An industry lobbying group representing big tech companies Meta, Google, Amazon and Apple has urged the centre to provide a 12-18 month long transition period to comply with certain key provisions of the data protection Act. In a letter to IT Minister Ashwini Vaishnaw and Minister of State for Electronics and IT Rajeev Chandrasekhar, the Asia Internet Coalition recommended a year long compliance period for companies to prepare their systems for issuing consent notices to users. “Since implementing these provisions would require structural changes in organisations and businesses, they are likely to face significant amount of challenges during the course of such transition,” the grouping wrote in the letter. They also asked for a 18 month compliance window to enable the right to data erasure under the law. “Since this is a novel concept where a data fiduciary has to ensure erasure of data principal’s personal data, data fiduciaries would not be possessing such technical requirements for implementing it. This exercise will be fairly new to domestic and international business entities alike, since compliance with data laws of other jurisdictions like GDPR do not have such provisions,” the letter said. The Digital Personal Data Protection Act, 2023 was notified as law earlier this year, however, a number of its provisions are yet to be operationalised. The government is considering a graded approach for enforcing the law, with big technology companies first in line. The law also heavily relies on at least 25 subordinate rules, which are yet to be promulgated by the government. But they would be necessary to enforce the law completely. The law has retained the contents of the original version of the legislation proposed last November, including those that were red-flagged by privacy experts, such as exemptions for the Centre. In its new avatar, the proposed law has also accorded virtual censorship powers to the Centre.
