India privacy proposal remains source of legal uncertainty, Intel exec says
02 Apr 2020 12:35 pm by Vesela Gladicheva
Much about a proposed data privacy law for India drafted by government-appointed experts is still unclear, causing legal uncertainty on top of concerns about the prospect of hefty fines and prison sentences for violations, an executive at Intel said today.
Data privacy legislation became necessary following a landmark 2017 ruling by India's Supreme Court that said for the first time that privacy is a fundamental right. Last summer, a committee appointed by the government and chaired by former Judge BN Srikrishna released a draft comprehensive data protection bill.
The government is expected to present a bill to Parliament after India's general election wraps up in May, though it's unclear to what extent it will incorporate the recommendations of Srikrishna's panel.
Intel has closely tracked developments around the new law, as it will affect its research and development centers in Bangalore and their emphasis on artifical intelligence technology.
Masucci said the current proposal would pose difficulties for Intel, including the need to hire a data-protection officer in India, keep records of data processing, carry out audits and security reviews, and manage a low threshold for reporting data breaches.
More challenging, he said, will be the government's ability to decide in the future what types of data should be classed as "critical," triggering an obligation on companies to keep such data within India's borders.
"At the moment, we have no visibility on which are the categories of data that could be defined as critical data," Masucci said. The success of new technologies such as artificial intelligence is linked to "our ability to move data," he added.
Another problem will be the limited situations in which companies can process data under the proposals without seeking individuals' consent. That could be expanded in the future, Masucci said, but the lack of clarity is a "big degree of uncertainty."
The risk of drawing fines of up to 50 million rupees (about $718,000) or a three- to five-year prison sentence adds complexity, he said.
Masucci also pointed to the bill's data-localization obligations.
"We welcome the provision allowing the government to decide if some transfers are legitimate between two countries or for some specific sectors," he said. "The problem is that we don't know it yet."
29 May 2020 8:38 pm by Mike SwiftThe signatures submitted to election officials remains too close to call for a landmark privacy law to go before California voters in November.
As the EU marks the second anniversary of GDPR, large US tech companies should prepare for regulatory enforcement in the months ahead.
22 May 2020 4:28 pm by Vesela GladichevaAs the Irish privacy watchdog sends its Twitter probe off to EU counterparts for review today, it will doubtless hope for quick, constructive feedback.