Modi government gives an update on Data Protection Board's formation
What's the story
The Indian government is fast-tracking the formation of the Data Protection Board, according to IT Secretary S Krishnan. He said that the government has started working on the process and modalities for appointing members to this new board. The digital tools required for a fully online office of the body have also been developed, Krishnan added.
Stakeholder engagement
Government consulting industry stakeholders on compliance timelines
When asked about the possible shortening of compliance timelines for Big Tech under the data protection regime, Krishnan said that the Centre is consulting industry stakeholders to assess their preparedness. He emphasized that since this issue is complex and impacts multiple layers of the digital ecosystem, their priority is to avoid any disruption.
Board responsibilities
DPDP Act and the role of Data Protection Board
The Digital Personal Data Protection (DPDP) Act, which defines how entities should collect and process users' data, envisages the establishment of the Data Protection Board of India. This independent body will monitor compliance, inquire into breaches, impose penalties, and direct remedial measures in case of a data breach. It is set to play a key role in enforcing rights under the Act and maintaining trust in the system.
Appointment process
Central government to establish search-cum-selection committee
As per the recently-notified DPDP Rules, the Centre will set up a search-cum-selection committee headed by the Cabinet Secretary. This committee will recommend names for appointment as chairperson of the Data Protection Board. Another panel, chaired by IT Secretary and comprising Law Secretary and two domain experts, will recommend names for board members' appointments.
Board launch
Data Protection Board to be operational soon
Krishnan said that the Data Protection Board will be up and running "in the coming months," but he did not give a specific timeline. The DPDP Act lays down clear responsibilities for the data fiduciaries to keep personal data safe and stay accountable for its use. It also gives data principals rights over how their data is handled, thus ensuring transparency in data processing activities.