You are here: Home » Technology » News » Computers
Business Standard

What India can learn from EU's GDPR privacy bill to protect online data

Critics of data privacy bill say the proposed legislation will impair the operations of the internet giants and startups that're helping usher in a digital economy

Saritha Rai | Bloomberg 

GDPR, data privacy, EU data protection

A draft of a sweeping has been submitted to India’s government that, if enacted, will restrict the transfer and storage of information on more than 1 billion people by global corporations from Inc. to

A committee chaired by government-appointed formally put forth a draft on Friday. Broadly, it recommends foreign companies such as and Uber Technologies Inc. store information locally, and proposes stringent penalties for flouting tighter rules governing how personal data is handled.

India’s embrace of smartphones has triggered an explosion of sensitive information despite a dearth of regulation, fueling concern among privacy activists and citizens groups about potential abuse. Advocates of the bill argue for over-arching regulation to protect the rights of users -- an issue that’s come to the fore since revelations about the leak of data on millions of users and a series of high-profile cyber-attacks.

Critics however say the proposed legislation will impair the operations of the internet giants and startups that’re helping usher in a digital economy. Companies such as Alphabet Inc.’s and Twitter Inc. say they rely on a global information network to most efficiently run their apps. And it’s one more headache for in what’s its single largest market by users.

“If this becomes law, seamless data transfer between hubs will become a challenge for companies such as Facebook, and Twitter, leading to a disjointed experience for their users,” said Suneeth Katarki, founder-partner of Bangalore-headquartered IndusLaw, which consults for clients on the matter. “On the other hand, companies like Google and Amazon will be offered a massive business opportunity for expanding their cloud business in India.”

ALSO READ: Press freedom protected under Srikrishna panel's data protection Bill

Srikrishna’s proposals bear similarities to the imposed in Europe. Ravi Shankar Prasad, minister for information technology, said on Friday the government will consult with lawmakers before it introduces the draft bill -- which runs into over a hundred sections -- to parliament for voting.

ALSO READ: Most firms believe EU's GDPR will bring sense of privacy in biz: Survey

As proposed, it requires data localization by companies and that a copy of all personal information be kept on servers within the country. is to be stored in-country only, while stringent rules apply for cross-border transfers. The committee also recommends the creation of a data protection regulatory authority, and penalties for violations of up to 150 million rupees ($2.2 million) or 4 percent of worldwide turnover in the preceding financial year, whichever is higher.

ALSO READ: Data protection Bill: Adjudicating officer to decide compensation amount

The draft additionally bans the collecting, recording or disclosure of personal data that identifies individuals. That includes financial, health and genetic data, biometrics, sexual orientation, and political or religious affiliations. Those can only be processed with an individual’s consent or should the government require access under exceptional circumstances.

The draft stipulates that such consent should be explicit and that an individual is free to withdraw that approval. It also grants people the right to access and request corrections of their own data, as well as the ‘right to be forgotten’.

First Published: Tue, July 31 2018. 07:28 IST