Highlights from the USIBC Data Protection Roundtable
As part of the International Privacy Forum, the U.S. India Business Council organized a data privacy roundtable on November 15 with U.S., Japanese and Indian government officials to discuss India’s draft Personal Data Protection Bill (PDPB). The discussion, which focused on the effective creation of an Indian data protection authority, included U.S. Federal Trade Commission (FTC) Commissioner Christine Wilson, officials from the Japanese Personal Information Protection Commission (PIPC), Indian representatives from the Ministry of Electronics and Information Technology (MeitY) and the National Cyber Security Centre (NCCC), and a range of industry leaders.
The session coincided with the Indian Parliament’s decision to list the PDPB for introduction and debate in the current winter session – extremely timely and pertinent deliberations. International regulators offered insights and experience around best practices and pitfalls in privacy regulation, including the recent Japanese experience in creating new data protection authorities (DPAs), as well as building trust both between consumers and the government, and among international privacy regulators.
- Data is Global: Participants emphasized that the data economy is global and interconnected, so regulation cannot be managed solely within the borders of any one country. With this in mind, bilateral cooperation between the United States and India – both major data generators – is paramount.
- Data Privacy and Data Security – A New Way Forward?: As India becomes a major global consumer and generator of data, adding to its current role as the leading international data processor, personal data breaches can have significant implications for economic and national security. Given the increasing centrality of data to global business operations, a light-touch, risk-based approach to data regulation is critical to support continued economic growth in both countries, as well as create an effective, coordinated and transparent regulatory structure.
- Role of a Data Protection Authority: A well-structured DPA will resolve concerns around definitions, transparency, and compliance, and nurture awareness for consumers and companies alike. An effective DPA will help create a framework for the data-driven economy that protects users while enabling innovation, stimulating investment and supporting job creation in the digital sector.
- Digital Economy as an Economy Engine: With the Government of India (GOI) focused on creating a $5 trillion economy, digital economy as a share of the country’s economic output is expected to increase significantly. By 2024, digital economy is projected to grow to nearly $1 trillion and 20% of India’s GDP, up from the current 13%-14%.
- National Digital Health Blueprint: Ministry of Health officials cited India’s National Digital Health Blueprint (NDHB) as a key example of success in the digital transformation of a critical sector. NDHB digital architecture brings together previously siloed programs and initiatives in the health sector, providing a clear framework to manage core digital health data. Officials noted the importance of leveraging international experience and best practices to ensure India develops a capable, effective privacy regulator.