Under the Digital Personal Data Protection (DPDP) Rules, 2025, the government has formally activated the Data Protection Board of India (DPBI), a body that will now handle breach inquiries, issue directions, and impose penalties. However, most compliance obligations for companies will only come into force over the next one to one-and-a-half years. This timing gap raises a basic question about what the Board should actually do first, and how it can establish credibility when it cannot shape standards or conduct consultations the way traditional regulators do.
“The DPBI needs one meaningful case and one well-reasoned order to show that it can function as an adjudicatory body,” Alok Prasanna Kumar, co-founder of the Vidhi Centre for Legal Policy, told MediaNama. He added that the law gives the Board very limited tools, which makes this early test even more important.
“Lessons from Telecom Regulatory Authority of India (TRAI) are not easily transplantable,” said Khushi Singh, Research Fellow at TrustBridge, a policy think tank that works on technology governance. She stated that while TRAI is a regulatory and standard-setting body, the DPBI is designed essentially as an adjudicatory and enforcement body. Still, Singh noted that “even an adjudicatory body like the DPBI can meaningfully use consultations when developing procedures, enforcement policies, and soft law such as guidelines.” She emphasised that maintaining transparency and accessibility remains essential.
These concerns shape the core question: what should India’s new data protection body prioritise at a moment when it has powers but not yet the ecosystem or processes to use them effectively?
What the DPBI is expected to do right now
The DPDP Act gives the Board adjudicatory powers with narrow boundaries. It can receive complaints, examine breach reports, call for information, issue directions, and impose penalties. It cannot write subordinate legislation, define technical standards, or run public consultations. Unlike the TRAI, which shaped the telecom ecosystem through extensive rule-making and transparent consultations, the DPBI begins without that mandate.
This difference matters because TRAI built trust partly by showing how it reasoned. It explained draft regulations, published stakeholder comments, and released consultation papers that helped users and companies understand its approach to complex issues. The DPBI cannot follow that model. Its path to legitimacy will depend entirely on how clearly, quickly, and publicly it handles individual cases.
Kumar described this as a structural choice rather than a design flaw. He noted that the Board’s independence is limited by how its members are appointed, the short two-year tenure, and the absence of an independent fund.
The practical outcome is that the Board must earn credibility through action, not architecture.
Why one strong case outcome matters most
Since the Board cannot shape…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
