Ministry of Electronics and Information Technology (MeitY) has sent a letter to a select stakeholders seeking further clarifications on their earlier feedback to the draft personal data protection bill, according to a media report which cited joint secretary of MeitY, S. Gopalakrishnan.
In this second round of consultation, the questions put forward by the government reportedly include issues such as the power and scope of the Data Protection Authority, whether storage of personal data should also be mandated in India, can non-personal data such as data from ecommerce sites, community data be made freely accessible to all, and whether the internet companies been adequately regulated in the bill and more.
The government has reportedly sought responses from these stakeholders by August 25, 2019.
Indian government has also been mulling over a data protection bill for the last one year. The The Draft Personal Data Protection Bill 2018 had defined personal data as any data of a natural person which allows direct or indirect identifiability.
Further, sensitive personal data has been defined as financial data, biometric data, positive additions such as religious and political beliefs, caste, intersex/transgender status, and official government identifiers like PAN etc.
To ensure that Indian are not being affected by any global data breach, the government had proposed data localisation mandate in the bill. It also proposed that one copy of all personal data to which the law applies are to be kept in a server within India.
Further, certain categories of data, which are to be specified by the government as critical personal data are to be stored in India alone. At the same time, requirements for cross-border transfer of data are also imposed.
The bill had been opened for public consultations before and had received around 600 responses from a diverse set of stakeholders.
The bill has also received negative reactions from international governments and state government bodies.
In May, the US government criticised both India’s data localisation proposals, claiming that certain policy proposals are discriminatory and trade distortive.
Similarly, the Telangana state government also raised concerns about the bill and said, the implementation of certain clauses, especially the one on data localisation, has the potential to isolate Indian startups and hurt investments in the state and the country.
Further, an association including the United States Chamber of Commerce, United States-India Business Council (USIBC), the Japan Electronics and Information Technology Industries Association (JEITA) and DIGITAL EUROPE had written to Prasad saying that the bill will dampen the abilities of global technology companies to continue its business in India. They noted that data localisation would raise the company’s costs by 30-60% and will also not help guarantee data security.