Nasscom, the tech industry apex body, on Wednesday said it was working closely with the industry to understand the implications of the draft Rules (Digital Personal Data Protection Rules, 2025) in greater detail to develop recommendations aimed at strengthening the draft rules, to promote effective and practical compliance while reducing uncertainty and enabling innovation.
The industry body said it was actively engaged with a diverse range of industry stakeholders to consolidate inputs, to ensure timely submission by February 18.
It also welcomed the Union government’s initiative to establish a data protection framework in consultation with the public.
‘’Nasscom welcomes the government’s efforts to establish a robust data protection framework through the public consultation process for the draft Digital Personal Data Protection Rules, 2025,’‘ it said in a statement.
Nasscom further said in its initial assessment, the requirement of data localisation through the mode of a committee appeared to be a novel provision in the rules.
‘’While we are examining the implications of the draft Rules in detail, at a preliminary level, in our initial assessment, the requirement of data localisation through the mode of a committee appears to be a novel provision in the rules,’‘ it stated.
The apex body further said it was examining its implications for industry, including the rationale behind this provision. ‘‘This provision related to restriction on cross border transfer of data is important and merits detailed analysis,’‘ it observed.
It also said, the draft Rules on reasonable security safeguards lay down the minimum standards that would apply to all types of data fiduciaries. ‘‘We are examining its suitability in all scenarios,’‘ Nasscom said.
It further said, the requirement of verifiable consent for processing children’s data (age threshold for parental consent set at 18 years) and persons with disability who have a legal guardian would be required to be implemented at scale. ‘‘Given that the Act and the Rules provide limited exemptions from this obligation, we are examining how it could be operationalised in different use-cases and business models,’‘ commented Nasscom.
Meanwhile, Tech Entrepreneurs Association of Mumbai (TEAM), a non-profit and independent industry association dedicated to advancing Mumbai’s tech ecosystem recognised the draft DPDP rules as crucial towards establishing a robust digital personal data privacy framework in the country.
In support of the overall mission for a healthy digital ecosystem, TEAM has identified certain areas, such as AI safety, user-centric data deletion, tiered compliance (distinguishing between large multinational corporations and startups) and enhanced clarity, where deliberation may be valuable.
A spokesperson at TEAM said, ‘‘Creating a structured platform which includes bodies such as ours, industry associations, startups and tech companies, civil society organisations, think tanks and academic institutions in the feedback process would further ensure a comprehensive and expert-driven analysis.’‘
Published – January 15, 2025 09:48 pm IST
