Introduction
A few of the important elements of the recently updated data protection Bill include easing cross-border data flows, increasing penalties for data breaches and non-compliance, and enabling the government to exclude state institutions from the legislation for the sake of national security.
Three months after the government retracted an earlier version that had drawn criticism from Big Tech and other segments of civil society, the new draft version was published on the 18th of November 2022. The updated draft, now known as The Digital Personal Data Protection Bill, 2022, includes clauses on “purpose limitations” for data collection, specific grounds for collecting and processing personal data, fines ranging from Rs 50 crore to Rs 500 crore, and a Data Protection Board acting as the adjudicating body to carry out Bill’s provisions.
The draft is available for public comment until December 17; the final version is anticipated to be introduced during Parliament’s budget session the following year.
In contrast to the contentious necessity of local storage of data inside India’s geography in the previous Bill, the latest draft makes major allowances for cross-border data transfers. The Central Government will notify areas in due time where Indians’ data may be transmitted, according to the new draft.
Data Localisation
Data protection laws often require controllers to satisfy special requirements when transferring personal data cross-border.
For example, the General Data Protection Regulation (GDPR) requires organizations to ensure that transfers of personal data to a country or territory outside the EEA (third country) or an international organization comply with the conditions set out in Chapter 5 of the GDPR (Article 44, GDPR).
Data localization or data residency laws mandate that information on a country’s inhabitants or citizens be gathered, processed, and/or maintained domestically, frequently before being transmitted overseas. Such information is often only shared after complying with regional privacy or data protection regulations, which may include notifying the user of the information’s intended purpose and gaining their agreement.
The idea of data sovereignty, which limits some data kinds to those covered by the rules that apply to data subjects or processors, is the foundation for data localization. Data localization takes a step further by demanding that initial collection, processing, and storage occur inside the national boundaries, whereas data sovereignty may just require that records concerning a nation’s inhabitants or residents abide by its personal or financial data processing regulations. In rare situations, it may be necessary to erase data on a nation’s inhabitants or citizens from other systems before doing so in the country where the data subject resides.
Data Localisation in Other Nations
The General Data Protection Regulation (GDPR) of the European Union (EU), which sets restrictions on the free movement of data impacting all EU member states, is one of the most significant pieces of legislation on data flows.
An “Adequacy Decision” process is part of the GDPR and it governs international transfers of personal data. So long as the European Commission has determined that the third country of data destination offers a sufficient level of privacy protection (there are presently 12 countries on the “adequate” list), personal data transfers to another country outside the European Union are permitted.
The GDPR states that only when an acceptable degree of protection is provided or when safeguards are in place to ensure the level of protection is roughly similar to that now given inside the EU, can personal data transfers to another country outside the EU be made. These protections come in the form of certifications, binding corporate rules (BCRs), codes of conduct, standard contractual clauses (SCCs), and other legally binding documents.
The GDPR permits data controllers to rely on specific derogations for cross-border data transfers in the event of a data transfer to a non-adequate country and the absence of safeguards. These exceptions can only be used in certain circumstances to send data to a foreign nation.
When collecting personal information from a data subject, data controllers are required under the GDPR to inform them of any cross-border data transfers they plan to make and to provide the following information:
- whether the Commission has made an adequacy decision or not, or
- Referencing the necessary or adequate safeguards, how to receive a copy of them or the locations where they are available in the case of transfers based on derogations or appropriate precautions.
If the data controller plans to use the personal data for a reason other than the one for which it was originally obtained, it is required to inform the data subject of that other purpose and any pertinent information before that further processing. The GDPR’s transparency requirements must typically be met by the data controller.
China, on the other hand, mandates localization of all “essential data” about “vital information infrastructure.” In a similar vein, Russia mandates that all personal information about its inhabitants be kept domestically. Different strategies have been used by various nations. The US mandates that all defense-related data be kept domestically. Indonesia, on the other hand, mandates the localization of all information about governmental services.
The New Provisions
By dividing the data into several categories according to its nature, such as sensitive or critical, the earlier suggested regulations were said to better secure the residents’ personal information. Businesses were mandated to keep a copy of certain “sensitive personal data” of Indian individuals, such as financial and health information, in India under the previous Bill, and exporting vaguely defined “critical” personal data was forbidden. Additionally, the previous Bill gave the Central government the authority to designate any personal information as “critical personal data” that must be processed only in India. It was one of the most important complaints highlighted by tech businesses, with companies like Meta stating that it would affect its services in India.
The government had been asked to approve the cross-border transmission of data by the Asia Internet Coalition, a lobbying organization that speaks for Meta, Google, Amazon, and several other internet companies. In a letter to the IT ministry earlier this year, they stated that cross-border transfer decisions should be free from executive or political involvement, and should ideally be minimally controlled. The organization had claimed that limiting cross-border data flows would likely lead to increased rates of company failure, hurdles for start-ups, and more expensive product offers from established market participants. In the end, the aforementioned regulations will have an impact on digital inclusion, Indian customers’ access to a genuinely global internet, and the caliber of services.
The draft permits cross-border interactions of data with “certain notified countries and territories,” in a move that is seen as a win for tech companies.
“The Central Government may, after an assessment of such factors as it may consider necessary, notify such countries or territories outside India to which a Data Fiduciary may transfer personal data, following such terms and conditions as may be specified,” the draft says, without naming the countries.
Users will have the right to update and erase the personal data that businesses have on them, and companies will be obligated to stop keeping user data if it no longer serves the commercial purpose for which it was gathered.
Experts’ View
Experts and analysts have noted that the Bill takes a rather accommodative stance on the need for data localization and allows data flow to specific international locations depending on specified predetermined evaluations. Instead of being forced to build extensive infrastructure in India for the storage and processing of personal data, this is expected to encourage country-to-country trade agreements and make it comparatively easy for multinational corporations to operate and process data with their present set-up.
Conclusion
By easing regulations and allowing cross-border data transfers, it would be interesting to see which countries the central government notifies and the rules it lays down for the transfer, storage, and processing of data. While it is certainly advantageous for the Multi-National Corporations carrying out businesses in India, eased data localization regulations should not mean that the personal data of citizens are exploited and safeguards should be placed, complying with principles of data protection, to ensure that the companies do not misuse the collected data.
We at Tsaaro are conscious of the compliance, unavoidable risk of exploitation and misuse of operational, confidential data that comes along with such involvement and the importance of working with compliance for a firm to run properly. Get in touch with us at info@tsaaro.com If you want to run an audit of your consent practices, check out our Regulatory Compliance Service, and Schedule a call with our experts by clicking here. Take the first step towards a secure your organization’s data by scheduling a call with our privacy expert team at Tsaaro Solutions today.
Very informative and funny! For those curious to know more, check out: FIND OUT MORE. Let’s discuss!
Houston to Galveston shuttle services offer a range of options, such as luxury and private cars. Travelers can pick black car, corporate, express VIP, or cruise shuttle services for group transportation or special events, with airport and cruise transfers available for added convenience.
Discover the perfect party bus rental in Miami, FL, for your next event. Explore a variety of options for party buses in Miami, Florida, ensuring a memorable and convenient transportation experience tailored to your needs.
Elevate your experience with Miami’s finest limo services. From airport transfers to wedding extravaganzas, our luxury fleet and competitive rates ensure your journey is as memorable as the destination.
Choose our bus service in Annapolis, Maryland, for unparalleled transportation options. From charter bus service Annapolis Maryland to shuttle bus services Annapolis, we offer comprehensive group transportation Annapolis, including wedding transportation Annapolis, airport transfer Annapolis, and motor coach bus rental Annapolis.
Arrive in style with the VIP Shuttle Service Nassau Airport, featuring a Luxury Transfer from Nassau Airport. Our Nassau Bahamas Airport Luxury Shuttle provides a Nassau VIP Shuttle to Hotels, ensuring a comfortable and exclusive experience every time.
Airport transfers in Nassau, Bahamas conveniently located at all of the major airports. Get to your destination quickly and safely with our professional drivers.
We are a private hire car company, specializing in passenger transfers to and from Bahamas airports, ports, Bahamas train stations, and Bahamas Places.
Airport Limo Hamilton is your premier choice for luxury transportation in the Hamilton area. We offer a wide range of limo services, including airport transfers, corporate events, and special occasions. Our fleet of well-maintained limousines and professional chauffeurs ensure a comfortable and reliable journey. Whether you’re heading to Toronto Pearson International Airport (YYZ), Billy Bishop Toronto City Airport (YTZ), or any other destination, our Hamilton to Toronto airport limo service has you covered.
Experience top-notch London Ontario airport taxi with our London ON airport transfer and YXU taxi service. Enjoy the comfort of our London Ontario airport shuttle and airport cab London Ontario. Secure your taxi to London Ontario airport for an easy travel experience!
Travel in style from Buffalo to Burlington with our top-notch Airport Limo and Taxi Services. With options ranging from luxurious limos to reliable taxis, we ensure a comfortable and stress-free journey from Buffalo Airport to Burlington. Book now for a smooth ride.
Arrive in style with our Black Luxury Car Service in Chicago. From corporate events to special occasions, our fleet of luxury vehicles ensures sophistication and comfort. Trust us for unparalleled service and unforgettable experiences.
Explore Cape Town with a personal tour guide and private driver, offering bespoke tours and chauffeur services. Perfect for discovering the city with a private driver in Cape Town, South Africa.
Houston Airport Shuttle delivers reliable Houston VIP Shuttle services, covering both IAH and Hobby airports. Their Houston Shuttle Service includes home pickups, round trips, and a free shuttle from IAH to Hobby, ensuring hassle-free transportation.
Choose our car service MSP to Rochester, MN, for a smooth journey. We provide transportation from Minneapolis Airport to Rochester, MN, and chauffeur service from Minneapolis to Rochester. Trust our reliable Minneapolis car service to Rochester, MN, for your travel needs.
Get seamless PDX Airport Shuttle services, available 24/7 for your convenience. Choose our affordable Portland Airport Shuttle for private or large group travel. Experience top-notch PDX Airport Shuttle Service near you with reliable and comfortable transportation options.
Experience seamless travel with London Chauffeur Service, offering a range of premium options including Luxury Chauffeur Car Hire, London Airport Transfers, and Corporate Chauffeur London. From Wedding Chauffeur Hire to VIP Car Service, our Professional Driver Services guarantee comfort and reliability.
Gabriel Chauffeurs offers premium London Chauffeur Service, providing Private Chauffeur Services London with Luxury Car Hire. We specialize in VIP Transport, Airport Transfers, Wedding Car Hire, and London City Tours, ensuring Executive, Corporate, and Professional Chauffeur Services for all occasions.
Experience the finest VIP Limousine Winnipeg has to offer with our affordable limousine rentals. Choose from luxury stretch limousines for weddings, corporate events, or parties. Enjoy premium chauffeur service with the best Winnipeg Limo Rentals and VIP Limousine Services.
Book your John Wayne Airport Transfer Shuttle today! Our efficient John Wayne Airport Shuttle Service connects you to Los Angeles, Orange, Riverside, and San Bernardino Counties, offering rides from Ontario, Montclair, and La Verne to the airport and beyond.
We maintain proper safety equipments for car hire in Dubai. The initial task is to deeply vacuum the entire interior to remove and remove dirt, sand, dust, hair and all dirt, both on carpets and on seat upholstery. Rubber mats, the easiest to clean, should be removed to wash with water – and soap
Mercedes Sprinter Dubai’s chauffeur services in Dubai provide first-class transportation, blending sophistication and comfort with a fleet of luxurious Mercedes Sprinter vans.
Our main priority is to provide comfort, and elegance in our luxury cars and limousines. Our goal is to offer seamless airport transfers in Dubai for both personal and professional trips.