Post announcement of the cabinet and state ministers, Telecom and IT minister Ravi Shankar Prasad said that for this term, now he will focus mainly on taking data protection bill to the Parliament and also notify the proposed amendments to the intermediary guidelines.
Prasad who was elected as the new minister for telecommunications in the second term of the Modi-led government and he also retained his ministerial position at IT and law ministries.
“I am very grateful to the PM for entrusting me once again with such responsibility. In IT, we will try to quickly get the data protection bill to the Parliament and also, notifying the intermediary guidelines,” ET quoted Prasad as saying.
He also added that, in the telecom space, he needs to ascertain the status of the sector before coming up with the action plan. His priority work in this space will be developing the industry laying the ground for deploying 5G technology in India. He would also consider reviving of BSNL and MTNL.
The NDA government has been gearing up for its second term after being re-elected during the Lok Sabha 2019 polls. It had taken and various initiatives and plans which were on the making. Now, the central government may look to implement them in their second run.
What Does The Data Protection Bill Entail?
Justice BN Srikrishna Committee report on the draft Personal Data Protection Bill 2018 was finally submitted to the minister of law and justice, Ravi Shankar Prasad, on July 27. The bill was also made public to seek stakeholders comments.
The bill gives new definitions of “personal data” and “sensitive personal data”. It defines personal data as any data of a natural person which allows direct or indirect identifiability. Sensitive personal data has been defined as financial data, biometric data, positive additions such as religious and political beliefs, caste, intersex/transgender status, and official government identifiers like PAN etc.
The draft data protection bill is geared towards protecting the data of Indian users. In order to ensure that Indians were not being affected during any global data breach, the government had proposed data localisation mandate.
Under this, the data localisation rules to be imposed under Section 40 emphasise that one copy of all personal data to which the law applies are to be kept in a server within India. Further, certain categories of data, which are to be specified by the government as critical personal data are to be stored in India alone. At the same time, requirements for cross-border transfer of data are also imposed.
Under Section 32 of the data protection bill, data breach notifications have to be made to the Data Protection Authority of India (DPA) only if the breach is likely to cause ‘harm’ to the data principal.
Data Protection Bill Impacts Indian Startup Ecosystem
The bill has received mixed reaction from the stakeholders and especially from foreign governments who believe that the stringent laws may affect the Indian startup ecosystem.
Most recently, the US government criticised both India’s data localisation and national ecommerce policy drafts during the bilateral talks held in May, claiming that certain policy proposals are discriminatory and trade distortive.
It was also of the view that India lacks the required infrastructure to be able to save its companies’ data. In response, India had expressed its sovereign right over the data produced within the country.
Following the launch of the draft, the Telangana state government had raised concerns saying that the implementation of certain clauses, especially the one on data localisation, has the potential to isolate Indian startups and hurt investments in the state and the country.
A group of associations including the United States Chamber of Commerce, United States-India Business Council (USIBC), Japan Electronics and Information Technology Industries Association (JEITA) and DIGITAL EUROPE had written to Prasad saying that the bill will dampen the abilities of global technology companies to continue its business in India. They noted that data localisation would raise the company’s costs by 30-60% and will also not help guarantee data security.