Proposed rules to regulate the way companies handle customers’ personal data has received a mixed response from India’s private sector, with some businesses praising it as necessary to protect privacy and others complaining that it will adversely impact their operations.
India’s Personal Data Protection Bill seeks to protect consumers’ financial details, biometric data, caste, religious and political beliefs and other personal information from unauthorized access — although, controversially, state agencies are exempt under certain circumstances.
If the bill, which also recommends the setting up of a Data Protection Authority to enforce compliance, becomes law, it will affect all the companies that store or process user data. E-commerce, social media, banking, finance, insurance and health care sectors will likely be affected the most.
First tabled on the same day that Parliament passed India’s controversial Citizenship (Amendment) bill, which allows citizenship for non-Muslim immigrants, the bill is now being discussed by a 20-member parliamentary panel that will take feedback from citizens, business establishments, law-enforcing agencies and other groups. Once the reworked bill is tabled in parliament, it will need majority votes in both houses of the legislature to become law.
Karnika Seth, a Supreme Court lawyer and a cyber law expert, said legislation to govern the handling of data is much-needed as cyber crimes, breach of privacy and unauthorized collection of data have become rampant, while India’s existing Information Technology Act and Information Technology Rules, enacted years ago, are not thorough enough to protect personal data.
The Internet and Mobile Association of India, however, fears the proposed law will impose extra costs that could harm the business environment. Despite being the world’s third largest recipient of venture capital after the U.S. and China, funding for the country’s tech sector has cooled off lately due to the slowing economy and fallout from WeWork’s IPO debacle late last year.