By Hemavathy M N | New Delhi Chronicle
NEW DELHI — As India prepares for the full-scale implementation of the Digital Personal Data Protection (DPDP) Act, a significant majority of the nation’s business ecosystem is sounding the alarm over the financial implications of the new regime. According to a comprehensive survey released by the Esya Centre, a leading technology policy think tank, 85% of Indian businesses have expressed deep-seated fears regarding the escalating costs associated with data verification.
The study, which gathered insights from 300 firms across Tier-1 and Tier-2 cities, highlights a growing anxiety within the private sector—particularly among those in the IT and IT-enabled services (ITeS) sectors—regarding the operational hurdles of the 2023 legislation.
The 10% Turnover Threshold
The most striking finding of the report is the projected impact on corporate bottom lines. Nearly 30% of the surveyed firms anticipate that the costs of compliance and data verification will exceed 10% of their annual turnover. For many startups and MSMEs, such a shift in expenditure could potentially disrupt routine but essential business operations, including security updates and the marketing of new products.
Business leaders are particularly concerned that the mandate for rigorous data verification will create a financial bottleneck, stifling innovation in an economy that is increasingly reliant on digital agility.
Verification: “Difficult to Impossible”
The DPDP Act’s requirements for verifying publicly available personal data have emerged as a primary pain point. The survey reveals that 80% of companies find the verification process “difficult,” while the remaining 20% categorize it as “practically impossible.”
This friction is creating a “privacy paradox” for tech firms. While the Act aims to protect user data, the requirement to verify identity or consent often necessitates the collection of more data, complicating the very privacy goals the legislation intends to achieve.
Threat to India’s Sovereign AI Ambitions
The survey also underscores a potential roadblock for India’s artificial intelligence (AI) aspirations. Approximately 75% of firms currently training AI models rely heavily on publicly available personal data.
While Section 3(c)(ii) of the Act provides certain exemptions for data made public by users themselves, the ambiguity surrounding these provisions has left developers on edge. The Esya Centre notes that if the verification of this data becomes too cost-prohibitive, it could significantly hamper India’s progress in building sovereign AI models.
A Gap in Regulatory Awareness
Beyond the financial burden, the report points toward a massive awareness gap. A staggering 62% of respondents were found to be unaware of the significance of Section 7 of the Act.
Unlike international frameworks like the GDPR, India’s DPDP Act excludes “legitimate interest” and “contractual necessity” as grounds for processing data without explicit consent. This exclusion means businesses must navigate a more rigid consent-based framework, a nuance that a majority of Indian firms have yet to fully grasp.
As the government moves toward notifying the final rules of the DPDP Act, the industry is calling for a balanced approach that ensures data sovereignty without crippling the financial viability of India’s burgeoning digital economy.
About the Author: Hemavathy M N is a senior Editor for the New Delhi Chronicle, covering the intersection of technology, law, and the Indian economy.
