India moves forward with data privacy bill

India’s landmark data management bill, the Personal Data Protection Bill 2019,[1] is currently being analyzed by parliament and could be enacted by the end of the year. The current version of the bill is different from a draft that was passed last year, and it includes changes to personal data definitions, responsibilities of data fiduciaries, and the power of the government over the personal data of Indian citizens.

The bill is part of a wave of data privacy regulations that have swept over the world, from Europe to Japan to China and elsewhere. Every data bill has certain things in common, such as protections for personal data, but also interesting differences that reflect national and regional concerns.

India, unlike China, allows foreign players to invest in and operate within India’s borders. But like China, India also requires companies to store personal data within India’s borders. This requirement, known as data localization, has been refined somewhat from the original draft version, but it is still a major concern for organizations processing the personal data of Indian citizens.

In an article written for Harvard Business Review,[2] Vijay Govindarajan, Anup Srivastava and Luminita Enache provide analyses of the changes made to the draft bill and, more importantly, discuss the impact of the Personal Data Protection Bill’s requirements on global data supply chains. For example, the localization requirement applies differently to different tiers of data labeled critical, sensitive or general:

This document is only available to subscribers. Please log in or purchase access.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field