Some items on our site have recently moved. Visit our News Hub for selected articles, special reports, podcasts and other resources.
India privacy proposal remains source of legal uncertainty, Intel exec says
14 March 2019 00:00
Much about a proposed data privacy law for India drafted by government-appointed experts is still unclear, causing legal uncertainty on top of concerns about the prospect of hefty fines and prison sentences for violations, an executive at Intel said today.
Data privacy legislation became necessary following a landmark 2017 ruling by India's Supreme Court that said for the first time that privacy is a fundamental right. Last summer, a committee appointed by the government and chaired by former Judge BN Srikrishna released a draft comprehensive data protection bill.
The government is expected to present a bill to Parliament after India's general election wraps up in May, though it's unclear to what extent it will incorporate the recommendations of Srikrishna's panel.
Intel has closely tracked developments around the new law, as it will affect its research and development centers in Bangalore and their emphasis on artifical intelligence technology.
Masucci said the current proposal would pose difficulties for Intel, including the need to hire a data-protection officer in India, keep records of data processing, carry out audits and security reviews, and manage a low threshold for reporting data breaches.
More challenging, he said, will be the government's ability to decide in the future what types of data should be classed as "critical," triggering an obligation on companies to keep such data within India's borders.
"At the moment, we have no visibility on which are the categories of data that could be defined as critical data," Masucci said. The success of new technologies such as artificial intelligence is linked to "our ability to move data," he added.
Another problem will be the limited situations in which companies can process data under the proposals without seeking individuals' consent. That could be expanded in the future, Masucci said, but the lack of clarity is a "big degree of uncertainty."
The risk of drawing fines of up to 50 million rupees (about $718,000) or a three- to five-year prison sentence adds complexity, he said.
Masucci also pointed to the bill's data-localization obligations.
"We welcome the provision allowing the government to decide if some transfers are legitimate between two countries or for some specific sectors," he said. "The problem is that we don't know it yet."
24 June 2022 06:27 by Laurel HenningStanding between insurers and the unimpeded use of data collected by a smart watch is industry regulation
17 June 2022 22:01 by Amy MillerAccused Capital One hacker Paige Thompson has been described as many things during her two-week US trial in Seattle