IAMAI Flags Concerns Over India’s Data Protection Rules, Citing Challenges for Start-ups and MSMEs

The Internet and Mobile Association of India (IAMAI) recently expressed concern that India's data protection framework may unfairly affect start-ups and MSMEs relative to big corporations.  In its response on the draft Digital Personal Data Protection (DPDP) Rules, IAMAI cautioned that compliance with the framework requires major financial and technical resources, which smaller businesses may struggle to meet.  

IAMAI, which represents about 600 Indian and worldwide digital enterprises, plays an important role in impacting India's data policy. The industry group highlighted uncertainties in the designation of Significant Data Fiduciaries (SDFs), where classification based on the volume of personal data processed remains unclear.  IAMAI highlighted that such criteria could place Indian enterprises at a disadvantage against global competitors and suggested clearer procedures, including a fair hearing before SDF designation.  

The submission also criticized potential restrictions on cross-border data transfers, claiming that such measures might separate Indian firms from the global data economy and increase compliance costs.  Additionally, IAMAI expressed concern about serious parental verification requirements for children's data, which could increase compliance obligations and infringes data minimization principles.  

IAMAI encouraged the government to establish safeguards against forced disclosure of confidential company information, as well as a 24-month implementation time to assist firms in successfully transitioning to the new regulatory framework.

This article is based on information from Money Control