The Asia Internet Coalition, a powerful industry group that represents Apple, Google, Meta, Microsoft, and many other tech companies, has reached out to India’s IT Ministry for an extension on complying with specific provisions of a newly approved data protection regulation that governs the processing of user data.
In a letter addressed to India’s IT Minister Ashwini Vaishnaw and Deputy IT Minister on Thursday, the Asia Internet Coalition suggested an 18-month compliance period for a provision in the new data protection law. This provision requires data fiduciaries to cease processing and delete user data, as well as mandates tech companies to renegotiate contracts with data processors.
“Since compliance with data laws in other jurisdictions, such as GDPR, do not have similar provisions, this process will be new for both domestic and international businesses. Therefore, businesses will need to make significant changes to their platform’s technology architecture,” stated the coalition in their letter.
India’s Digital Personal Data Protection Act is considered one of the world’s strictest regulations for technology companies. The law restricts international data transfers and enforces fines for violations. New Delhi believes that these updated rules are crucial for protecting its citizens’ data and inducing a “fundamental behavior change” in organizations that collect and use personal data.
For tech giants like Meta and Google, India is their largest user base. Projections by Google, Temasek, and Bain estimate that India’s digital economy will grow to around $1 trillion by 2030.
The Asia Internet Coalition has also suggested a 12-month timeframe for companies to comply with a new provision that requires data fiduciaries to provide notice when seeking consent for personal data processing, or before doing so.
Implementing this notice system in 22 Indian languages would necessitate structural changes within organizations. The industry group anticipates encountering significant challenges during this transitional period.
The new legislation introduces unique concepts such as consent managers and grants Data Principals the rights to modify, delete, or access their personal information. The industry group believes that a 12-month timeframe is necessary to comply with these stipulations, as they require the development of new frameworks and tools.
“We request MEITY to harmonize all the above timelines to ensure a seamless transition experience for Data Principals, Data Fiduciaries, and Data Processors. This synchronization is particularly important when there are relaxed timelines for certain classes of Data Fiduciaries, such as startups,” expressed the industry body in their letter.
