The Digital Personal Data Protection Act, 2023, is currently the hottest topic in Indian tech policy—and it impacts every kind of business, whether an Internet Service Provider, a tech start-up, or a messaging app. Whether the law strengthens people’s privacy rights or not is a question to be addressed, but right now, it’s important to look at how the law will be implemented by companies, and the challenges that might accompany this.
PrivacyNama 2023 saw experts from top businesses, firms, and think tanks come together to answer these critical yet nuanced questions on implementing the privacy law. Sessions covered topics like user rights, new privacy obligations for companies, consent management, children’s privacy, cross border data flows, and the functioning of privacy regulators like the Data Protection Board of India. Two freewheeling roundtables saw chief privacy officers of companies share their experiences of complying with privacy laws over the years, and international privacy regulators from Japan and Iceland discuss how they monitor and enforce data protection compliance.
The videos for day 1 and day 2 of PrivacyNama 2023 are available below:
We saw participation from organizations like:
We had 222 physical registrations for this event, out of which 171 people attended. We also had 120 online registrations.
Registrants included attendees from A&M India Pvt Ltd, Accenture, Access Now, Accessibility Lab, ADVAG, Ajatshatru Chambers, Alleviate IT Consultancy Pvt Ltd, Amity Law School, APCO WORLDWIDE, Arakoo AI, Ashwathh Legal, Australian High Commission, AWS, AZB & Partners, Azure Data Protection Consultants LLP, Banerjee & Grewal Advocates, Bar Council of Delhi, Biztech India, BLS International, BTG Advaya, BYJU’S, Cambridge University, CCG, NLU Delhi, CCMG, Jamia Millis Islamia, CDAC, Centre for Civil Society, Centre for Policy Research, Centre for the Study of Developing Societies, Chambers of Eshna Kumar, Chambers of Namrata Pahwa, Chanakya National Law University, Chandhiok & Mahajan, Chargebee, Chemistry World, Chitale Verma & Associates, CHRIST Deemed to be University Delhi NCR campus, COAI, Competition Advisory Services (India) LLP, CQ, CRED, CUTS Institute for Regulation & Competition, Cybersecurity-Nxxt, Cyril Amarchand Mangaldas, Data Security Council of India, DataLEADS, DeepStrat, Deloitte, DigitalTrends, Disney Star India, DSK Legal, Dvara Research, EY, Foundation for Advancing Science and Technology (FAST India), FTI Consulting, Fun2Do Labs, G&W Legal, Games24x7, GGSIPU, Google, Hero Fincorp, Hindustan Times, IAMAI, ICRIER, IDfy (Baldor Technologies), Ikigai Law, India Press Agency, Indiamart Intermesh Limited, Indian Institute of Mass Communication, Indicc Associates, Inshorts, Institute for Governance, Policies and Politics, Internet Society, IT for Change, J Sagar Associates, Jagran New Media, Jawaharlal Nehru University, K&S Digiprotect, KPMG, Lakshmikumaran & Sridharan Attorneys, Law Chamber of Anirban Sen, Legal Buddy, M&G Global Services, Malayala Manorama, Maruti, Meta, Ministry of Health & Family Welfare, MSS Law Chambers, Nagarro, NALSAR University of Law, Newslaundry, NLU Delhi, Office of Dr Amar Patnaik, Member of Parliament, Oncquest Laboratories Ltd, Outlook Business, PayU Payments, People interactive, Pierstone, PLR Chambers, Polygon Technology, Primus Partners, PRS Legislative Research, PSA, PW&CO LLP, PwC, Rapid IPR, Razorpay, Saikrishna & Associates, Saraf and Partners, Sarvada Legal, SeedAI, SFLC.in, Shardul Amarchand Mangaldas, ShareChat, ShreeJee Academy, Singh & Singh Law Firm LLP (The IP Law Firm), Supreme Court of India, Tattle Civic Technologies, TechBridge, TechCrunch, TechLegis, The Asia Group, The Data Firm, The Dialogue, The Quantum Hub, Times Internet Limited, Times Management, Truecaller, TrustLab, Tsaaro, UKIBC, Vidhi Centre for Legal Policy , VTG, VVNT Foundation & VVNT Sequor, Zebra Technologies India Pvt Ltd, and Zedsoftpoint.
What we discussed:
We covered a variety of questions, including:
- How do you offer services to children when you can’t track them? How do you verify a child’s age in the first place?
- How do you obtain ‘meaningful’ consent from users based on sparsely-worded ‘notices’?
- How should sensitive data be protected when the law doesn’t specify regulations for it?
- Given that the law is much slimmer than previous drafts, what rights do users actually have over how their data is collected and stored?
- How is a business impacted if a country you transfer personal data to is blacklisted by the Indian government?
- How will the government-appointed yet ‘independent’ Data Protection Board of India function?
Next up, we’ve started publishing stories from this discussion on our website, so stay tuned for them. You can sign up for our free daily newsletter to stay updated with our latest stories.
If you’d like to sponsor future discussions at MediaNama, do reach out to us here.
This discussion was organised with support from Meta, PhonePe, Google, and Salesforce, and in partnership with CUTS and the Centre for Communication Governance.