Big tech is in a knot over data localisation norms.
NEW DELHI: The release of the ecommerce policy, which recommends a much stronger form of data localisation, has added to the woes of foreign internet and social media companies like Amazon, Google, Facebook, and Twitter , which were already reeling under the provisions of the Srikrishna committee’s draft data protection law — which seem milder in comparison now.
The ecommerce policy has mandated that data hosted of Indians on ecommerce platforms, social media, search engines, etc, would have to be stored “exclusively” in India, while the Justice Srikrishna committee draft data law had recommended that ‘one copy’ of all personal data has to be stored in India and only critical personal data – as defined by the government – will be stored only in India.
Sangeeta Gupta, chief strategy officer at NASSCOM, said that there can’t be multiple such policies for data protection with different recommendations by the Reserve Bank of India, under the ecommerce policy and by the Srikrishna committee. “The law has to be one.”
Gupta added that from an industry point of view, “Somewhere the focus of data protection and the importance of privacy has been subsumed as localisation rather than what is required for data protection,” she said.
Nasscom has always stood for cross border flow of data and will raise the issue during the consultation process for the Srikrishna committee draft and will request the same for the ecommerce policy, Gupta added. The draft Data Protection Bill , which was submitted to the government last week, if accepted will impact a wide array of companies, and include all and any firm which collects demographic data of residents such as name, address and age. This will include all social media and internet firms, along with email services providers like Google’s Gmail, ecommerce firms, telecom companies and banks among others. Google, Facebook and Twitter did not respond to ET’s request for comments.
The mandate had also split the 10-member committee with two members giving dissent notes against the proposal. Rama Vedashree, CEO of the Data Security Council of India (DSCI) and also one the members on the Srikrishna Committee told ET that “data localisation now seems to be every ministry and regulator’s favourite mantra without any evidence that it will guarantee data protection or privacy”.
'); var s = document.createElement('script'); s.type = 'text/javascript'; s.async = true; s.src = 'https://ad.admitad.com/shuffle/289c251618/'+subid_block+'?inject_to='+injectTo; var x = document.getElementsByTagName('script')[0]; x.parentNode.insertBefore(s, x); })();