Now that the DPDPA 2023 is on the verge of being implemented, the industry is discussing on how to be “DPDPA Compliant”. While discussing the draft rules with the professional community, I often get a feeling that the industry experts are looking forward to a checklist from the MeitY on what to do not so much to do what is prescribed but to do what is not prohibited from being done.
We have often heard some views that what is “Lawful” is what is “Not prohibited by Law”. This may be technically correct and even the Supreme Court may uphold the view. But morally and ethically, it is not correct to interpret what is lawful by searching for what is not prohibited by law but to implement the spirit of the law in its true sense.
The DPDPA has rightly identified that the industry is classified as “Data Fiduciaries” and others and it is the collective responsibility of Data Fiduciaries to ensure that the DPDPA is implemented in letter and spirit. Being a “Fiduciary” of the data principal and not a “Controller” of the personal data, the Data Fiduciaries are legally bound to process personal data only in a manner that protects the Rights of the Data Principal. The spirit of the law is to protect the “Right to Privacy” which is translated for practical purpose into the four rights under Chapter III and 10 obligations under Chapter II of the DPDPA 2023.
In interpreting the laws therefore Companies can be innovative but should not apply their creativity in finding ways of bypassing the law.
It is for this reason that we are circumspect of the MeitY providing too many prescriptions in the law through the rules . Each prescription may be analysed by the unscrupulous entities on what loopholes it opens up.
Less the detailing, less are the opportunities for loopholes.
We therefore believe that the Rules should not be prescriptive and detailed and restrict itself to the “required clarity” derived from the “Principle based law”.
It should be considered that “Due Diligence” by the “Data Fiduciary” is the only road to compliance.
Naavi
