Data Protection Bill To Reach Parliament Soon

The government will not soften the proposed data storage norms that mandate server localization, officials said on Tuesday. The Draft Personal Data Protection Bill, which will reach Parliament soon, will outline all sectoral norms, they said.

Officials laid to rest speculation that the Commerce Department and the Reserve Bank of India (RBI) may review current norms that industry has repeatedly called “stringent and unsustainable”.

This comes a day after a large contingent of digital and tech majors, both domestic and foreign, met Commerce and Industry Minister Piyush Goyal, batting for easier data localization norms.

“India has proposed that companies store all consumer data on servers within the country, for security. This decision is also backed by the Information Technology Ministry and the RBI, and has been arrived at after a long set of discussions, where we heard out all major industry stakeholders,” a senior commerce department official said.

However, Goyal on Monday gave companies 10 days to write to his ministry, outlining all concerns on existing and proposed regulations on the digital sector. This includes the planned e-commerce policy, a new draft of which is being prepared currently and further stakeholder consultations are on the anvil. However, in no uncertain words, Goyal also asked foreign tech companies to not lobby with individual members of parliament, and instead directly approach concerned ministries, sources said.

Industry remains unhappy

According to private sector sources present in the meeting, the companies did not have any deep discussions on the issues that they have been facing. “Topics were touched upon, including data localization. These are the discussions we have had in the past with the government as well and they know our concerns. We will go later to meet them with a proper agenda,” said one source.

Others said the meet provided clarity to both government and industry in the run-up to the Group of Twenty (G20) Summit scheduled to be held next week in Japan. They added the industry might not debate most issues such as digital taxation and data localization at the event, given its curiosity about the government’s slant.

Industry asked about the disproportionate focus of the e-commerce policy on data. Some participants pointed out that the data protection Bill could have gone through a better consultation process, to which Goyal said people could give feedback during or after the meeting.

A large number of digital and e-commerce companies, including Reliance Jio, OLA, MakeMyTrip, Paytm, ShopClues, Yatra, and Snapdeal, were present in Monday’ meeting. Domestic tech companies such as Infosys, Wipro and Genpact were also accompanied by their international counterparts, namely Facebook, Google, Ebay, Microsoft, and Amazon, among others.

On the other hand, foreign entities continued to complain that data localization would entail a significant increase in costs. The government and foreign firms have leveled allegations against each other of supporting the misuse of private consumer data. As a result, the monitoring of data from the lens of privacy, security, safety and choice was discussed in detail, sources said.

New Bill soon

Officials at the Ministry of Electronics and Information Technology said changes in the almost-prepared data protection Bill are not possible at this late stage.

The draft Bill, submitted to the government by the Justice B N Krishna Committee in July last year, sets out how personal data should be processed by the government and private entities incorporated in India and abroad. IT Minister Ravi Shankar Prasad has acknowledged the government would allow some degree of data movement but has also noted it would be based upon reciprocity and understanding.

MeitY Secretary Ajay Prakash Sawhney assured the e-commerce companies that the Bill will reflect all the consultations that had taken place with the industry during its formulation. Some participants said the Bill could have gone through a better consultation process, to which the minister said people could give feedback during or after the meeting.

Sources at payments firms said they sought clarity on the circular from last April, which laid out the norms for storage of payment system data.

The circular said all system providers should ensure that “the entire data relating to payment systems operated by them are stored in a system only in India. For the foreign leg of the transaction, if any, the data can also be stored in the foreign country, if required”. However, RBI officials have reiterated the two-hour deadline for the said data to be brought back to India will remain in place.

According to sources, the officials have agreed to put up a “frequently asked questions” section for common issues faced by payment firms.

Tech talk

Govt-industry circle back on issues

• Data Protection Bill to reach Parliament soon, MeitY officials say no changes possible now
• Piyush Goyal has asked companies to write their concerns to him within 10 days
• Meet on Monday served to establish positions on digital taxation and localisation for both industry and govt
• RBI to release FAQs on data processing norms for financial payments―Business Standard