Indian Draft Data Protection Bill: Data Localisation Mandate Unnecessary & Harmful, Says EU

Indian Draft Data Protection Bill: Data Localisation Mandate Unnecessary & Harmful, Says EU

SUMMARY

European Commission has listed seven reservations on the draft Indian Data Protection Bill

The data localisation requirements appear unnecessary- EC's Bruno Gencarelli

Gencarelli hints that the bill could have negative consequences for businesses and politics alike.

The European Union (EU) has expressed reservations about the draft Personal Data Protection bill 2018 that is currently being proposed by the Indian government.

The bill, which calls for data localisation, is being described as India’s very own General Data Protection Regulation (GDPR) — an EU framework of data protection norms that went live in May.

In an online submission to the Ministry of Electronics and Information Technology (MeitY), Bruno Gencarelli, who serves as the head of the International Data Flows and Protection Unit at the European Commission (EC), listed seven detailed reservations about the draft bill. The submission, dated September 29, came a day before MeitY’s deadline for feedback submissions on the bill.

Gencarelli, who has played an important role in the roll out of the GDPR, expressed concern over the provisions in the draft Bill that leave it to the discretion of the central government or the Data Protection Authority (DPA) to decide on key matters rather than dealing with them in the Bill itself, which could create some uncertainties.

The other provision that drew detailed criticism from the EC is one that mandates every data fiduciary (a person, state, company, or any entity that decides why data should be processed and how it should be processed) ensure storage of at least one copy of a user’s personal data on a server or data centre located in India.

These data localisation requirements appear both unnecessary and potentially harmful as they would create unnecessary costs, difficulties, and uncertainties that could hamper business and investments. — Bruno Gencarelli, EC

He was referring to the costs for companies — in particular, foreign ones – for setting up additional processing/storage facilities in India.

“If implemented, this kind of provision would also likely hinder data transfers… contrary to what is sometimes suggested, India’s striving tech industry does not need this type of forced-localisation measures,” wrote Gencarelli.

Gencarelli also wrote if the draft bill in its current form were to be finalised, it would not only have far-reaching negative consequences for businesses but on politics as well.

Such measures might deter foreign investments in India and would also likely hinder data transfers and complicate the facilitation of commercial exchanges in the context of EU-India bilateral negotiations on a possible free trade agreement, Gencarelli added.

He offered an alternative solution to this provision and acknowledged that the EU too is preparing a legislation to enable law enforcement authorities to obtain (legitimate) access to electronic evidence, irrespective of whether it is stored in the EU or not.

The ideal solution might actually be a multilateral arrangement allowing for mutual access to data — Bruno Gencarelli, EC

Data Protection The Need Of The Hour

Governments across the world are drafting and implementing laws around the flow of data. Countries such as Japan, Korea, and New Zealand have already passed data protection laws based on the principle of data localisation. Meanwhile, in Latin America, Brazil passed its own law in August this year while Chile recently announced the setting up of an independent data protection authority; Argentina is currently reforming its privacy legislation.

After the Facebook-Cambridge Analytica scandal, regulators around the world are looking for ways to be more proactive than reactive to the power of data. With very little precedent in terms of policy and laws, this has led to increased tensions between governments and tech companies.

In July end, a high-level panel headed by Justice B N Srikrishna submitted its recommendations and the draft Personal Data Protection Bill 2018 to IT minister Ravi Shankar Prasad. Since then, the Indian government has faced a backlash from members of the business community and associations such as the Internet and Mobile Association of India, NASSCOM, and ecommerce companies like Amazon and Walmart over the provisions of the draft Bill.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
Unlock 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
Unlock 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Indian Draft Data Protection Bill: Data Localisation Mandate Unnecessary & Harmful, Says EU-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Indian Draft Data Protection Bill: Data Localisation Mandate Unnecessary & Harmful, Says EU-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Indian Draft Data Protection Bill: Data Localisation Mandate Unnecessary & Harmful, Says EU-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Indian Draft Data Protection Bill: Data Localisation Mandate Unnecessary & Harmful, Says EU-Inc42 Media
Indian Draft Data Protection Bill: Data Localisation Mandate Unnecessary & Harmful, Says EU-Inc42 Media
You’re in Good company