NEW DELHI: Industry body Nasscom has opposed government’s plan to restrict cross-border data transfer by significant data fiduciaries, asserting that the proposal in the draft Digital Personal Data Protection (DPDP) Rules “risks causing unintended uncertainty on international data transfers.”
“Moreover, the ability of such a restriction to afford meaningful additional safeguards to the processing of personal data remains, at best, questionable,” Nasscom said.
In the draft of the DPDP Rules, released in January this year, the Ministry of Electronics and Information Technology (Meity) had proposed certain additional obligations on significant data fiduciaries.
These included requiring them to take measures to ensure that personal data, as specified by the central government, can only be processed if such personal data and its associated traffic data “are not transferred outside the territory of India.”
The US-India Business Council (USIBC), which is the biggest industry representative of US companies in India, said that it would be difficult for companies to invest and plan their operations in India in the absence of clarity on the criteria based on which the proposed ‘committee’ would issue recommendations on data localization restrictions.
Apart from Nasscom, USIBC, the Internet and Mobile Association of India (IAMAI), the All India Gaming Federation (AIGF), the Broadband India Forum (BIF), and Consumer Unity & Trust Society (CUTS) International, other industry and policy advocacy bodies have also submitted their views on the draft DPDP Rules.
In its submission, IAMAI said that, in its current form, the proposed draft rules are likely to place a heavy compliance burden on startups and small internet and data fiduciaries, compared to large companies, which have “dedicated legal and IT teams [and] are better placed to absorb such requirements.”
Opposing the government’s proposal under the rules to prohibit cross-border data transfer, AIGF has argued that since companies and data fiduciaries utilise cloud-based infrastructure to store and process data, the government must specify the “scope of restrictions” within which significant data fiduciaries will be required to adhere to the rules.
Industry body CUTS has said the proposal in the rule is a departure from the DPDP Act, which does not mandate explicit data localisation.
“This seems to be an excessive delegation, as the DPDP Act does not mandate the formation of such committees. Additionally, the law or rules do not define the committee’s membership, mandate, or decision-making authority, raising concerns about its legitimacy and transparency,” CUTS said.
Source; Business Standard
Retail Inflation Likely Eased To 3.9% In February 