The government is set to expand its consultations with industry groups regarding the draft data protection rules. Union Minister Ashwini Vaishnaw announced this after an initial meeting with industry representatives on the draft Digital Personal Data Protection (DPDP) Rules 2025. "A lot of suggestions have come from digital platforms. We will now start focussed consultation process with various industry organisations. We want consultation to be very extensive," Vaishnaw stated.

During the meeting, officials assured participants that the consultation process would be comprehensive. They also mentioned the possibility of extending the February 18 deadline to ensure broader participation. Industry representatives expressed a desire for relaxed compliance requirements under the DPDP Act 2023. They also sought clarity on implementing the rules effectively.

Industry Feedback and Suggestions

Participants in the meeting included representatives from diverse sectors such as technology, consulting, MSMEs, banking, and finance. Notable organisations present were DSCI, NPCI, PwC, Apple, Microsoft, Snapchat, Accenture, Zomato, Deloitte, KPMG, PhonePe, and OpenAI. A source revealed that many attendees suggested shifting the responsibility of data verification to users of digital platforms like social media and e-commerce instead of companies.

Ministry of Electronics and IT Secretary S Krishnan emphasised the importance of inclusive feedback. He highlighted the MyGov portal as a platform for anonymous input from participants. "We are here to listen and fine-tune any aspects that require further attention. Data protection is an issue that affects all of us, and it must be addressed inclusively and thoughtfully. More such sessions would be held soon," Krishnan said.

Draft Rules and Compliance

The DPDP 2025 draft outlines how to implement the Digital Personal Data Protection Act 2023. It includes provisions for establishing a Data Protection Board to operate digitally under the Act. The draft rules are open for public comment until February 18. They also detail processes for handling children's data, requiring entities to obtain verifiable parental consent before processing such data.

During discussions, some representatives proposed educational campaigns in collaboration with the government to inform people in rural areas about the rules and consent requirements. Another suggestion was to establish a timeline for digital platforms to process or reject data if consent is not received according to the rules.

Penalties and Obligations

The DPDP Act 2023 includes penalties up to Rs 250 crore for data fiduciaries violating its provisions. The penalties are graded based on factors like nature, gravity, duration, type of violation, repetitiveness, and efforts made to prevent breaches. Significant data fiduciaries face higher obligations under the Act and rules compared to startups, which have a lower compliance burden.

Vaishnaw stressed understanding both the DPDP Act 2023 and Draft Rules 2025 together for a comprehensive grasp of personal data protection frameworks. This approach is crucial for safeguarding personal data effectively.

The government's focus on extensive consultations aims to refine these rules further by incorporating diverse industry perspectives. This collaborative approach seeks to address concerns while ensuring robust data protection measures are in place.