The data residency, which provides for storage of data within the country’s territory will not be an all–encompassing regulation, said Rama Vedashree, CEO, Data Security Council of India, to Business Today.
India’s upcoming data privacy law to exempt start-ups from certain provisions (Photo: Reuters)
The much talked about personal data protection bill will provide several relaxations to start-ups/ new-age companies, by allowing them to use data for algorithms, innovation as well as their applications. For India’s digital new age-firms, the full provisions under the new law will kick-in only after sometime, said Rajendra Kumar, additional secretary, Ministry of Electronics and Information Technology (Meity) during a panel discussion organised by Tie and Omdiyar Network India on Wednesday.
“We wish to promote start-ups that are tech focused, the provision of access to data with relaxation in norms which will allow them to do innovation, experiment, use data as algorithms for their own applications. They will have some cushion in terms of time frame to fulfill norms,” the top Meity official said.
Rama Vedashree, Chief Executive Officer, Data Security Council of India, who has been working closely on formulating the draft provisions of the data protection bill, told Business Today.In that the concern of data residency which requires the data to be stored within the territory of India under the new law will not be an all-encompassing regulation and will be utilised with respect to personal or critical personal data. “No personal data is mandated to be stored within the boundaries of the country. This only holds true for critical personal data which will be decided by authorities,” she added.
The data privacy bill is expected to be placed before parliament in the upcoming winter session. The issues pertaining to purpose limitation, duration limitation, information/ notification to users whenever their data is used are some of the important components of the regulation, the top official said.
“This bill has various provisions which address the issue of privacy in holistic fashion. The provisions will entail all the steps when the data is collected, stored, processed and shared,” Kumar said. He added that all the government and private organisations will have to bring in consent feature for collection, storage of any kind of data, which was missing from the existent laws.
“All the points concerning citizens’ personal data privacy have been addressed in the new regulation which will be implemented by both government as well as the private sector. Several new concepts which have not been included in the privacy laws elsewhere in the world have been brought under India’s data privacy bill where the personal data storage, collection will take place in a much more systemized and confidence-building fashion,” the Meity additional secretary added.
The government, as per Kumar, views the new regulation as enabling more firepower to the IT/ITes industry of India which will be now viewed as fulfilling the data adequacy norms in par with several European countries where clients are stressing on partnering with companies where data privacy laws are in place.
The bill also proposes to bring in a single regulator for data protection in tandem with the international laws, where the authority will deal with issues in a systemic manner and citizens can reach out to concerned authorities. The e-grievance mechanism, as per the official, will also be implemented to address the complaints of users.
The government is also working to strengthen the Information Technology Act for the digital economy and for emerging technologies by bringing in best practices from the laws adopted by European countries, Kumar pointed out.