Information technology and business process outsourcing industry lobby Nasscom has raised concerns on the lack of provisions to protect IP (intellectual property) rights and business sensitive non-personal data as part of the data protection bill that has been referred to a 30-member joint parliamentary committee for review.
The Personal Data Protection Bill 2019 gives the power to the central government to direct businesses to share anonymised and non personal data for delivering government services effectively, in consultation with the Data Protection Authority.
A joint statement by Nasscom and Data Security Council of India (DSCI), an industry body on data protection set up by Nasscom, has asked for clarity on the definition of ‘critical’ personal data, classification of ‘significant’ data fiduciaries as well as time allotted to businesses to comply with the requirements of storing personal data in the country.
“A robust data protection law is critical for India’s success in the data economy and we are very happy that the government is taking the necessary steps to pass the law at the earliest...There are a few areas where we still need further clarity and Nasscom will continue to work with the government to ensure the bill is a win-win for India and the industry,” said Debjani Ghosh, president of Nasscom.
“We will continue working with government stakeholders and seek more discussions on this issue,” she added.
The statement also raises concerns on the lack of clarity on exemptions granted to IT-BPM (business process management) and global capability centres (GCC) businesses for processing personal data outside India.