(Continued from Previous Article)
The MeitY is now trying to finalize the rules under DPDPA 2023. From the indications now available, the ministry is trying to release a complete set of 25/26 rules rolled into one notification.
In the last couple of days we have discussed Why Not the Consent Manager under DPDPA be different from Consent Manager under DEPA.
Similar Why Not? questions will be raised in this series of articles so that some thoughts can be implanted in the minds of the rule makers so that they may consider them in the draft rules to be released for public comments or enable a discussion on the same.
It is noted that the MeitY is under closed door discussion with industry so that there is a prior approval of the rules from them.
It is noted that the “Data Sovereignty” principle of Cross Border restriction on data transfer which was present in the earlier drafts has been diluted. Similarly Section 9(5) was perhaps introduced at the behest of FaceBook that the restrictions on parental consent should be relaxed for children below the age of 18 upto the age of 12/13.
Now the delay in the issue of rules is perhaps influeced by the fact that there is no consensus on some of the aspects of the rules..
Hence we are trying to put up some suggestions in the “Why Not Series” so that a record is created that these issues were raised whether they are accepted or not.
The discussion on “Why Not the Consent Manager under DPDPA be different from the Consent Manager under Account aggregator/DEPA scheme was also in this direction.
We shall raise more such “Why Not” questions in the next days till the rules are finally notified after public debate.
I invite professionals to actively participate in this debate. Some of the good practices that come forth here would be also incorporated in the DGPSI implementation recommendations so that the DGPSI framework becomes “A Voice of the Data Protection Professionals”.
Naavi
