Why Indian businesses are worried about enforcement of DPDP Act
What's the story
A recent survey by Esya Centre has revealed that 85% of businesses in India are worried about the financial burden of data verification under the Digital Personal Data Protection (DPDP) Act. The study, which included 300 firms from tier-1 and tier-2 cities, found that nearly 30% of respondents expect these new costs to exceed 10% of their turnover. This has raised concerns over potential disruptions in routine business operations such as security updates and marketing new products.
AI concerns
DPDP Act could affect India's sovereign AI ambition
The DPDP Act could also affect India's ambition to build sovereign artificial intelligence (AI) models. More than 75% of firms training their models rely on publicly available personal data, the survey found. While all publicly available personal data is exempted from the DPDP Act under strict conditions, Section 3(c)(ii) specifically exempts data made public by the individual or a third party under legal obligation.
Compliance hurdles
Verification seen as difficult or impossible
The survey also revealed that 80% of firms think verifying publicly available personal data will be difficult, with the rest calling it practically impossible. Nearly 30% of respondents are also worried about rising compliance costs, with many fearing these new expenditures could exceed 10% of their turnover. These concerns are especially prevalent among businesses in the IT and IT-enabled services sectors who process digital personal data for developing and deploying AI solutions.
Regulatory impact
Majority unaware of Section 7 exclusions
The survey also found that a majority of firms don't fully understand the implications of the DPDP Act on their products and services. Section 7 of the Act allows certain legitimate uses for processing users' digital personal data without consent, but excludes grounds like "legitimate interest" and "contractual necessity." This exclusion is not widely known among businesses, with 62% unaware of its significance.