Priyanka Tiwari
Share
Rob Sherman, Meta’s Vice President of Policy and Deputy Chief Privacy Officer, reflects on India’s long journey toward implementing a comprehensive data protection law. He recalls working on earlier drafts of such regulations when he joined Meta over a decade ago. Now, with the Digital Personal Data Protection Act (DPDP Act) enacted and rules pending release, Meta is closely monitoring developments that will impact its operations in India.
Balanced Approach Praised, but Uncertainties Remain
Sherman described India’s approach to regulating data as pragmatic, particularly in its goal to balance user empowerment and innovation. He noted India's unique method of scaling laws to suit a population exceeding a billion people.
However, he also pointed out that certain provisions remain unclear—especially those involving personalization restrictions for minors, cross-border data transfers, and responsibilities of significant data fiduciaries.
Profiling Restrictions for Teens: A Challenge for Safety
A key issue for Meta is the DPDP Act's restriction on profiling users under 18. Sherman explained that services like Facebook and Instagram depend on personalization to deliver relevant content and ensure safety. A complete restriction on behavioral analysis for teens could hinder these core functions, including safety monitoring.
He emphasized the need for explicit allowances in the law that would permit responsible personalization practices aligned with user safety goals.
Age Verification: Streamlining Responsibility
Regarding age verification and parental consent, Sherman highlighted the need for clarity in the final rules. He proposed a more efficient system where operating systems or app stores handle age restrictions, allowing consistency across applications. He referenced encouraging signals from Apple but noted it’s still early in those discussions.
Cross-Border Data Transfers: Industry Awaits Clarity
The Indian government’s clause allowing it to restrict data transfers to specific countries has caused concern in the tech sector. While the law doesn’t mandate complete data localization, Sherman stressed that overly strict limitations could hinder international communication, commerce, and global service use.
He expressed hope that the intent is to limit data restrictions to sensitive areas such as payments or national security, rather than broad application across all data types.
Significant Data Fiduciaries: Meta’s Preparedness and Concerns
As a likely designated significant data fiduciary, Meta is prepared for added compliance responsibilities. Sherman said the company already conducts Data Protection Impact Assessments (DPIAs) and maintains a comprehensive privacy review process.
Still, he warned against unrealistic expectations regarding algorithmic accountability, noting the challenges in monitoring every use case of open-source models.
Emerging Technologies: Consent Provisions and Innovation
Sherman also addressed how consent-related clauses in the DPDP Act could affect new technologies such as Meta’s AI model Llama 4 and Ray-Ban smart glasses. These products use vast amounts of publicly available data, and Sherman emphasized that how India defines exceptions for such data will directly influence Meta’s ability to innovate in the region.
As an example, he shared that Meta’s smart glasses include privacy features that remove identifiable data, like name tags, before processing—a move aimed at ensuring user privacy by design.
Looking Ahead: Waiting for Regulatory Direction
With India playing a key role in Meta’s future across AI, wearables, and the metaverse, the company is seeking regulatory clarity before expanding its initiatives. Sherman reiterated Meta's commitment to operating legally and responsibly in India’s evolving data environment.
“We’re excited about the future here,” Sherman said, “but we’re also watching closely to make sure we can operate responsibly—and legally—within India’s evolving data ecosystem.”
Read More: Goodbye Range Anxiety? Yamaha’s New Scooter Promises 160 km on a Single Charge
