12,102.40-67.45
Stock Analysis, IPO, Mutual Funds, Bonds & More

Tech companies flag licensing, non-personal data terms

Their apprehensions include sharing of non-personal data with the government, exceptions that the government has given itself, verification of social media users, certification requirements from the Data Protection Authority, and missing timelines for implementation of the bill.

, ET Bureau|
Dec 13, 2019, 08.17 AM IST
0Comments
Getty Images
data-safe
NEW DELHI: Top multinational technology corporations and local software companies expressed a range of concerns over India’s Personal Data Protection Bill, arguing that some provisions restrict business growth and scuttle ongoing innovation in the country.

Their apprehensions include sharing of non-personal data with the government, exceptions that the government has given itself, verification of social media users, certification requirements from the Data Protection Authority, and missing timelines for implementation of the bill.

The National Association of Software and Services Companies (Nasscom) and the Internet and Mobile Association of India (IAMAI), which represent companies ranging from Infosys and Wipro to Google and Facebook, welcomed the introduction of the bill in Parliament on Wednesday, but called for wider consultations on the marque legislation to ensure that it is a “win-win for India and the Industry”.

The US-India Business Council (USIBC) said new provisions around non-personal data and social media liabilities are a matter of concern and the bill should be “revised” to provide ample time to establish a new Data Protection Authority, and strengthen its independence and effectiveness. It applauded the relaxation around data localisation and penalties.

The bill “compromises” on the privacy of Indian citizens as it has built in far too many exceptions for government agencies; has stringent procedures that risk functioning of businesses; creates a certification and licensing regime that may kill innovation and has provisions that may run counter to India’s target of a $1 trillion digital economy by 2024, IAMAI said in a statement on Thursday.

1

‘FURTHER CLARITY'
In an interview to ET on Wednesday, Justice BN Srikrishna, who led the committee that drafted the bill, said allowing the Centre to exempt its agencies from some or all provisions is “dangerous” and can turn India into an “Orwellian State”.

Nasscom identified positive changes such as the lifting of restrictions on cross-border transfer of personal data, the removal of passwords from the indicative list of sensitive personal data, the exclusion of certain offences, and the creation of sandboxes to encourage innovation. It welcomed the removal of the power granted to police officers above the rank of inspector to investigate offences. Any investigation must start only on the basis of a complaint by the DPA and subsequent to a court order.

“A robust data protection law is critical for India’s success in the data economy and we are very happy that the government is taking the necessary steps to pass the law at the earliest. There are a few areas where we still need further clarity,” said Debjani Ghosh, president of Nasscom.

The lobby body for the $200 billion Indian IT industry said IT-business process management and global capability centres will need greater certainty on the scope and issuance of the exemptions for them because they process personal data of users outside India.

Ashish Aggarwal, head of public policy at Nasscom, said since the bill was about personal data, adding provisions on non-personal data was not an elegant way of dealing with the subject.

“The concerns are flowing from how to protect commercial interest and IP of companies, so it’s a combination of concern and uncertainty,” he said.

RISKS FOR PRIVATE SECTOR
IAMAI said the government itself offers many services, competing with private companies. “The right of the government over data assets of private businesses risks creating an unlevel playing field for private businesses,” it said.

USIBC president Nisha Biswal told ET that the bill also contains several new provisions outside the core issue of data privacy that raise serious concerns for the private sector, especially requirements around non-personal data and social media intermediary liabilities.

“These two issues are distinct from personal data issues and are complex in their own right,” Biswal said. The bill should be revised to allow companies to transform business operations, develop new technologies and innovate digital solutions, she said.

The requirement for all businesses collecting personal data to have a ‘Privacy by Design’ policy in line with requirements by the DPA creates a restrictive certification and licensing regime for operating in India.

Also Read

Everyone wants a piece of enterprise tech companies

Lava eyes tie-ups with global tech companies

To share user data or not? Tech companies not on same page

How tech companies are cashing in on sports sponsorship deals

Comments
Add Your Comments
Commenting feature is disabled in your country/region.

Other useful Links


Copyright © 2020 Bennett, Coleman & Co. Ltd. All rights reserved. For reprint rights: Times Syndication Service