This article was last updated 6 years ago

cybercrime, cyber,
Internet Security System

There’s more information on India’s new, proposed data protection bill, that is said to come anytime now. The info, reported by Times of India post analysing a copy of the bill, highlights new compliance points that internet giants will have to adhere to.

The Data Protection Bill will now immobilize cross-border transfer of ‘sensitive personal data’ of the citizens of India. Under this new bill, personal data such as passwords, financial and health data, caste, sexual orientations, religious and political beliefs will be prohibited from being transferred to other countries. The Government is also planning to place strict penalties in case of violations and unauthorized processing of personal data. The maximum fine is capped at Rs 15 crore (approx $200,000) or 4% of their worldwide turnover (whichever is higher).

TOI, which had exclusive access to view the bill, reported that the bill seeks the formation of a Data Protection Authority to handle the wide spectrum of issues relating to this matter; ranging from the handling of personal info and dealing with companies accessing data to ensuring strong adherence to rules and regulations by these companies.

While common people may take solace in the fact that the government is taking steps to protect their private information, many global internet companies are disquieted by this move. They termed this shift as “anti-internet” and “impractical”. They believe companies have the right to store the personal data globally as any law which mandates that data be stored locally would increase their costs of operation.

Apart from banning the transfer of personal data, the bill also places restrictions on dealing with personal data.

Every data fiduciary shall ensure the storage, on a server  
or a data center located in India, of at least one serving copy of personal data.

However, exemptions can be made on the grounds of necessity or strategic interests of the state. Cross-border movement of personal data would be allowed if they are in line with the contractual clauses and the country /organization has been prescribed by the central government.

The report stated that the government hopes to introduce this Bill in the Parliament as early as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.