The UK India Business Council (UKIBC) on Friday said it supports India's position on data localisation "in-principle" but believes clarification is needed on areas such as definition of sensitive data.
"We are absolutely positive and convinced... absolutely supportive of the direction in which (personal data protection) Bill is going.
"We are comfortable in-principle with localisation but clarity has to be given around the definition, and questions have to be answered around regulatory environment etc," UKIBC Group CEO Richard Heald OBE told PTI.
He added that the body will submit its report on the draft Bill to the Indian government next week.
Heald said UKIBC is "cautiously optimistic" about the approach being taken with the draft as it attempts to strike a balance between ensuring access and encouraging innovation, while recognising that rights of individuals have to be protected.
The draft personal data protection Bill, introduced last year, has drawn mixed response from the industry.
While most have welcomed the overall framework, many have raised concerns around provisions that include a mandate to set up local servers in India for storing "critical personal data" -- a classification that will be done by the Centre.
This, some contend, is likely to have implications for technology firms, especially those in areas like finance and healthcare that handle multitude of user data ranging from names and addresses to financial information.
On data localisation, Heald pointed out that some form of localisation operates in most jurisdictions, and the concept of mandating that personal data is stored within the country is already established.
"Broadly, we are comfortable with the principle of localisation. Where we would like to see more clarity is on critical personal data, what is non-critical personal data, what is non-personal data, where does business data end and where does personal data start. So it's the definition around that where we would like greater clarity and discussion around that," he explained.
IT industry body Nasscom had also urged that greater clarity is needed on what will comprise as "critical data" under the proposed data protection framework as such information is mandated to be stored locally.
Nasscom, in its submission, had said mandating localisation of all personal data could become a trade barrier in key markets. Also, startups from India that are going global may not be able to leverage global cloud platforms and face similar barriers as they expand in new markets, it had contended.
Heald highlighted that India's approach to set up a data protection agency that would regulate and enforce the rules, and is funded by penalties is "unique" in its approach.
"We are also intrigued as to how it (agency) will operate without inherent conflicts and with real independence and knowledge, which fundamentally should underpin the regulatory environment," he said.
He said resources and expertise should also be committed to ensuring speedy resolution of disputes between data principals and data fiduciaries.
Heald pointed out that there is also a scope of creating a joint 'Data Garage' where Indian and UK businesses, academia and authorities can work together for developing solutions based on new-age technologies like artificial intelligence.
He also made a case for a UK India Common Data Agreement (CDA) becoming a priority for the UK India Tech Partnership to enact.