1-yr timeline for cos on data compliance

Industry wants some more time for age-gating, different timelines for transition for different data fiduciaries. We expect transition for most of the rules except age-gating will happen in 12 months from now -- Rajeev Chandrasekhar

New Delhi: Entities may be given about a year to tune their systems to comply with norms of Digital Personal Data Protection Act-2023, Minister of State (MoS) for Electronics and IT Rajeev Chandrasekhar said on Wednesday.

Speaking to reporters on the sidelines of consultation with the industry, Chandrasekhar said the Data Protection Board and guidelines for the eight rules, including consent management, will be put in place within a month.

“Industry wants some more time for age-gating, different timelines for transition for different data fiduciaries. We expect transition for most of the rules except age-gating will happen in 12 months from now,” the minister said.

The consultation was attended by about 125 people representing various companies, including Meta, Lenovo, Dell, Netflix, among others. The Digital Personal Data Protection Act, 2023, which comes after six years of the Supreme Court declaring ‘Right to Privacy’ as a fundamental right, has provisions to curb the misuse of individuals’ data by online platforms.

The Act seeks to protect the privacy of Indian citizens while proposing a penalty of up to Rs250 crore on entities for misusing or failing to protect the digital data of individuals.