New Delhi, April 12
The Indian financial sector is highly digitized, with established consent-based data sharing and governance structures in place, experts said on Saturday and noted that rules concerning the Digital Personal Data Protection Act provide a framework towards a more accountable digital ecosystem while also presenting some challenges.
Speaking at the 9th Carnegie Global Tech Summit on Saturday during the session 'India's approach to data governance', they said that consent managers could help manage personal information and age-gating mechanisms are geared towards restricting children's access to harmful content.
Saranya Gopinath, director, government affairs and policy, Razorpay, said it is a matter of great comfort for people that India's financial sector is properly regulated and governed.
"The financial sector in India is not only most digitized or matured ecosystem, it's also deeply regulated. As citizens, we can all take a lot of comfort in the fact that it is deeply governed," she said.
Asked about the changes the financial sector will face due to the Digital Personal Data Protection Act (DPDPA), she noted that the financial sector is already familiar with concepts like consent and data sharing, and has advanced data structures in place.
Gopinath said substantial thought has been given towards individual rights in the financial sector.
She said banks undergo regular audits and there are protocols for data handling.
"Consent is not an alien term in the financial sector. It is an understood concept," she said.
Bhuvnesh Kumar, Additional Secretary, Ministry of Electronics and Information Technology, spoke about the provisions of DPDP Act including "right to be forgotten".
He laid thrust on the significance of rules regarding the legislation.
Aman Jain, Director of Public Policy at Amazon, said global companies can face challenges in implementing the provisions of DPDPA regarding data storage and deletion.
Jain highlighted the challenge of identifying the data principal in cases where a single device is used by multiple individuals, such as a household. In such cases, it is difficult to determine who the data principal is and how their rights should be protected.
"When the Act came out, a lot of us in the industry said, Look, this is progressive. This is different. You know, when the details came out and the rules came out, suddenly, the government announced that there'll be a committee that will decide on what data subjects can be or topics can be under data localization," he said.
He said the draft rules require e-commerce companies to automatically delete data of user after three years after it is not required.
"Let's say you've gone on Amazon, you bought something today, and come 2027 we are required to delete your data if you've been inactive in that period. Now, practically, what ends up happening is we have enough use cases of folks coming back because they want to see if the warranty still exists for a TV they bought five years back, right? Or they just want to know the model you don't remember it you bought something," he said.
"I had a thing very recently, where I wanted to check what book I bought in 2015? And I need to be able to go back. And it doesn't mean that I need to, you know, we'd love you to shop every single day. But if you were inactive for a little while and then you were going back, then you it just creates for bad experience, right? So, so that's, I think, one so practical example," he added.
Sunil Abraham, Public Policy Director for Data Economy and Emerging Tech at Meta India, said the decision to leave the regulations technologically neutral and future-proof is a step in the right direction.
- ANI
Reader Comments
We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.