On December 4, The cabinet of Indian Prime Minister Narendra Modi approved a data protection bill for tabling in parliament. Following the circulation of the Personal Data Protection Bill (PDPB) text, U.S.-India Business Council President Nisha Biswal issued the following statement:
“The U.S.-India Business Council welcomes the Government of India’s introduction of the Personal Data Protection Bill (PDPB) in Parliament this week and commends the government for its consultative process. Over the past several years, USIBC has worked closely with both government and industry leaders to support development of a transparent, light-touch, and risk-based approach to data protection in India.
It is clear that the government and Minister Ravi Shankar Prasad recognize the importance of establishing a sound data protection framework, and we are encouraged to see a number of industry perspectives reflected in the revised PDPB. We note the requirements for data localization have been relaxed, enabling access to the global processing and data analytics that sustain India’s nearly $200 billion digital economy. A balanced approach to penalties is also a significant, constructive step. We look forward to additional opportunities to share specific additional technical points that could further improve the bill.
Unfortunately, the bill also contains several new provisions outside the core issue of data privacy that raise serious concerns for the private sector, particularly the inclusion of requirements around non-personal data and voluntary social media know your customer (KYC) provisions. These two issues are distinct from personal data issues and are complex in their own right. Given the need for additional discussion, we urge the government to remain focused on essential data privacy issues and to take up these matters as part of existing policy efforts taking place in parallel to the PDPB. We also recommend the bill be revised to provide ample time to establish a new Data Protection Authority (DPA) and strengthen the DPA’s independence and effectiveness, as well as allow companies to transform business operations, develop new technologies, and innovate digital solutions. We remain committed to working closely with the government as the bill moves through the parliamentary process, and commend the clear process outlined for the Bill’s introduction and passage next year. Meanwhile, we will continue to seek opportunities for industry and India’s leading trading partners to share their views as new policy takes shape.”
As part of the International Privacy Forum, the U.S. India Business Council organized a data privacy roundtable on November 15 with U.S., Japanese and Indian government officials to discuss India’s draft Personal Data Protection Bill (PDPB). The discussion, which focused on the effective creation of an Indian data protection authority, included U.S. Federal Trade Commission (FTC) Commissioner Christine Wilson, officials from the Japanese Personal Information Protection Commission (PIPC), Indian representatives from the Ministry of Electronics and Information Technology (MeitY) and the National Cyber Security Centre (NCCC), and a range of industry leaders.
The session coincided with the Indian Parliament’s decision to list the PDPB for introduction and debate in the current winter session – extremely timely and pertinent deliberations. International regulators offered insights and experience around best practices and pitfalls in privacy regulation, including the recent Japanese experience in creating new data protection authorities (DPAs), as well as building trust both between consumers and the government, and among international privacy regulators.