Going by the news paper reports it appears that many Indian companies including giants like TCS are eyeing registration as “Consent Manager” under DPDPA 2023. There is news that JIO and Airtel are also interested in being registered as “Consent Manager”.
Further, NeGD had announced a “Code Development Competition” for development of an open source Consent Management platform to manage the Consents under DPDPA by Data Fiduciaries. This was a competition for a prize of Rs 50 lakhs and as part of the specifications of the coding competition, a document called “BRD” or “Business Requirement Document” had been issued by NeGD.
Under this competition, the following six entities were short listed for the final round of code development.
In the background there are 17 RBI licensed “Account Aggregators” who are acting as “Consent Managers under DEPA” who may be thinking that they are already “Consent Managers” and should automatically be eligible for registration under DPDPA.
With these developments the media and many experts are confused about the intentions of the MeitY on how they would modify the DPDPA Rules of November 13 to accommodate the lobbying by the giants such as TCS, Jio and Airtel.
While Naavi.org has explained in detail the conflicts betwee the DPDPA act and the Rules, and will continue to debate this provision, it is our duty to point out that there is a need for substantial change in the Rule 4 of the November 13 publications.
If the Meity goes ahead with registration of companies without synchronizing the rules with the act, there could be legal objections that may stall registered Consent Managers from going ahead with the implementation of the accreditation. We can expect some of the other aspiring candidates seeking stay on the registration through legal means.
Let us watch this interesting developing news space.
Naavi
