of Having an Online Gaming Regulator, Having vernacular languages for Payment Wallets & e-governance Apps, Having a different cyber cadre for police force with cyber spies, how to make india a cyber neutral country , Indian citizens to have Right to be forgotten as a part of right to privacy and having compulsory Online Dispute Resolution (ODR) for ecommerce companies. His recommendation to The IT Act,2000 amendments and The Data Protection Act are also implemented in the new amendments. He has many clients that include fortune 500 companies, HNI’s, celebrities and Governmental agencies, whom he advices or represents in various courts. He is also the Author of 6 books and 16 research papers One of his book is listed as an official textbook for LLM, MTech, BE Computers and MBA courses of SPPU, DU and Mumbai University. He is also associated with many unlisted charity activities and cyber educational events to support the masses and people that are underprivileged

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)