Concerns Over Digital Personal Data Protection (DPDP) Act
Digital payment companies like Google Pay, PhonePe, and Amazon Pay, along with the National Payments Corporation of India (NPCI), are seeking exemptions from certain provisions of the DPDP Act. They argue that the requirement for user consent for each transaction is onerous and could escalate costs and complexities, especially affecting smaller companies and startups.
Issues with Consent Requirements
- User Consent: The Act's emphasis on explicit consent for each data processing activity could disrupt digital payment workflows.
- Recurring Payments: Automatic debits for services like electricity bills may require fresh consent under the new rules, complicating processes.
- Incremental Costs: The additional authentication and consent processes introduce significant expenses, particularly challenging for smaller players.
Industry's Argument
- Smaller companies may struggle with the technical and financial burdens of compliance, potentially hindering their growth.
- There is ambiguity in how the law’s provisions are interpreted, leading to compliance uncertainties.
Data Fiduciary Exemption
- Section 17, subsection 5, of the DPDP Act allows the central government to exempt certain data fiduciaries from specific provisions for a period of up to five years.
- The industry seeks to use this time to develop alternative solutions that balance data protection with digital innovation.
NPCI's View
- NPCI specifically advocates for small startups that may lack resources to overhaul systems for new compliance.
- The financial costs of non-compliance are significant, with potential fines, prompting companies to integrate these costs into their operations, possibly affecting consumers.
