18 Sep 2018

DIGITALEUROPE position on Indian Data Protection Bill 2018

DIGITALEUROPE welcomes the opportunity to submit comments on the draft Indian Personal Data Protection Bill 2018. As the voice of the technology industry in Europe, our association has been deeply involved in the negotiations that led to the adoption of the General Data Protection Regulation (GDPR), which shares similar concepts and approaches with the current Indian draft legislation.

The GDPR negotiations have strived to achieve a complex balance in ensuring strong protection while still enabling innovation and data flows, both within Europe and with foreign jurisdictions. We hope our experience in the drafting of the GDPR – and now its implementation – can help in advising on a Data Protection Bill 2018 that reflects a workable outcome.

Of particular concern to us are provisions aiming to impose data localisation. While the GDPR provides for very detailed instruments for transfers outside the European Economic Area, the objective of the European framework is still that of enabling cross-border data flows, subject to appropriate safeguards, rather than imposing local storage. The different goals of the Bill would not only hurt the Indian economy but ultimately also undermine the privacy and security of Indians’ personal data.

Finally, we note that several key concepts in the draft bill are left to be determined through codes of practice, by the Government or the Data Protection Authority (DPA) well after enactment. This makes the full impact of the proposed law difficult to predict in its entirety, leaving companies unable to shape in detail their compliance programmes as well as their internal practices and processes. DIGITALEUROPE urges that companies should have the necessary time to understand and implement the rules after all these determinations take place. Companies operating in Europe have found that the two-year implementation period foreseen by the GDPR, which was set to allow companies to take all necessary steps, was absolutely essential.

For more information, please contact:
Alberto Di Felice
Director for Infrastructure, Privacy and Security
Martin Bell
Policy Officer for Privacy and Cybersecurity
Back to Data privacy
View the complete Policy Paper
PDF
Our resources on Data privacy
Policy Paper 10 Jun 2020
Two years of GDPR: A report from the digital industry
Press Release 26 May 2020
Europe needs a unified approach to COVID-19 digital contact-tracing
Policy Paper 04 May 2020
Response to EDPB draft Guidelines on connected vehicles and mobility-related applications
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.
Decline
Accept