India has eased its planned restrictions on cross-border knowledge flows, with a revision of its planned knowledge coverage laws.
The new Digital Data Protection Bill 2022 will allow the transfer of private data to other countries and propose GDPR-like restrictions on how companies use that data.
There are consequences of up to about $31 million for not bridging a knowledge gap, with an additional $24. 5 million when organizations fail to notify government and users.
The invoice has been in process for a long time, with a first edition proposed in 2018. Years of overhauls led to a new edition last year, which the government withdrew this summer after big tech corporations and others became concerned about cross-border trade. . Data flow.
But if the new edition specifies the countries in question, it leaves the possibility.
“The central government may, after an assessment of such items as it deems necessary, notify countries or territories outside India to which a data trustee could move non-public data, in accordance with the terms and conditions to be specified. ,” it reads.
If, as is likely, the list of exemptions includes the United States, the provision will be welcomed by large tech corporations such as Google, Amazon and Facebook. Earlier this year, the Asia Internet Coalition, of which they are members, called for cross-border knowledge transfers to be allowed.
“Imposing restrictions on cross-border knowledge flows will most likely lead to higher rates of business failure, create barriers for start-ups and lead to more expensive product offerings from existing market players,” they said in a letter to the IT Ministry.
“Ultimately, the above mandates will enable virtual inclusion and the ability of Indian consumers to access a truly global network and quality services. “allowing it to retain non-public knowledge indefinitely in the interest of the “sovereignty and integrity of India, the security of the state, friendly relations with foreign states, the maintenance of law and order or the prevention of incitement to any similar offence relating to any of them. “».
According to the Internet Freedom Foundation, this can lead to primary privacy violations.
“This is because those criteria are excessively vague and broad, so they are open to misinterpretation and misuse. If the law applies to government instruments, the collection and processing of knowledge in the absence of any criteria for knowledge coverage can lead to mass surveillance,” he says. . .
“Any exemption requested through government agencies will only be granted if it meets the criteria of legality, necessity and proportionality. It is imperative that the government’s collection and processing of citizens’ knowledge is regulated to prevent misuse. “
The base is also involved in the Data Protection Board, saying the fact that key positions will be appointed through the government lacks independence.