What potential impact does the Data Protection Bill have on FinTech?
By Puja Sharma
The Internet and Mobile Association of India (IAMAI) in a statement issued today has lauded the Digital Personal Data Protection Bill (DPDP) as industry-friendly. It has struck the right balance between protecting the interests of the data principals while leaving enough room for tech start-ups to innovate and grow.
According to the feedback received from the majority of IAMAI members, the reconceptualization of the data protection framework in the DPDP to balance innovation and economic growth with the interests of users will go a long way to assuage concerns of digital businesses and help make India a trillion-dollar digital economy by 2025. In particular, IAMAI appreciates the more liberalized framework for cross-border data flows and the exclusion of non-personal data from the ambit of the DPDP Bill. IAMAI also appreciates that the Bill imposes only financial penalties for non-compliance as opposed to both financial and criminal penalties.
Data Fiduciaries (those who decide the purpose and means of processing personal data) might be played by FinTech firms at times, while Data Processors (those who process data on behalf of Data Fiduciaries) are more common. To comply with regulatory requirements, it is imperative to understand this distinction between roles. According to these roles, FinTechs would need to separate their methods of maintaining and processing data.
Commenting on the Bill, Dr. Subho Ray, president of, IAMAI said, “By following a deep and wide process of consultation including that of a joint parliamentary committee, excluding non-essential provisions, by making a clear commitment that no Rules exceeding the provisions of the Act would be made, and yet protecting the interests of the state, citizens and the digital economy, this Bill has possibly set up new standards of law-making”.
On behalf of its members, the association has requested the government to provide clarifications regarding the DPDP so that once it is passed into an Act, there is better compliance by IAMAI members. In particular, there remain ambiguities surrounding the timelines for implementing the various provisions of the Bill and mechanisms for obtaining verifiable parental consent to process the personal data of children.
As the inclusion of specific timelines will provide a roadmap for the industry to better comply with the Bill, IAMAI has requested the government to indicate reasonable timelines by which the various provisions of the DPDP will be implemented and to adopt a graded approach to prescribing such timelines. IAMAI has also urged the government to consider a flexible approach to obtaining parental consent, as prescriptive mandates may have an adverse cascading impact on sectors that provide services to younger individuals.
IAMAI is confident that through consultation and collaboration, the final version of the law will help stakeholders who are invested in and committed to the digital ecosystem of India.
Other Related News
July 16, 2024
Rise in sophisticated attacks, state-level threats, and increased ransom DDoS Incidents
Read MoreJuly 15, 2024