Here’s what global tech CEOs have to say about India's data protection laws
- Global tech CEOs have been voicing their concerns against India’s proposed
Personal Data Protection Billto looks to localise the data of Indian users.
- Ginni Rometty, the CEO of IBM, and data firms like Cognizant and
Genpactare only the most recent companies to flag the potential issues with the bill.
- CEOs of other global companies like Google, Mastercard, Twitter and Qualcomm also have concerns with how the bill will be implemented.
The Draft Personal Data Protection Bill suggests that the personal data of Indian users should be held by digital and global firms within and processed only in India. But, global CEOs have been making a case for how hindering the free flow of data across borders might have “unintended consequences”.
One concern is that the regulations that govern the privacy of data should be able to differentiate between user data and data from businesses.
Cognizant and Genpact share a similar view flagging the risks to business-to-business data issues in their annual filing with the US Securities and Exchange Commission (SEC) this week. Cognizant remarked, “Complying with changing regulatory requirements requires us to incur substantial costs, exposes us to potential regulatory action or litigation, and may require changes to our business practices in certain jurisdictions, any of which could materially adversely affect our business operations and operating results.”
Genpact also told the SEC, “Evolving laws and regulations in India protecting the use of personal information could also impact our engagements with clients, vendors and employees in India.”
Google’s CEO, Sunder Pichai, addressed the issue more directly warning the government of the effect that it may have on the ‘Digital India’ program in the country.
"Free flow of data across borders — with a focus on user privacy and security — will encourage startups to innovate and expand globally and encourage global companies to contribute to India's digital economy."
Ajay Banga, the president and CEO at Mastercard, clarifies that global companies aren’t against data localisation because its makes conducting business more expensive — but because it makes it harder to keep data safe.
"When we talk about our lack of support for data localisation, it is not caused so much by expenses. It is caused by the inefficiency of what that does to the ability to provide safety, security and analytics to India’s banks and merchants."
But, some companies believe that the conversation shouldn’t be about localisation in the first place, but about ownership.
"That's the conversation that I think we need to have rather than where exactly the data sits. It's more about the ownership by the individual."
Facebook’s deputy chief privacy officer, Rob Sherman, did make an suggest an alternative approach to the problem of data localisation in India at the panel discussion on ‘Digital lows in the Digital Age’. Rather than localise data, the Indian could put a certification process in place instead where digital companies should fulfill the required standards to ensure protection and privacy rather than set up local servers in India to store Indian users data.
But there’s also an argument to be made about how changing technology which, in turn, would make any new regulations obsolete when new technology comes into play. Qualcomm’s president, Christiano Amon, notes, “Certain things can be centralised, certain things can be localised, but you can't really have a rule that mandates this.”
Sharing Banga’s concerns about the safety of data Amon said, “A regulation like that instead of helping, prevents a company from becoming competitive and make use of the technology…One possible approach is to make sure that the systems they're using, the data are secure.”
"You have to look at it case by case. Because technology moves faster than regulation, I think it is important to take a very pragmatic view."
Nasscom and the Broadband Indian Forum have also criticized the Draft Personal Data Protection Bill 2018. Global companies are calling for the Bill to be consistent with international best practices outlined in the APEC CBPR rules and the OECD privacy framework.
Groups of foreign companies are lobbying against India's Personal Data Protection Bill
GDPR compliant firms should find it easy to adhere to draft Personal Data Protection Bill in India
India plans on handing over the reins of data privacy to the telecom industry watchdog