Entities may be given a year to comply with data protection norms: MoS IT

Entities may be given about a year to tune their systems to comply with norms of Digital Personal Data Protection Act, 2023, Minister of State for Electronics and IT Rajeev Chandrasekhar said on Wednesday.

Speaking to reporters on the sidelines of consultation with the industry, Chandrasekhar said the Data Protection Board and guidelines for the eight rules, including consent management, will be put in place within a month.

"Industry wants some more time for age-gating, different timelines for transition for different data fiduciaries. We expect transition for most of the rules except age-gating will happen in 12 months from now," the minister said.

The consultation was attended by about 125 people representing various companies, including Meta, Lenovo, Dell, Netflix, among others.

The Digital Personal Data Protection Act, 2023, which comes after six years of the Supreme Court declaring 'Right to Privacy' as a fundamental right, has provisions to curb the misuse of individuals' data by online platforms.

The Act seeks to protect the privacy of Indian citizens while proposing a penalty of up to Rs 250 crore on entities for misusing or failing to protect the digital data of individuals.

The Act mandates that the data collected by citizens should be used as per law, only for the purpose for which it has been collected, and the quantum of data should be limited to the requirement.

In case of any grievances, individuals will be able to approach the Data Protection Board which will process the complaint as per the norms of the Act.

"We will start putting in place most of the rules for compliance in the next 5-6 days. Most of the rules will be placed within 30 days. The Data Protection Board will also be in place in 30 days," Chandrasekhar said.