On March 4, 2025, AMCHAM submitted a detailed representation to the Ministry of Electronics and Information Technology regarding the Digital Personal Data Protection Rules, 2025. The submission highlighted concerns across multiple areas of the proposed rules, providing constructive recommendations to enhance their effectiveness while balancing individual privacy rights and business operational needs. The representation emphasized the need for practical implementation considerations while maintaining robust protection for data principals, advocating for a framework that supports both privacy rights and India’s digital innovation ecosystem.
Key recommendations included:
- Implementation timeline of at least 24 months for major compliance requirements
- Clear parameters for “reasonable security safeguards” based on international standards
- Risk-based materiality thresholds for data breach reporting
- Flexibility in data retention periods to align with sectoral requirements
- Guidelines for verifiable parental consent processes
- Clarity on cross-border data transfer mechanisms
- Specific criteria for classifying entities as significant data fiduciaries
- Enhanced framework for research, archiving, and statistical processing exemptions
- Transparency in government data processing requirements
