The Digital Personal Data Protection Bill, which is about to become law, will be implemented by the Centre for various organizations in a graded approach. According to Rajeev Chandrasekhar, minister of state for electronics and IT, the government would initially implement the rule for major tech firms like Google, Microsoft, Amazon, and Apple and then provide a longer transition period for smaller organizations and start-ups.
Rajeev Chandrasekhar, minister of state for electronics and IT spoke to journalist Soumyarendra Barik who took to Twitter to say, “With the data protection bill on verge of becoming law, the next big question on everyone’s mind is how much transition period it will allow entities. Rajeev Chandrasekhar tells me the approach will be graded, with Big Tech first in line.”
After receiving the President’s assent, the Digital Personal Data Protection Bill, 2023, which was approved by the Rajya Sabha on Wednesday, would become a law. This is the country’s second attempt at framing a privacy legislation, as it comes after three previous iterations of a data protection law that were first considered, and then shelved, by the government.
Read More: OpenAI’s Sam Altman Launches Cryptocurrency Project Worldcoin
The Bill does not, however, provide a particular date for when its rules will become operational for organizations that collect users’ personal data. Start-ups and less digitized companies, like MSMEs, will most likely have to comply with the rule after big IT companies, according to Chandrasekhar.
The timelines will be decided after consultation with the industry, he said. The timelines, according to him, will be chosen so as not to interfere with companies’ continuing activities.
General Data Protection Regulation (GDPR), a privacy regulation of the European Union, gave organizations two years to prepare before it began to apply to them. The European Parliament passed the GDPR in 2016, and it went into effect the following year.
The minister said, “We expect the industry to ask for a long time period, but the government will negotiate with them. GDPR was designed when the world’s knowledge about privacy laws was low, but that is not the case today. So, it is unlikely that we will allow the industry a two year transition window.”