Digital
India’s DPDP Bill – a win-win for consumer tech platforms
Mumbai: India’s Digital Personal Data Protection (DPDP) Bill, is expected to be implemented over the next six to eight months in a phased manner; hefty penalties have been imposed for breach of data. This Bill will have a positive impact on companies/platforms that use first party data, whereas players using or sharing third party data (Google cookies, publisher platforms) could see a negative impact; this could potentially mean that sourcing data may become an expensive proposition for programmatic companies like Affle, as they may need to invest in enhancing their own database (first party). This Bill mirrors UK’s GDPR (General Data Protection Regulation) in terms of the major norms mentioned therein. Internet platforms like Zomato, Nykaa, Paytm etc may have relatively lesser monthly active users (MAU’s) as compared to social/search giants like YouTube, Meta, however the former has a detailed understanding of their limited customer base, with more intelligence around their purchasing/consumption patterns; e-commerce giants like Amazon, Flipkart too will have a big edge due to data protection, as they can earn ad. revenue with the help of their first party data, which will help provide better monetisation and profitability over the medium term.
Long haul for implementation of the DPDP Bill (six to eight months)
The DPDP (Digital Personal Data Protection) act, which has been highly anticipated, has been in the works for the past four to five years. Numerous drafts have been exchanged and extensive input has been gathered from the industry stakeholders. Although the Bill is set to take effect on 11 August 2023, its actual implementation has not yet occurred. Currently, the sections have not been enforced, but there are plans to assign specific dates for the phased implementation of these sections.
The scope of its applicability extends to all forms of digitised or digital personal data. Notably, the act also holds extraterritorial jurisdiction. This means that all entities, including those located outside of India, that process data to offer data services within the country, will be obligated to adhere to the provisions of the act. The Bill is anticipated to bring about a positive impact. India is undergoing rapid digital transformation, and with such swift digitization, there’s a substantial amount at risk. Considering the challenges posed by data leaks, the implementation of this law is crucial. It will establish a regulatory framework that offers a cleaner environment for the transmission and processing of personal data.
Substantial penalties for non compliance/data privacy breach
The entirety of the act’s liability is placed upon the data fiduciary. The responsibility for implementing safeguards to ensure data protection also falls solely on the data fiduciary. Implementing the requirements should not pose a significant challenge for data fiduciaries, provided they approach it with seriousness and a willingness to comply. The Bill makes it obligatory to report breaches of the principles, regardless of whether the breach is categorized as a high-security breach or not. Entities will undoubtedly feel apprehensive about the substantial penalties, given their magnitude. Data fiduciaries have a responsibility to uphold reasonable security measures for personal data when processing such information. Failure to inform both the board and the principle in case of a data breach can lead to significant fines being imposed. Rather than waiting for the possibility of never being reported and taking on the associated risks, companies could proactively reach out to a wider customer base about the data leak. This approach would involve enhancing compliance efforts and demonstrating a commitment to addressing the issue.
Contents of the DPDP Act have been drawn heavily from EU’s GDPR
The Indian legislation has drawn significant inspiration from the EU’s General Data Protection Regulation (GDPR) and is built upon its framework. The authorities have analysed the real-world challenges that arose with GDPR and incorporated those insights into the crafting of this Bill. The primary objective is to ensure the responsible processing of personal data and establish robust data privacy rights for individuals. Both regulations emphasize the handling of personal data through consent, although there are specific scenarios where consent might not be obligatory. The Government has skilfully navigated the task by avoiding excessive amendments and appropriately identifying areas of overlap with other laws.
Ad-tech players could face challenges in accessing third-party data
It is believed that targeted advertising technology companies operating in this domain and relying on third-party data for tailored advertisements will encounter additional challenges. Since they don’t directly gather the data, using third-party data will demand heightened attention. Employing third-party data should make you more cautious, vigilant, and well-informed about the methods of data collection. Ensuring the integrity of the data used for crafting targeted advertisements becomes imperative to prevent any form of contamination. Well-established players involved in collecting, distributing, or selling data would undoubtedly need to swiftly adapt to the provisions of this new act. These programmatic ads. tech players could resort to either 1) Investing into their own database or 2) Recover the higher the costs from clients via higher pricing.
Broad based implementation – across small and large enterprises
Small businesses, lacking substantial resources to engage established players, are focusing on diligently ensuring proper compliance. They recognize that firsthand data collection is significantly preferable to relying on third-party data access. Bigger technology companies might be required to establish compliance requirements slightly ahead of smaller players and startups. The law takes a somewhat more lenient stance toward startups. It’s anticipated that there will be a window of around six to ten months before full implementation is expected.
Safety of consumers/children an added benefit apart from privacy
Companies operating multiple businesses might find common ground internally, where data exchange occurs among their various segments or units by following proper compliance. This aspect should be regarded as a protective measure for sharing information securely. In the case of large tech giants, they will have to adhere to the supplementary data requirements. These companies heavily rely on technology, so many of the obligations are likely already integrated into their operations. The introduction of this regulation could bring about a positive impact, leading to an enhanced safety net. Regarding children’s data, obtaining verifiable parental consent is a requisite. The act has established a mechanism for addressing grievances within its provisions. The composition of the board is explicitly outlined in the act.
The credit of this article goes to Elara Capital senior vice president- research analyst Karan Taurani.
Digital
Maharashtra partners OpenAI, Sarvam AI to boost state’s tech ecosystem
State to set up dedicated AI department and roll out frontier technology policies
MUMBAI: Maharashtra is set to become a primary hub for artificial intelligence following the 2026–27 Budget announcement. chief minister Devendra Fadnavis confirmed that the state has signed letters of intent with global giant OpenAI and national pioneer Sarvam AI to integrate advanced technology into the state’s economic and administrative framework.
The collaboration with OpenAI and Sarvam AI marks a shift towards adopting cutting-edge generative tools for governance. These partnerships, alongside MoUs with IIT Bombay and BharatGen, are designed to create a robust ecosystem for research and innovation. The move signals the state’s intent to bring together global technology leaders and domestic research institutions to accelerate the development and adoption of artificial intelligence across sectors.
Regarding the strategic intent of these alliances, chief minister Fadnavis stated, “With the objective of making the State’s Information Technology and Artificial Intelligence sector dynamic, letters of intent have been signed with globally and nationally reputed institutions like OpenAI and Sarvam AI to facilitate the Information Technology and Artificial Intelligence sector in the state.”
To manage these high-level partnerships and ensure effective implementation, the government is establishing an independent department of electronics, Information technology, and artificial intelligence. The new department will function with a dedicated commissionerate and specialised technical manpower, enabling faster decision-making, improved coordination, and stronger accountability in executing technology-driven initiatives.
The state also plans to introduce special policies aimed at strengthening its position in emerging technology sectors. These policies will focus on advancing Maharashtra as a global hub for frontier technologies such as artificial intelligence, quantum computing, drones, autonomous vehicles, and deep technology.
According to the chief minister, “The state government plans to introduce special policies to develop Maharashtra as a world-class hub for frontier technologies such as Artificial Intelligence, quantum computing, drones, autonomous vehicles and deep technology.”
Artificial intelligence is already being integrated into the state’s governance framework. A collaboration with Microsoft has led to the development of MahaCrimeOS AI, a platform that has reportedly reduced police investigation times by 80 per cent across 23 police stations in Nagpur. The initiative demonstrates how AI-driven tools can significantly enhance law enforcement efficiency and data analysis capabilities.
The government is also working toward building a fully digitised administrative ecosystem. Plans are underway to achieve complete digitisation of land transactions and implement electronic office systems across departments, paving the way for a paperless government. In addition, a pilot project will introduce AI-powered solutions in 75 selected villages to improve infrastructure, governance efficiency, and overall quality of life in rural areas.
To strengthen digital infrastructure and data protection, the state also intends to establish an advanced data centre in Nagpur. This facility will be designed to safeguard sensitive and sovereign information while supporting large-scale digital services and government platforms.
These initiatives form part of Maharashtra’s broader cyber security and digital transformation strategy aligned with the Viksit Maharashtra 2047 vision. By partnering with global and domestic technology leaders such as OpenAI and Sarvam AI, the state aims to build a secure, future-ready digital ecosystem that enhances citizen services, supports innovation, and strengthens India’s position in emerging technologies.
