- Retaining critical data is expected to reduce the number of instances in which company executives can be jailed due to the breach of data security
- Data Protection Bill will now be tweaked to allow personal information which is neither critical nor sensitive to be stored and processed anywhere
- Housing critical data in India could help ease the tension in trade ties between the US and India
India is likely to water down its proposed rules on data privacy and localisation, mandating that only critical information needs to be compulsorily retained in India, people familiar with the matter said to the Economic Times. It is also expected to reduce the number of instances in which company executives can be jailed due to the breach of data security to just one.
A senior government official told the News Daily that the proposed (draft) Data Protection Bill will now be tweaked to allow personal information which is neither critical nor sensitive to be stored and processed anywhere, while data classified as critical should be kept only in India. According to another official, this could help ease the tension in trade ties between the US and India.
Identifying critical data
The original draft of the Personal Data Protection Bill, 2018, prepared by the ministry of electronics and IT (MeitY), had suggested that a copy of all personal data be stored in India, while critical information had to be mandatorily stored only in the country.
The government has to identify what constitutes critical personal data. The Bill is listed for introduction in Parliament in the current session but this latest development could result in a delay to accommodate changes. The only provision that will carry a jail term for executives will relate to de-anonymising already anonymised data to reveal personal information.
Call of the hour
The development comes days after a high-level US trade delegation was in India holding discussions with various ministries, including IT and commerce, amid trade tensions between the two sides. New Delhi recently decided to raise import tariffs on 29 goods from the US. That was in response to the US rolling back incentives under its Generalized System of Preferences (GSP) program for imports from India. The US has since taken India to the World Trade Organization (WTO) over the country’s latest trade move.
The government’s move also comes after MeitY officials are said to have met recently with senior executives from US companies such Google, Facebook, Cisco, Mastercard, Amazon, PayPal, Twitter and American Express to understand their concerns and conveyed the possibility of softening the Data Protection Bill.
How safe is your data?
MeitY officials also highlighted to company representatives that even critical data, which must be compulsorily stored in the country, could actually be held abroad in case India had a bilateral agreement with a nation regarding the cross-border flow of data.
Several multinational companies had expressed concerns that localisation of all personal data of Indians would hurt their planned investments by raising costs to set up new storage centres in the country.
