IndusLaw Panel Raises Concerns Over DPDP Rules and Impact on Innovation
A recent Induslaw panel discussion hosted by IndusLaw focused on the proposed Digital Personal Data Protection (DPDP) Rules, 2025. Experts shared concerns about parts of the draft rules, including parental consent and data localisation. They believe these could create challenges for innovation, especially for startups and small businesses (MSMEs).
The panel included legal professionals, policy experts, and industry leaders. They discussed how the DPDP rules might affect India’s digital economy. Many argued the current version may discourage investment and confuse digital-first companies. They warned it could place extra pressure on small businesses. The panel called for simpler, risk-based regulations that support innovation while protecting users’ data.
One major concern was implementing rules on verifiable parental consent and data localisation. For example, storing all personal data in India may restrict AI and tech growth. These fields often rely on international data. Speakers also noted the lack of flexible legal options, unlike Europe’s GDPR, could hurt Indian businesses.
The discussion also covered how the rules might affect children’s content online. Meghna Bal from the Esya Centre shared that most children prefer personalised content. Many rely on targeted ads to discover educational and entertainment products. She warned that removing personalisation could reduce engagement and disrupt children’s routines.
Nirupama Soundararajan, CEO of the Policy Consensus Centre, said uniform rules hurt small businesses the most. She suggested tailoring rules based on risk levels, which would reduce the burden on MSMEs.
Kamesh Shekar from The Dialogue said strict localisation rules could block AI training. These models need global data to improve. He stressed the need for legal flexibility so businesses can handle data without rigid limits.
Speakers also raised concerns about Rule 10. It only allows two age verification methods, which may exclude some platforms. They also questioned the full ban on behavioural ads for minors, which doesn’t reflect real internet use by children.
Experts urged the use of privacy tools that build safety into digital design. As AI rises, traditional consent may fall short. They said new methods should protect data and still support innovation.
Many supported sector-specific regulation like in the U.S. Instead of one-size-fits-all, tailored rules would better address unique industry needs. Different sectors face different risks and challenges.
The panel ended by stressing the need for balance. While user rights must be protected, the rules should also support India’s tech and AI goals.
IndusLaw hosted the event, titled “Digital Personal Data Act,” after the Ministry released the draft on January 3, 2025. Public feedback was accepted until February 18, later extended to March 5, 2025.