IAMAI Urges Exemption for AI Firms from Key Data Privacy Rules

India’s leading digital industry body, the Internet and Mobile Association of India (IAMAI), has formally requested the central government to exempt artificial intelligence firms from certain provisions of the Digital Personal Data Protection Act, 2023 (DPDP Act). The appeal centres on the use of publicly available personal data for training and fine-tuning AI models, a practice IAMAI says is being hampered by current legal requirements. Under the DPDP Act, companies must verify whether personal data was voluntarily shared by individuals before processing it. IAMAI argues that this is impractical for AI developers working with large datasets, especially when the data has been reshared or republished without the original user’s consent. For example, personal information posted to fulfil a legal obligation may later appear on public platforms, making it difficult to trace the original intent or consent. In its submission to the Ministry of Electronics and Information Technology (MeitY), IAMAI proposed an interim exemption for data fiduciaries that process personal data solely for AI model development. The association warned that without such relief, compliance costs could soar, innovation could slow, and smaller firms, particularly startups, could be disproportionately affected. IAMAI emphasised that its request is not a call to weaken privacy protections but to address ambiguities in the law that create operational hurdles. It stressed the need for clarity and flexibility in applying the DPDP Act to emerging technologies like AI, which rely heavily on large-scale data inputs. The DPDP Act, enacted in 2023, is India’s first comprehensive data privacy law. It aims to balance individual rights with lawful data processing and holds data fiduciaries accountable for breaches. It also mandates technical and organisational safeguards to protect personal information. IAMAI’s proposal has sparked debate among privacy advocates, some of whom caution against diluting protections for the sake of convenience. Others argue that a nuanced approach is necessary to ensure India remains competitive in the global AI landscape.    

📰 Mini Headlines

💳 NPCI and Digital Payment Firms Seek Pause on Consent Clause 

Major digital payment platforms like Google Pay, PhonePe, Amazon Pay, and the National Payments Corporation of India (NPCI) have requested a pause on the DPDP Act’s consent clause. They argue that requiring user consent for every transaction, including recurring payments, would increase costs and disrupt workflows. Smaller firms may struggle to comply, potentially hindering innovation. The industry seeks a temporary exemption under Section 17(5) of the Act to develop alternative solutions that balance privacy with operational feasibility. Digital payment  

Read More →   https://www.msn.com/en-in/money/news/data-privacy-law-digital-payment-companies-npci-seek-pause-on-consent-clause/ar-AA1JUfnc   

🗺️ Instagram’s Map Feature Sparks Privacy Concerns 

Instagram’s new Map feature, which shows users’ locations based on geotagged posts and app activity, has raised privacy concerns. Though Meta claims the feature is opt-in and customizable, critics, including influencers and lawmakers, warn it could expose users to stalking or harassment. Some users report seeing their posts on the map despite opting out of live location sharing. The backlash highlights ongoing tensions between social connectivity and digital safety, especially for teens and vulnerable groups.   Digital Safety Read More →  https://www.nbcnews.com/tech/tech-news/instagram-maps-feature-raises-privacy-concerns-some-users-rcna223706   

🔏Australia Sues Optus Over 2022 Data Breach 

Australia’s privacy regulator has filed a lawsuit against telecom giant Optus over a 2022 data breach that exposed personal information of nearly 10 million customers. The Office of the Australian Information Commissioner alleges that Optus failed to take reasonable steps to protect user data, violating the country’s Privacy Act. The breach included passport numbers, driver’s licenses, and Medicare details. The case marks one of the most significant legal actions in Australia’s data protection history. Data Breach Read More →   https://www.reuters.com/business/media-telecom/australias-privacy-regulator-sues-optus-over-2022-data-breach-2025-08-08/     

📅 New Zealand Introduces the Biometric Processing Privacy Code 

New Zealand has enacted the Biometric Processing Privacy Code under its Privacy Act 2020 to regulate biometric data use. Effective from 3 November 2025, the law mandates transparency, proportionality, safeguards, and use limits for biometric data like facial scans and fingerprints. Exceptions include health services and national security agencies. The code aims to address rising global concerns over biometric privacy, aligning New Zealand with international standards like the EU’s GDPR.  Privacy Code Read More →   https://iclg.com/news/22931-new-zealand-steps-up-biometric-data-regulation