India’s Digital Personal Data Protection (DPDP) Act was passed last year and it marked an important step forward in safeguarding privacy of citizens. The rules are yet to be notified, but Global tech giants represented by the Information Technology Industry Council (ITIC) believe that India is at a crossroads.
The core aim of DPDP Act is commendable and it is securing sensitive personal data from misuse. ITIC CEO and President Jason Oxman said that regulations need to carefully consider the ripple effects on AI-driven innovation. It is the reality that modern AI thrives on data. Anonymized and aggregated data in sectors like healthcare can make the difference between life and death.
The call of Oxman for an 18-24 month compliance period is not without merit. Expecting companies to comply within a few weeks or months ignores the complexity of adapting to a regulatory framework in a country as diverse as India. Multiple languages, varied data transmission methods and retrofitting existing services to meet new standards require time.
There is also a broader lesson here. The regulatory journey of India toward data protection needs to align with global best practices. It should ensure compliance and simultaneously continue with its ambition of becoming a global tech hub. The international tech community is clear that it values the market and potential for AI innovation. But innovation can only flourish in an environment where regulations are both practical and forward-looking.
The path ahead for the DPDP Act should not be about choosing privacy over progress or vice versa. It is important to find a middle ground to make privacy and innovation coexist.