India privacy proposal remains source of legal uncertainty, Intel exec says
14 Mar 2019 12:00 am by Vesela Gladicheva
Much about a proposed data privacy law for India drafted by government-appointed experts is still unclear, causing legal uncertainty on top of concerns about the prospect of hefty fines and prison sentences for violations, an executive at Intel said today.
Data privacy legislation became necessary following a landmark 2017 ruling by India's Supreme Court that said for the first time that privacy is a fundamental right. Last summer, a committee appointed by the government and chaired by former Judge BN Srikrishna released a draft comprehensive data protection bill.
The government is expected to present a bill to Parliament after India's general election wraps up in May, though it's unclear to what extent it will incorporate the recommendations of Srikrishna's panel.
Intel has closely tracked developments around the new law, as it will affect its research and development centers in Bangalore and their emphasis on artifical intelligence technology.
Masucci said the current proposal would pose difficulties for Intel, including the need to hire a data-protection officer in India, keep records of data processing, carry out audits and security reviews, and manage a low threshold for reporting data breaches.
More challenging, he said, will be the government's ability to decide in the future what types of data should be classed as "critical," triggering an obligation on companies to keep such data within India's borders.
"At the moment, we have no visibility on which are the categories of data that could be defined as critical data," Masucci said. The success of new technologies such as artificial intelligence is linked to "our ability to move data," he added.
Another problem will be the limited situations in which companies can process data under the proposals without seeking individuals' consent. That could be expanded in the future, Masucci said, but the lack of clarity is a "big degree of uncertainty."
The risk of drawing fines of up to 50 million rupees (about $718,000) or a three- to five-year prison sentence adds complexity, he said.
Masucci also pointed to the bill's data-localization obligations.
"We welcome the provision allowing the government to decide if some transfers are legitimate between two countries or for some specific sectors," he said. "The problem is that we don't know it yet."
14 Oct 2020 12:55 am by Jet Damazo-SantosAfter the Philippine privacy regulator issued another harsh warning against privacy violations, members of a data protection group began raising questions.
09 Oct 2020 9:17 pm by Jakub KrupaThe UK already had a high wall to climb for it to win an adequacy decision that will let it continue data flows to the EU after Brexit.
02 Oct 2020 11:00 am by Amy MillerCanadian tech companies will soon be subject to tougher privacy laws as lawmakers face intense pressure to keep pace with European privacy standards.