StartupTalky

Tag: DPDP

  • Fintechs, NPCI Seek Exemption from DPDP Consent Clause Over Digital Payments

    The National Payments Corporation of India (NPCI) and digital payment companies Google Pay, PhonePe, and Amazon Pay have requested an exemption from the provisions of the Digital Personal Data Protection (DPDP) Act that demand user consent for every transaction, claiming that doing so would be excessively burdensome, according to ET.

    According to the companies’ submissions to the Ministry of Electronics and Information Technology (MeitY), the regulation will also apply to recurrent payments and result in increased complexity and cost. According to them, the problem will be more noticeable for startups and smaller businesses. Since the guidelines that were floated in January for stakeholder engagement have not yet been notified, the law has not yet been operationalised.

    In this regard, MeitY met with company representatives last week. Amazon Pay, PhonePe, Google Pay, and NPCI all refused to answer questions. The Unified Payments Interface (UPI) and the payment and settlement system are operated by NPCI.

    Recurring Payments at Risk Under New Data Law

    The Act’s emphasis on obtaining express consent for each data processing activity is at the heart of the problem. Despite the clause’s seeming simplicity, industry participants contended that its current interpretation and use might seriously impair current digital payment processes. After initial consent, recurring payments, such as subscriptions or electricity bills, are usually automatically deducted.

    The industry is concerned that this will demand new user consent under the DPDP Act’s consent requirements. According to ET’s report, although this multi-level identification and approval process improves security, it also adds a lot of friction and extra expenses.

    Startups Fear High Costs, Friction in User Flow

    Startups and smaller businesses in particular would find it difficult to absorb these expenses and modify their technical infrastructure, which could impede their ability to develop and compete. If the smaller players must obtain consent each time, the data processing will become even more difficult. It will affect the flow of digital data.

    Larger businesses, on the other hand, would be able to handle… yeah, there would be more expenses, but they would be in compliance. However, it will be more difficult for some of the smaller and less experienced players.

    MeitY Holds Talks with Industry Stakeholders

    Uncertainty regarding compliance also arises from what seems to be ambiguity in the way industry and the government are interpreting the law’s terms. According to experts, the current consent-related talks are reminiscent of the initial argument over data localisation that the Act sparked, in which the government concentrated on the volume of data and the business on its criticality.

    The DPDP Act’s Section 17, subsection 5, gives the central government the authority to exclude particular data fiduciaries or groups of data fiduciaries from particular rules for a predetermined amount of time. Before five years have passed since the law’s inception, this exemption may be granted by notification.

    According to the ET report, the sector hopes that this clause would provide a window of opportunity to create and execute substitute solutions that adhere to the principles of data protection without impeding digital innovation.

  • To Protect Children from Harm in Digital Spaces, DPDP Regulations will be Further Improved: Vaishnaw

    According to reports, the Centre is trying to improve the Digital Personal Data Protection (DPDP) Rules in order to protect kids from online dangers and encourage their use of technology. Union Minister Ashwini Vaishnaw stated in a media agency report that the rules will change in response to lessons learnt from their application. “We will continue to improve it (DPDP Rules) to give kids access to technology while protecting them from numerous risks,” he stated. The draft DPDP Rules 2025 were made public by the government on January 3 and are available for public comment until February 18, 2024. Users under the age of 18 are considered children under the DPDP Act, which requires social media companies and other online intermediaries—known as data fiduciaries—to get express parental approval before processing any kid data.

    What New Drafted Rules State?

    According to the draft regulations, digital platforms are only permitted to process a child’s data with a verified parent or guardian’s approval. Either a virtual token issued by a legally authorised entity or freely supplied identity and age information can be used for verification. According to Vaishnaw, the token system has worked well in a number of situations, including transaction verifications based on Aadhaar. He clarified that the tokens will be transient and only be used for one transaction before being instantly destroyed. The minister added that if necessary, sector-specific guidelines might be released, but only after speaking with stakeholders and experts in the relevant area.

    Individual Privacy will Remain Intact

    Virtual token verification won’t jeopardise personal privacy, according to Vaishnaw. He affirmed that because whistleblowers are legally protected, they would not be impacted by the DPDP Act. He added that the DPDP Act has no restrictions on the number of complaints that can be filed. According to a report from last year, social media companies are looking into ways to comply with the DPDP Act of 2023, such as using QR codes, virtual Aadhaar IDs, or app store-level age verification. Industry executives, however, objected to this clause because they were worried about the privacy implications of using these tools to determine the ages of children and confirm parental relationships.

    Strict Compliances are the Need of the Hour

    S. Krishnan, Secretary of the Government of India’s Ministry of Electronics and Information Technology (MeitY), claims that compliance is really increasing dramatically and that a great number of cases are resolved before the blocking issue is even raised. They act on it right away. According to their own community guidelines or the government’s removal demands for illegal content, they now complete these tasks much more quickly than they did in the past.

    There has been a noticeable increase in both the quantity and timeliness of items removed. These cover topics including child sexual abuse material (CSAM), inappropriate information of all kinds, and anything that could sabotage peace in the community, S. Krishnan noted further.

    Centre Empowers GST Officer to Block Tax-Evading Gaming Websites
    The Centre designates a GST officer to block websites of online gaming companies evading taxes, intensifying efforts to curb tax violations.
    StartupTalkyNitin Konde