Data Localisation, Sharing Norms Will Harm Biz, Say Stakeholders

The approval of the Personal Data Protection (PDP) Bill, which aims at ensuring the protection of personal data and sensitive personal data, has garnered a lot of praise as well as criticism. To understand the challenges which this bill poses, LocalCircles, a community social media platform, conducted a survey to understand how startups and small and medium businesses (SMBs) took the drafted provisions.

The LocalCircles’ survey, which was participated by around 4,923 startups and SMBs, noted that 45% of respondents oppose the government’s right to seek anonymised data of their customers and suppliers. Interestingly, the same proportion of respondents were in favour of these norms laid out in the PDP Bill. Around 10% of these respondents were unsure about this provision.

What Are The Problems Associated With PDP Bill

As per the norms laid out in the bill, all companies should store their data on local servers in India. LocalCircles, in the survey, highlighted that Indian startups, which shift their base out of India because of the dearth of resources in the country, should be allowed to share aggregate data with their overseas entities.

Similarly, foreign companies, which acquire Indian startups and plans to go global, should also be allowed to use aggregate data, the survey added.

For sharing aggregate data with authorities, the respondents of the survey said that the government should only ask for this information in case of an investigation, breach of laws, or enforcement situations. In cases of routine matters, the government agencies should get access neither to aggregate data nor to the algorithms used by a business as it can be misused or compromised, the respondents added.

As startups spend a significant amount of resources to collect data and it is one of the core value propositions, they believe that sharing of this information can put all their efforts at risk.

Moreover, the startups, which are comfortable with sharing aggregate data of their users, said that they will only comply with the norms if they are able to get the consent of their customers and partners. However, it is in violation of their terms and conditions with the existing customers, the startups added.

Stakeholders Raising Voice Against PDP Bill

This is not the first time when someone has raised its voices against the set norms in the PDP Bill. Last month, the Internet and Mobile Association of India (IAMAI) shared its concerns about the PDP Bill. IAMAI had said that some of the norms of the bill can be restrictive for service providers and enterprises and may not be inclined towards India’s target of a $1 Tn digital economy by 2024.

Highlighting the concerns about the bill, Justice BN Srikrishna, who led the panel which formulated the personal data protection framework, noted that this bill is unconstitutional as it overrides all other laws in the country.

A group of about 50 fintech companies, in September 2019, had reached out to the Ministry of Electronics and Information Technology (MeitY) seeking easy access to personal data which helps them in extending loans to consumers.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.