New framework should consider learnings from global implementation of data privacy laws: Nasscom

IT industry body Nasscom on Thursday suggested the new framework for personal data protection should consider learnings from the global implementation of data privacy laws and stakeholder views on the earlier bill.

The comments of the apex software association come as the government on Wednesday withdrew the Personal Data Protection Bill from the Lok Sabha.

The bill, mooted four years back, had rattled global big-tech companies over its stringent provisions related to cross-border data flows.

Nasscom said the key imperatives now will be to operationalise the fundamental right of privacy and enable data protection in a manner that grows trust in data-driven businesses.

It should allow data-led services to grow in a safe and trusted manner, the apex software association said.

“Data is the bedrock for Digital India, and the new framework for Personal Data Protection can build on the learnings from global implementation of data privacy laws and stakeholder feedback on the earlier bill,” Nasscom said.

India’s ‘Techade’ is shaped by accelerated digitisation and policy measures that enable access and inclusion, it added.

The government is hopeful of getting new legislation passed by the next Budget session of Parliament (early 2023), IT Minister Ashwini Vaishnaw told PTI.

“Very soon, we will rapidly go for internal approvals, get the legal vetting done, and take it to the Cabinet. Within the next few months, we should be able to complete the process. A new draft is already in the works, and public consultation on that will begin soon,” the minister said.

“Our fundamental drive has been… what we do for the country should be in sync with the whole digital economy that we are developing,” he explained.

Meta, in a regulatory filing to the US SEC, earlier this year, had said, “Some countries, such as India, are considering or have passed legislation implementing data protection requirements or requiring local storage and processing of data or similar requirements that could increase the cost and complexity of delivering our services.”

The global tech industry had also flagged concerns on provisions that mandated local storage of data, and processing of certain types of information only within India.

The exemption power for government agencies had also drawn criticism from privacy advocates.

Overall, the data protection bill sought to provide for the protection of the personal data of individuals and establish a data protection authority for the same. It proposed to put restrictions on the use of personal data without the explicit consent of citizens.

The bill proposed to specify the flow and usage of personal data, protect the rights of individuals whose personal data was processed, outlined the framework for cross-border transfers, and accountability of entities processing data. It also mooted remedies for unauthorised and harmful processing.

The draft data protection bill also sought to provide the government with powers to give exemptions to its probe agencies from the provisions of the Act—a move strongly opposed by opposition parties.