Industry stakeholders on Thursday said the new framework for Personal Data Protection Bill should emphasise on cross-border data flow and data localisation requirements, bringing ransomware, Blockchain-based crypto/NFT scams and even the huge tax evasion by Chinese tech companies into its ambit.
IT industry’s apex body Nasscom said that data is the bedrock for ‘Digital India’ and the new framework can build on the learnings from global implementation of data privacy laws and stakeholder feedback on the earlier bill.
“The key imperatives will be to operationalise the fundamental right of privacy and enable data protection in a manner that grows trust in data driven businesses and allows data led services to grow in a safe and trusted manner,” Nasscom said in a statement.
The government withdrew the contentious Personal Data Protection (PDP) Bill 2019 that saw 81 amendments to date, saying that it will soon introduce a new, sharper bill that fits into the comprehensive legal framework to protect the data of billions of citizens.
IT Minister Ashwini Vaishnaw said that the draft of the new PDP Bill is almost ready that will protect the digital privacy of individuals.
According to Sajai Singh, Partner at law firm J Sagar Associates (JSA the key issue is the practicality of a Bill becoming the law of the land.
“The drafting of the PDP Bill needed to be made current with the ground realities, with ethics and AI, ransomware becoming more sophisticated, crypto and NFTs adding a commercial dimension to Blockchain technology and the like,” said Singh.
“Various multinationals are interested in seeing how Indian law will address issues like cross-border data flow, data localisation requirements and restrictions placed on certain services like VPN (virtual private network),” Singh added.
Aparajita Bharti, Founding Partner at TQH Consulting, said that given the number of outstanding questions around issues like non-personal data, data localisation, cross border data flows and exemptions to central government, “the government’s intent to bring a fresh Bill that incorporates all the feedback could be a positive stepa.
The earlier PDP Bill drew intense scrutiny from privacy advocates, industry stakeholders and tech companies.
The Bill was first brought in 2019 and was then referred to the Joint Committee. The JCP report had identified many issues that were relevant but beyond the scope of a modern digital privacy law.
New Delhi-based cyberlaw expert Virag Gupta said that several cases of data breach and tax evasion by Chinese companies have been detected by the Indian agencies.
“Industry and the government have, many times, suggested that India needs a comprehensive Information Technology Act. On many important issues, the government has come with ordinance. Early enactment of data protection and data localisation will bring massive tax revenue and create huge employment opportunities in the country”, Gupta told IANS.
Amit Jaju, senior MD at Ankura Consulting, said that Indian companies have witnessed large-scale data breaches this year and in absence of a data protection law, individuals have little to no protection.