The data localisation aspect in the latest draft copy of personal data protection bill presented by the Indian government has drawn criticism from the Industry. Read on to know more about it…
As India introduced its personal data protection Bill last week, most of them from the Industry bodies welcomed the move on the Data protection bill, but most of them are skeptical about the proposed rules on restricting cross border data flows by setting up local servers in India. The proposal of Data localisation, making it mandatory for organizations to set up local servers in India,
has drawn mixed response from the Industry.
While Business Software Alliance (BSA), an alliance of global IT players which includes members such as Microsoft, IBM, Amazon Web Services, Cisco, Apple and Salesforce, has welcomed Indian government’s move to make a comprehensive data protection regime, it was not convinced about the Data localisation rules. Venkatesh Krishnamoorthy, Country Manager India, BSA, stated that “However, including data localisation requirements in such legislation is contrary to the goals of promoting a Digital India, as global data transfers are critical to cloud computing, data analytics, and other modern and emerging technologies and services that underpin global economic growth,”
The draft Bill, on Data localisation states “Every data fiduciary shall ensure the storage, on a server or data centre located in India, of at least one serving copy of personal data to which this Act applies”. The foreign vendors are alarmed that if they are not allowed to transfer data unless they setup their server based in India, it will cause delays in processing analytical data for building Artificial Intelligence models.
Agencies such as the US India Business Council (USIBC) have also said that there are some areas of concern in the draft data bill. The US-Indo lobby group said on Twitter “USIBC will seek to work with the government of India to further improve the bill prior to its due consideration by Parliament. Privacy, security, data fidelity, and cross-border data flows are critical to India’s leadership of the global digital economy and innovation. We must work together to get this right,”
Another issue of the proposed data protection Bill, if it becomes law, could be on internal Information Technology (IT) policies of organizations, who are increasingly adopting Bring Your Own Device (BYOD) programmes.
Jayant Saran, Partner – Forensic, Financial Advisory, Deloitte India said that “Considering most organizations today allow for reasonable use of company issued computers and other IT assets for personal use, it is likely that a significant amount of personal data resides on these assets. This may pose a challenge while seeking assets for investigations or other proactive fraud detection measures undertaken by the organization. In line with these new guidelines, organizations may need to relook at their internal IT policy and their fraud response policy and ensure that employee approvals are obtained prior to accessing personal data,”
The Road Ahead
For effective implementation of Data privacy laws, promoting confidence in users without sacrificing expectations of privacy, security, and safety must be worked upon. Enhanced cooperation between all stakeholders in the global arena, through prolific debates on data localisation, may pave the way ahead for deciding the fate of cross-border data flows, without compromising on data privacy, security and sovereignty.