| | | Good morning! Since our previous conversation, something important has begun to brew. India’s Digital Personal Data Protection (DPDP) regulations are beginning to take shape. For now, the draft is ready and that’s the cue for stakeholders to send in their feedback. I’ll simplify the realms of text in terms of how this will likely impact you, with key takeaways from the DPDP as it stands (and some questions that arise, inevitably). There are clear definitions for Data Principals and Data Fiduciaries. The former identifies individuals whose data is being processed and latter are entities processing this collected data. The core issue that these guidelines attempt to tackle, is that of data collection, handling and legitimacy of purpose. There must be transparency, reasonable security safeguards, a period of data storage and a grievance mechanism (which is often missing, among other laxities in this chain).  | | “Data Fiduciaries processing data within India or in connection with offering goods or services to Data Principals from outside India must comply with any requirements the Central Government sets in respect of making such personal data available to a foreign State or its entities,” state the guidelines. This will be applicable to multi-national corporations, but how specifically will this affect banking entities and streaming platforms, remains to be seen. | | | | The seventh schedule makes it clear that data fiduciaries or intermediaries must provide data to the central government, for specific purposes mentioned in the seventh schedule —“in the interest of sovereignty and integrity of India or security of the State”, “Performance of any function under any law for the time being in force in India”, and “Disclosure of any information for fulfilling any obligation under any law for the time being in force in India”. | | | | Data handling for accounts of children and individuals below the age of 18 years, will be governed by a new collective of guidelines too. | | | | Any data collected for a child’s online account must have verifiable parental consent—if that isn’t secured, any and all data for a child cannot be processed. The draft suggests that in case a child wants to create a separate account on any app or platform where a parent already has an account, the latter’s account can be used to generate consent for creating a child account. This will be valid for all online platforms, including social media apps. | | | | In case a parent doesn’t have an account on that platform, they must use “an entity entrusted by law or the Central Government or a State Government”—we’re pretty much looking at Aadhaar validation via OTP or allowing access to DigiLocker, for the purpose of verifying parental consent. | | | | Certain entities do not fall within the purview of the guidelines mandating parental consent for child accounts elsewhere. There are of course certain restrictions within which these institutions can collect and use a child’s data. Schools, for instance, can use the data to track a student’s educational progress, behavioral trajectory and any interest of safety. Health institutes can collect and use a child’s health data only, if they are extending services to a child. | | | REACTIONS In the immediacy of the draft Digital Personal Data Protection Rules 2025 being announced, HT spoke with experts to understand their perspective on the structure as it stands. All indications point to the fact, there’s work to be done with fine-tuning the rules before they are finalised. Experts make it clear, there’s work to be done. “We foresee that businesses will face some complex challenges in managing consent as it forms the heart of the law. Maintaining consent artefacts and offering the option to withdraw consent for specific purposes could necessitate changes at the design and architecture level of applications and platforms. Further, organizations will need to invest in both technical infrastructure and processes to meet these requirements effectively” - Mayuran Palanisamy, Partner, Deloitte India “We look forward to engaging in a constructive and meaningful consultative process with the government to ensure the rules achieve their intended purpose effectively. While the draft rules are a positive move, we believe there is an opportunity to further enhance operational clarity in certain areas, and we are confident that these discussions will lead to a balanced and practical regulatory framework” - Shahana Chatterji, Partner, Shardul Amarchand Mangaldas & Co. “The draft rules offer limited guidance on how children will be identified for the purpose of seeking verifiable parental consent from their parents or guardians. It seems the approach might rely on self-declaration by users. This could potentially lead to broader processing of parental or guardian data, which raises interesting considerations regarding the scale and scope of such data collection” - Shreya Suri, Partner, IndusLaw “These rules call on organizations to take privacy seriously, emphasizing the importance of seeking consent through a detailed Notice that must include an itemized description of the purposes and the personal data being processed, among other details, ensuring that data principals are equipped with clear and comprehensive information” - Ashok Hariharan, CEO and Co-founder of IDfy “The draft rules signify a pivotal step in safeguarding the personal data of children and persons with disabilities. By requiring verifiable parental consent before processing such data, the Act and the draft rules aim to establish a higher standard of accountability for businesses. For businesses, this shift will demand investments in technology, operational diligence, and collaboration with trusted verification entities like Digital Locker service providers” - Supratim Chakraborty, Partner, Khaitan & Co “The DPDP Rules provide much needed clarity on a number of practical aspects relating to compliance with the DPDP Act and add colour on requirements relating to children’s data and the manner of obtaining verifiable parental consent. However, certain aspects of the DPDP Rules are concerning. For example, they enable the Government to impose data localisation obligations on significant data fiduciaries and controllers - which may be challenging to implement” - Probir Roy Chowdhury, Partner, JSA, Advocates & Solicitors “By introducing stringent regulations for data collection, processing, and storage, the DPDPA Rules 2025 aim to strike a balance between technological progress and the right to privacy. The act mandates transparency from data handlers, enforces consent-driven data usage, and imposes substantial penalties for data breaches and non-compliance” - Jaspreet Singh, Partner, Grant Thornton Bharat | | EXTRAVAGANZA It is that time of the year again. That time, when we must look forward. The CES, or the Consumer Electronics Show shindig in Las Vegas often talks about tech and concepts that’d never make it to the real world, but there are those moments which give us a fair glimpse at the stuff that matters (or will matter in the months ahead). The first couple of days of CES 2025 have been an absolute blur. In my observation, some announcements stand out more than others. Allow me to run you through these, and why they will matter in the months to come.  CES 2025: From Nvidia Cosmos to Qualcomm Snapdragon Cockpit, AI is making a case Nvidia’s human-esque AI: Nvidia gave us a first look at Cosmos, which it says is “the world’s first world foundation model.” It basically defines AI models that try to imbibe how humans make mental models of the world around them, to similarly predict and generate “physics-aware” videos. Developers can already access Cosmos Nano, Super and Ultra models. Multiple models in play, ranging in size from 4 billion to 14 billion parameters. Robotics and autonomous motoring are seen as the core areas of relevance. “The ChatGPT moment for robotics is coming. Like large language models, world foundation models are fundamental to advancing robot and AV development, yet not all developers have the expertise and resources to train their own. We created Cosmos to democratize physical AI and put general robotics in reach of every developer,” explained Jensen Huang, founder and CEO of NVIDIA, during the keynote.  HP’s “next-gen AI PC” line-up: HP’s impressive width of the refresh for its 2025 portfolio includes the EliteBook Ultra G1i, EliteBook X Flip G1i and the Omen 16 laptops, the former two for business and the latter in prime position to appeal to gamers. As impressive as they may be, in my book, it is the AMD Ryzen powered HP Z2 Mini G1a mini workstation that perhaps represents the biggest forward leap. The ZE Mini G1a is powered by an AMD Ryzen AI Max PRO processor, with scalable 128GB of innovative unified memory architecture that can allocate up to 96 GB exclusively for the GPU. This potentially gives it the sort of performance for graphics-intensive workflows, that similar form factors haven't been able to achieve till now (barring perhaps the Apple Mac Mini, in some configurations). Oh, the power supply is internal too, within this sleek design.  Qualcomm’s PC focus: After an impressive start with the Snapdragon X Elite and the Snapdragon X Plus, it is now the turn of the Snapdragon X to join the family of chips meant for Windows laptops. Qualcomm’s played its cards smartly, having showcased performance capabilities till now, and now shifts focus to relevance for PC makers with a more affordable chip. The entry-spec Snapdragon X is expected to spawn a new line of $600 (around Rs 50,000) Qualcomm-powered laptops, as well as the first of their kind mini desktop PCs. HP, Asus and Acer are already on board.  Pressure on Intel and AMD: With Qualcomm certainly adding to the long list of reasons for the sleepless nights, Intel really needs 2025 to go well for them. Hopes are resting on the Core Ultra (Series 2) chips, and perhaps a pitch of “over 400 AI features” would convince PC makers. AMD has left no cards on the table after announcing the AI focused Ryzen 9 9950X3D chip for powerful PCs, the Ryzen AI 300 series and Ryzen AI Max series for AI PCs, while the Ryzen Z2 Go and Ryzen Z2 Extreme will makes a case for handheld form factors such as an Asus ROG Ally.  Samsung and LG’s AI TV vision: LG’s 2025 OLED TVs bring an ‘AI remote’ which can understand individual voices for customized content recommendations, a chatbot for searching content and even Microsoft Copilot integrated for good measure. Samsung’s 2025 TVs have Vision AI, including something called Click to Search (a smart spin-off from Circle to Search on phones) to identify places, products and more on screen. There’s a food identification mode to generate recipes in case you’re in the mood to experiment with cooking, live translate and generative wallpapers. Are LG and Samsung getting ahead of themselves? | | | | | | Were you forwarded this email? Did you stumble upon it online? Sign up here. | | Written and edited by Vishal Shanker Mathur. Produced by Md Shad Hasnain. | | | | | | | Get the Hindustan Times app and read premium stories | | | | | | View in Browser | Privacy Policy | Contact us You received this email because you signed up for HT Newsletters or because it is included in your subscription. Copyright © HT Digital Streams. All Rights Reserved | | | | |
