The government on Friday proposed a new data privacy law that will allow companies to transfer users' personal data to certain countries abroad, the latest regulation that will have an impact on how tech giants such as Facebook and Google operate in the market. The draft bill comes after the government in August withdrew a 2019 proposal that had alarmed big technology companies by proposing stringent regulations on cross-border data flows.
In the new draft released on Friday, the government said it could specify countries or territories outside India to which entities managing data can transfer personal data of users.
"Cross-border interactions are a defining characteristic of today's interconnected world ... Personal data may be transferred to certain notified countries and territories," the government said in a statement.
The Digital Personal Data Protection Bill is open for public consultation, IT Minister Ashwini Vaishnaw said on Twitter, without giving a deadline.
Companies including Facebook, Twitter and Google have for years been concerned with many technology sector regulations in India, which have also strained relations with the United States in recent years.
The new bill also proposes financial penalties on companies for incident related to data breaches. It also says the government would have powers to exempt state agencies from provisions of the bill in the interest of national security.
Back in August, the government withdrew the Personal Data Protection Bill, announcing it was working on a new comprehensive law. The 2019 bill had proposed stringent regulations on cross-border data flows and proposed giving the government powers to seek user data from companies, seen as part of Prime Minister Narendra Modi's stricter regulation of tech giants, and alarming big technology companies such as Facebook and Google.
At the time, Minister of State for IT minister Rajeev Chandrasekhar said on Twitter the new framework would adhere to global standards, adding that privacy was a fundamental right of Indian citizens, and that the economy required such cyber laws.
The 2019 privacy bill was designed to protect citizens and establish a so-called data protection authority, but it had raised concerns among Big Tech giants that it could increase their compliance burden and data storage requirements.
© Thomson Reuters 2022
Affiliate links may be automatically generated - see our ethics statement for details.