The Indian government will be softening the Data Protection Bill which proposed that ‘a copy of all personal data be stored in India, while critical information had to be mandatorily stored only in the country.’ The Economic Times reported that the storage of only “critical” data within the country would be mandatory for companies.
The Personal Data Protection Bill, 2018, prepared by the Ministry of Electronics and IT (MeitY), limits the collection and storage of personal data of an individual by a company. Failing to comply with the rules, there are instances where the company executives might face a jail term. The revised bill restricts these instances to only one.
The only instance when a company executive might encounter a jail term will be related to the de-anonymization of already anonymized data to reveal personal information, ET reported, citing an unnamed government official.
A government official further said, “The proposed (draft) Data Protection Bill will now be tweaked to allow personal information which is not ‘critical’ nor ‘sensitive’ to be stored and processed anywhere, while data classified as ‘critical’ should be kept only in India.”
MeitY officials have reportedly met with senior executives from US companies such as Google, Facebook, Cisco, Mastercard, Amazon, PayPal, Twitter, and American Express to know their concerns about the Data Protection Bill. These companies have stated that it would damage their planned investment by increasing the cost of adding a storage facility within the country. With the new changes in the Bill, the Government seeks to relieve the on-going trade tension among India and the US concerning the flow of data.
MeitY has said that in case there exists a bilateral agreement between two nations for cross-border flow of data, a company might be able to store data abroad in that case.
“For instance, if India and the US have a bilateral agreement on cross-border flow of data that the American agencies would give India the necessary data required in a stipulated time, then even this provision of not making it compulsory to store critical data in India is also there,” the official told the ET.
The Data Protection Bill is slated for introduction in the Parliament. But considering the new changes being added, it could be delayed.