India needs to work closely with industry to make the implementation of the government’s Digital Personal Data Protection rules more workable and aligned with best practices, according to the Washington-based trade group Information Technology Industry Council. ITI, which advocates for the information and communications technology industry, has some of the world’s leading innovation companies as members.
Kumar Deep, ITI’s country director for India, emphasized the trade group’s commitment to continuing to work with partners to uphold trust and privacy.
“As [Ministry of Electronics and Information Technology] officials continue to fine-tune India’s privacy agenda, we urge them to consider issues ITI has highlighted, such as clear personal data breach reporting standards, removing potential restrictions on cross-border data flows, and ensuring flexible and workable rules for processing children’s data,” the director said in ITI’s response to the proposed rules. “Policymakers must harmonize regulatory efforts to foster innovation and ease compliance burdens.”
In January, the ministry issued draft rules to operationalize the Digital Personal Data Protection Act for public comment. The law, passed in August 2023, requires companies to implement security measures, programs and policies to protect personal data and delete personal data upon the owner’s request and when it no longer serves its purpose.