The Reserve Bank of India (RBI) or any sectoral regulator could frame their own rules for storage and processing of personal data, minister of state for electronics and IT Rajeev Chandrasekhar said on Friday. Though the new Digital Personal Data Protection (DPDP) Act allows businesses to export personal data to any country except a few that may be put on a black list, if the regulators find such data in their possession to be more sensitive in nature and are best controlled by them, they could bring these under their own regulations, he said. Speaking at the FE Best Banks Awards, Chandrasekhar said, “The RBI or a health regulator, can turn around and say that this personal data in our domain is more sensitive and we can prescribe stronger, harder rules for the storage and processing of the data. The law has that provision.” Chandrasekhar comments assume significance as the industry was looking for clarity on whether they will have to comply with certain areas of regulations that are already being prescribed by their sectoral regulators, from the ambit of DPDP Act as well. “As long as the obligations under the DPDP Act are enforceable in a geography, we will not prevent the platforms (from storing their data there),” Chandrasekhar said. “However, if you find that there is any case that a particular jurisdiction has either diluted the rights of the Indian citizen or the Indian business, we have the power to black-list that geography,” he added. On of illegal lending apps, the minister said the government is working on a framework that will require all lending apps to undergo a due diligence process before they could be allowed to enter the banking system.
