Following the publication of a draft Data Protection Bill for India, techUK's position paper sets out its views on the key elements of the Bill. The continued development of India’s data protection framework is of significant interest to tech companies operating in the UK as trading relations could be significantly affected.
techUK welcomes the fact that India is updating its data protection rules. The draft Bill is a significant step forward in the development of data protection law in India. A large number of the Bill’s provisions mirror those of the EU’s General Data Protection Regulation (GDPR), which took effect on 25 May 2018. This is a positive development given the global nature of data protection.
The global reach of GDPR means that many businesses across the world are already complying with GDPR and therefore alignment in more countries is beneficial. Indian legislation that meets the standards set by GDPR is also likely to be a key factor in the success of any attempt for India as a whole, or in the first instance, the Indian IT industry, to an adequacy agreement with the EU. An adequacy agreement would significantly reduce barriers to trade between the EU and India.
However, there are some concerns with certain elements of the Bill, including data localisation requirements and definitions of ‘personal and sensitive data’ amongst others. The data localisation requirements within the Bill are arguably the most concerning element. Their inclusion mirrors a disappointing trend of increasing data localisation requirements around the world, which do not provide additional protections to personal information but does hinder cross-border activity.
Read the full position paper via the link below and if you would like to discuss further please get in touch with Jeremy Lilley.