- Global tech CEOs have been voicing their concerns against India’s proposed
Personal Data Protection Bill to looks to localise the data of Indian users. Ginni Rometty , the CEO of IBM, and data firms like Cognizant andGenpact are only the most recent companies to flag the potential issues with the bill.- CEOs of other global companies like Google, Mastercard, Twitter and Qualcomm also have concerns with how the bill will be implemented.
The Draft Personal Data Protection Bill suggests that the personal data of Indian users should be held by digital and global firms within and processed only in India. But, global CEOs have been making a case for how hindering the free flow of data across borders might have “unintended consequences”.
One concern is that the regulations that govern the privacy of data should be able to differentiate between user data and data from businesses. Ginni Rometty, the CEO of IBM, said, “We believe strongly in consumer privacy and you have to be careful to not conflate consumer data issues with business-to-business data issues,” in an interview with the Economic Times on Tuesday.
Cognizant and Genpact share a similar view flagging the risks to business-to-business data issues in their annual filing with the US Securities and Exchange Commission (SEC) this week. Cognizant remarked, “Complying with changing regulatory requirements requires us to incur substantial costs, exposes us to potential regulatory action or litigation, and may require changes to our business practices in certain jurisdictions, any of which could materially adversely affect our business operations and operating results.”
Genpact also told the SEC, “Evolving laws and regulations in India protecting the use of personal information could also impact our engagements with clients, vendors and employees in India.”
Google’s CEO, Sunder Pichai, addressed the issue more directly warning the government of the effect that it may have on the ‘Digital India’ program in the country.
But, some companies believe that the conversation shouldn’t be about localisation in the first place, but about ownership.
Facebook’s deputy chief privacy officer, Rob Sherman, did make an suggest an alternative approach to the problem of data localisation in India at the panel discussion on ‘Digital lows in the Digital Age’. Rather than localise data, the Indian could put a certification process in place instead where digital companies should fulfill the required standards to ensure protection and privacy rather than set up local servers in India to store Indian users data.
But there’s also an argument to be made about how changing technology which, in turn, would make any new regulations obsolete when new technology comes into play. Qualcomm’s president, Christiano Amon, notes, “Certain things can be centralised, certain things can be localised, but you can't really have a rule that mandates this.”
Sharing Banga’s concerns about the safety of data Amon said, “A regulation like that instead of helping, prevents a company from becoming competitive and make use of the technology…One possible approach is to make sure that the systems they're using, the data are secure.”
Nasscom and the Broadband Indian Forum have also criticized the Draft Personal Data Protection Bill 2018. Global companies are calling for the Bill to be consistent with international best practices outlined in the APEC CBPR rules and the OECD privacy framework.
See also:
Groups of foreign companies are lobbying against India's Personal Data Protection Bill
GDPR compliant firms should find it easy to adhere to draft Personal Data Protection Bill in India
India plans on handing over the reins of data privacy to the telecom industry watchdog