EU deprecates Data Localisation Provision in India’s Data Protection Bill
The European Union has disapproved of the Data Localisation provision in the draft Personal Data Protection Bill of India 2018. In a submission to India’s Ministry of Electronics and Information Technology (MeitY), the European Commission stated that “these data localisation requirements appear both unnecessary and potentially harmful as they would create unnecessary costs, difficulties and uncertainties that could hamper business and investments.”
According to the submission such localisation requirements are not necessary, be it from a data protection standpoint, as a matter of economic policy or from a law enforcement perspective.
“Data localisation is by no means the only way to ensure that law enforcement authorities are enabled to obtain (legitimate) access to electronic evidence. In this respect, the EU is facing similar challenges as India. However, rather than forcing the localisation of personal data in the EU, it is currently preparing legislation that will allow the police and prosecutors to access electronic information, irrespective of whether it is stored in the EU or not. A similar approach has been adopted by the United States with the US CLOUD Act. Aside from these national legislative approaches, the ideal solution might actually be a multilateral arrangement allowing for mutual access to data. While it needs further strengthening, the Council of Europe’s Budapest (Cybercrime) Convention, open to all countries around the globe, is such an instrument and it might be useful for India to consider joining the Convention (which is currently under revision),” stated Bruno Gencarelli, Head of Unit — International Data Flows and Protection, European Commission, Directorate-General for Justice & Consumers, in his submission.
Rama Vedashree, CEO — Data Security Council of India, in her comments to the Srikrishna Committee’s report, had stated that “mandating data localization may potentially become a trade barrier and the key markets for the industry could mandate similar barriers on the trade flows to India which could disrupt the IT-BPM industry.”
