India’s lower house of parliament Monday (Aug 7) approved a bill that seeks to ease data storage, processing and transfer norms for BigTech companies as well as local firms seeking growth abroad.
The Digital Personal Data Protection Bill, 2023 that has been years in the making allows companies to export data to any country except those specified by New Delhi. The move is a boon for global enterprises such as Alphabet Inc’s Google and Meta Platforms Inc as it eases data flows and reduces their compliance burdens.
A draft, released publicly in November, restricted the export of data to all regions except those named by the government.
“The current bill pivots from a trusted jurisdiction, or country, approach to a softer negative list for cross-border data transfers, which is certainly a pro-business move,” said Anisha Chand, a Mumbai-based partner at Indian law firm Khaitan & Co. “We can be sure though that stricter sectoral laws will prevail.”
Roughly half of India’s 1.4 billion people use Internet, making the region a key growth market for global technology giants. India, like governments around the world, is trying to balance the needs of businesses with individuals’ rights to data privacy.
The proposed legislation, part of Prime Minister Narendra Modi’s drive to revamp tech laws, comes as digitisation thrives in the world’s most-populous nation, riding on a surge in the use of smartphones and mobile apps.
The bill requires companies to get consent before collecting personal data and prevents them from using it for any purposes other than those mentioned in the contract between the parties. That means companies can’t anonymise personal data and use it for products such as artificial intelligence models.
The bill gives sector-specific regulators, such as the central bank for fintech companies, a wider say over data rules for the industries they oversee.
The bill needs the approval of the upper house of parliament, where Modi’s ruling coalition does not have majority. – Bloomberg