The exemption may be placed for a limited time to ensure that the early-stage startups are not too burdened with compliance
While withdrawing the last iteration of the bill, the government cited the same compliance burden on startups as one of the reasons
The Centre has been championing the cause of the draft DPDP Bill and assuring that the government would not be able to violate citizens’ privacy
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
The government is looking to exempt early-stage startups from mandatory compliance with the data protection norms prescribed under the draft Digital Personal Data Protection Bill, 2022.
According to an official source cited by ET, the exemption may be placed for a limited time to ensure that the early-stage startups are not too burdened with compliance and can develop their business models and innovate.
The draft Bill does include several exemptions from the data protection norms listed under Chapter Four of the draft. So far, these exemptions are only limited to the government and associated data fiduciaries and data processing entities.
According to the source cited above, the Ministry of Electronics and IT (MeitY) is looking to include early-stage startups in the exemptions.
If this happens, it would be interesting to note what parameters the government would use to define an early-stage startup. The definition would have to be highly specific, and the current iteration of the data protection bill leaves a lot of room for interpretation as is.
For many early-stage startups, data forms a crucial aspect of their market research as part of their go-to-market strategy. Without some leeway in the norms, it might become impossible for early-stage startups to process user data in such a way.
The compliance burden on startups has once again become a crucial part of the discussions around the data protection bill. While withdrawing the last iteration of the bill, the government cited the same compliance burden on startups as one of the reasons for pulling back the bill.
In August, Chandrasekhar said, “Big tech firms would have just hired more lawyers to comply if there was a complicated privacy law. The burden of such legislation would have hurt startups.”
The Centre has been championing the cause of the draft DPDP Bill and assuring that the government would not be able to violate citizens’ privacy.
Last week, the Minister of State for Electronics and IT Rajeev Chandrasekhar reiterated that stance, adding that the government would only get access to personal data in exceptional circumstances such as national security, pandemic and natural disasters.
However, ‘national security’ is not a well-defined term in the DPDP Bill, hence the speculation of the potential misuse of the exemptions the government has given itself.
In a tweet in November, Chandrasekhar said that India’s upcoming digital Digital Personal Data Protection Bill would also end data misuse and fine violating companies.
The bill is open for public comments till December 17 and the government might table the draft before the Parliament during the Budget Session.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.