scorecardresearch
Tuesday, Sep 27, 2022

For better compliance, tech transfer, Govt to ease data localisation norms

The official added that the view in the government is that data should be stored in a region that is “trusted” by the Indian government and should be accessible in the event of a crime.

data localisation, Ministry of Electronics and Information Technology, data localisation norms, Indian Express, India news, current affairs, Indian Express News Service, Express News Service, Express News, Indian Express India NewsTo ease compliance for start-ups, the government could allow cross-border data flows to “trusted geographies” where it considers data of Indians to be safe. This would mark a dilution of the government’s earlier stance on data localisation.

The Centre could drop the contentious data localisation norms from the new data protection Bill and add these rules to the revamped version of the broader Information Technology Act, which the Ministry of Electronics and IT (MeitY) is working on, The Indian Express has learnt.

The localisation norms, criticised by Big Tech companies as well as start-ups for being too “compliance intensive”, could be relaxed by allowing cross-border data flows to “trusted geographies”, it is learnt.

A senior government official said that data localisation could find a place in the upcoming Digital India Bill — the proposed successor to the Information Technology Act, 2000.

“More than privacy or data protection, the idea of localisation of data is about access in the event of a crime. Law-enforcement agencies investigating cases often need quick access to data related to individuals. So while as an idea, data localisation is important, the Ministry is of the opinion that it belongs in the larger IT Act replacement, than in the data protection Bill,” the official said.

Subscriber Only Stories
Kurmi club: On national path, Nitish looks east, at UP’s Sonelal Pa...Premium
Interview: MD-CEO, Central bank of India | ‘During PCA years, none of our...Premium
The Kurmis: a political historyPremium
Deepti Sharma and the question of law vs spirit in cricketPremium

The official added that the view in the government is that data should be stored in a region that is “trusted” by the Indian government and should be accessible in the event of a crime.

The government is targeting to finalise the Bill by the Winter Session of Parliament, with some officials also saying it could get pushed to the Budget session next year.

If finalised in this version, this would be a significant departure from the government’s long-held stance on data localisation, which has been a key part of multiple iterations of the Data Protection Bill – the initial one formulated by the Justice BN Srikrishna Committee in 2018 and the one finally recommended by the Joint Committee of Parliament in 2021.

Advertisement

Earlier this month, the government withdrew the Bill from Parliament, saying that it would come up with a “comprehensive legal framework” for the online ecosystem.

The withdrawal came despite IT Minister Ashwini Vaishnaw saying in February 2022 that he hoped to get Parliament’s nod on the Bill by the Monsoon Session.

Explained

‘Trusted geography’

To ease compliance for start-ups, the government could allow cross-border data flows to “trusted geographies” where it considers data of Indians to be safe. This would mark a dilution of the government’s earlier stance on data localisation.

The localisation requirements in the old data protection Bill were strongly opposed by industry bodies – that represent top tech firms like Facebook, Google and Amazon – flagging that the norms could have “negative effects on the ability of companies to do business in India”.

Advertisement

In a 2018 letter to then IT Minister Ravi Shankar Prasad, industry groupings like the US-India Business Council (USIBC) and Digital Europe had requested the government to remove “forced localisation requirements” from the draft Bill.

Under the withdrawn data protection Bill, companies were required to store a copy of certain sensitive personal data – like health and financial data – within India and the export of undefined “critical” personal data from the country was prohibited.

Earlier this month, The Indian Express had reported that after receiving several complaints by start-ups, the government was looking at diluting data localisation norms.

“It would allow start-ups to use tools, software and servers of foreign companies, which would have been a challenge under the localisation requirements in the withdrawn Bill,” a start-up founder said.

Since the classification of data under the withdrawn Bill into personal, sensitive personal, and critical was largely determined by what type of data can and cannot be taken outside of the country, the government is said to be considering using that classification for awarding damages to people whose personal data may have been compromised by an entity.

Advertisement

Sectorally, the Reserve Bank of India currently has among the most stringent local storage norms for its regulated entities.

In a directive issued in 2018, the central bank said its regulated entities must store their entire payments data, including end-to-end transaction details, in India. While the RBI has allowed payments to be processed overseas, it has mandated that the data will have to be deleted from foreign services post processing and brought back to India.

First published on: 14-08-2022 at 03:52:28 am
Next Story

Over 18,000 come out in support of St Xavier’s University teacher ‘forced to quit’ for Instagram post

Latest Comment
Post Comment
Read Comments
Advertisement
Advertisement
Advertisement
Advertisement