Here’s what global tech CEOs have to say about India's data protection laws

Here’s what global tech CEOs have to say about India's data protection laws
(Left to Right): CEO of IBM Gini Rometty , CEO of Google Sundar Pichai, and CEO of Twitter Jack DorseyIANS/Wikimedia

  • Global tech CEOs have been voicing their concerns against India’s proposed Personal Data Protection Bill to looks to localise the data of Indian users.
  • Ginni Rometty, the CEO of IBM, and data firms like Cognizant and Genpact are only the most recent companies to flag the potential issues with the bill.
  • CEOs of other global companies like Google, Mastercard, Twitter and Qualcomm also have concerns with how the bill will be implemented.
The Indian government has been pushing for data localisation in India but companies around the world have their doubts about its efficiency and clarity.

The Draft Personal Data Protection Bill suggests that the personal data of Indian users should be held by digital and global firms within and processed only in India. But, global CEOs have been making a case for how hindering the free flow of data across borders might have “unintended consequences”.

One concern is that the regulations that govern the privacy of data should be able to differentiate between user data and data from businesses. Ginni Rometty, the CEO of IBM, said, “We believe strongly in consumer privacy and you have to be careful to not conflate consumer data issues with business-to-business data issues,” in an interview with the Economic Times on Tuesday.
Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

Cognizant and Genpact share a similar view flagging the risks to business-to-business data issues in their annual filing with the US Securities and Exchange Commission (SEC) this week. Cognizant remarked, “Complying with changing regulatory requirements requires us to incur substantial costs, exposes us to potential regulatory action or litigation, and may require changes to our business practices in certain jurisdictions, any of which could materially adversely affect our business operations and operating results.”

Genpact also told the SEC, “Evolving laws and regulations in India protecting the use of personal information could also impact our engagements with clients, vendors and employees in India.”

Google’s CEO, Sunder Pichai, addressed the issue more directly warning the government of the effect that it may have on the ‘Digital India’ program in the country.

"Free flow of data across borders — with a focus on user privacy and security — will encourage startups to innovate and expand globally and encourage global companies to contribute to India's digital economy."

Sundar Pichai, Google CEO, in a letter to the Indian IT Minister, Ravi Shankar Prasad, thanking him for his visit to the Google’s Mountain View campus in August 2018

Ajay Banga, the president and CEO at Mastercard, clarifies that global companies aren’t against data localisation because its makes conducting business more expensive — but because it makes it harder to keep data safe.

"When we talk about our lack of support for data localisation, it is not caused so much by expenses. It is caused by the inefficiency of what that does to the ability to provide safety, security and analytics to India’s banks and merchants."

Ajay Banga, Mastercard’s president and CEO, said at an investor call in October 2018

But, some companies believe that the conversation shouldn’t be about localisation in the first place, but about ownership. Jack Dorsey, the CEO of Twitter, feels that regardless of whether the data sits in India or outside India, individuals should be the ones with absolute control over their information.

"That's the conversation that I think we need to have rather than where exactly the data sits. It's more about the ownership by the individual."

Jack Dorsey, Twitter CEO, told IANS

Facebook’s deputy chief privacy officer, Rob Sherman, did make an suggest an alternative approach to the problem of data localisation in India at the panel discussion on ‘Digital lows in the Digital Age’. Rather than localise data, the Indian could put a certification process in place instead where digital companies should fulfill the required standards to ensure protection and privacy rather than set up local servers in India to store Indian users data.

But there’s also an argument to be made about how changing technology which, in turn, would make any new regulations obsolete when new technology comes into play. Qualcomm’s president, Christiano Amon, notes, “Certain things can be centralised, certain things can be localised, but you can't really have a rule that mandates this.”

Sharing Banga’s concerns about the safety of data Amon said, “A regulation like that instead of helping, prevents a company from becoming competitive and make use of the technology…One possible approach is to make sure that the systems they're using, the data are secure.”

"You have to look at it case by case. Because technology moves faster than regulation, I think it is important to take a very pragmatic view."

Christiano Amon, Qualcomm President

Nasscom and the Broadband Indian Forum have also criticized the Draft Personal Data Protection Bill 2018. Global companies are calling for the Bill to be consistent with international best practices outlined in the APEC CBPR rules and the OECD privacy framework.

See also:
Groups of foreign companies are lobbying against India's Personal Data Protection Bill

GDPR compliant firms should find it easy to adhere to draft Personal Data Protection Bill in India

India plans on handing over the reins of data privacy to the telecom industry watchdog