The committee has left it to the government to define which kind of personal data can be qualified as “critical” which will have to be stored only in India. The issue of data localisation, which has already created wide rifts within the country’s businesses, could mean huge business growth for companies such as Microsoft, Amazon Web Services and Google which have established servers in India and have been aggressively expanding operations.
Companies such as Bharti Airtel and Reliance Jio Infocomm are also said to be aggressively entering the data center space.
Impact on startup ecosystem
The mandate could, however, prove detrimental to the country’s startup and innovation ecosystem since smaller companies or foreign application providers may not be able to afford the additional costs and compliance burden, say experts. There are also fears of backlash from the country’s IT industry.
The contentious issue has attracted a note of dissent from one of the committee members, Rama Vedashree, CEO, Data Security Council of India, who called the approach not only “regressive” but against the “fundamental tenets” of our liberal economy.
“The committee report in chapter 6 projects localisation as a tool for domestic market development. This narrative seems fuelled by unfounded apprehensions and assumptions, rather than evidence and reasoning. We as a country and industry have been advocating the imperative of free flow of data and talent across borders…,” she said, calling it the foundation of the $167-billion ITBPM industry.
The industry has also criticised the move. Venkatesh Krishnamoorthy, country manager India at Business Software Alliance, said data localisation requirements were contrary to the goals of promoting a Digital India, as global data transfers were critical to cloud computing and data analytics. “BSA recommends that India’s Personal Data Protection Bill avoid imposing undue restrictions on the ability to securely transfer personal data outside of India.”
Earlier this year, the Reserve Bank of India told payment firms to store data of all Indians within the country. The move has been criticised by most American payment firms, leading to massive lobbying with the government for the withdrawal or softening of it, even as homegrown firms such as Paytm and Flipkart-owned PhonePe have supported it.
An expert who did not wish to be identified said the committee’s decision to leave the definition of critical personal data to the government had put tremendous obligation on the authorities. “The government will have to continuously think which data sets have to be defined, so what was the Committee trying to facilitate.”
In an interview to ET, justice BN Srikrishna said the committee left the decision to the government since issues concerning data transfer had to be dealt with an international instrument, which could be done only by the executive not even by the legislature.
“That is why we have kept it open for the government to take a call on a case-to-case basis,” he said. The committee chairman said sectoral regulators such as those for health could take the call on which data should be qualified as critical. “There were extreme views on the issue even in the committee,” he said.
“This Bill provides a strong foundation of protection for Indians’ privacy, but it is not without loopholes — in particular, the requirement to store a copy of all personal data within India, creating broad permissions for government use of data, and the independence of the regulator’s adjudicatory authority,” said Amba Kak, policy adviser in India for Mozilla, the maker of open source browser Firefox.
thanks you RSS link