Latest news with #TrustedGovernmentAccess
Economic Times
3 days ago
- Business
- Economic Times
Draft data rules introduce potential for data localisation requirements: trade associations to IT ministry
The draft Digital Personal Data Protection (DPDP) rules introduce the potential for new data localisation needs that are inconsistent with the DPDP Act's supportive approach for data flows, trade bodies told the IT ministry in a letter last week. The draft rules were published on January 3. The final rules are yet to be notified. The Information Technology Industry Council, one of the signatories to the letter, counts Big Tech companies like Amazon, Apple, Google, Meta, Microsoft, Nvidia, and OpenAI as its members.'We urge the government to narrow and align these rules to bring them into alignment with the original intent of the DPDP Act,' the letter's nine signatories said. The other signatories are US India Business Council, Software and Information Industry Association, ACT | The App Association, Asia Internet Coalition, Asia Video Industry Association, Coalition of Services Industries, Computer and Communications Industry Association, and K-Internet. The industry bodies were referring to Rules 12 and 14 of the draft DPDP rules. 'This could be achieved by setting out a clear process, including timelines and safeguards, as well as adequate consultations and timelines for implementing any potential localisation requirements, and determining when and how such data localisation determinations will be made,' the associations said in their letter to The Ministry of Electronics and Information Technology (MeitY), a copy of which was seen by ET. 'We would also urge the government to view any potential restrictions on data free flows from a future "bilateral digital trade "agreement perspective,' the signatories said. The associations also want that Rules 3-15, 21 and 22 shouldn't take effect until or after two years from the date of notification. Rule 22, as currently drafted, provides the potential for an excessively broad scope of government access to private sector data without making clear that this will follow a robust, proportionate, and transparent process with proper avenues of redress and review, they said. Giving further clarity on this process, including by referencing globally-recognised Trusted Government Access principles, would be an effective way to provide clarity and reassurance on this point, they added. The associations supported the Global Cross Border Privacy Rules (CBPR) forum and similar regimes that facilitate the free flow of data across borders, promote interoperability between privacy regimes, and encourage responsible data use and strong privacy protections, they said. Also, personal data breach reporting requires clear, risk-based reporting thresholds to ensure reporting timelines and processes do not end up compromising the efficiency of risk mitigation measures, the associations wrote in their letter dated May 21. They have also asked the MeitY to 'strongly consider' adding back language proposed in previous drafts of the DPDP Act to give critical exclusion for data pertaining to credit reporting to facilitate financial transparency and fraud prevention while supporting financial inclusion. Credit bureaus such as TransUnion CIBIL, Experian, Equifax, and CRIF High Mark are approved by the Reserve Bank of India for operating in the country.
Time of India
3 days ago
- Business
- Time of India
Draft data rules introduce potential for data localisation requirements: trade associations to IT ministry
Live Events The draft Digital Personal Data Protection (DPDP) rules introduce the potential for new data localisation needs that are inconsistent with the DPDP Act's supportive approach for data flows , trade bodies told the IT ministry in a letter last draft rules were published on January 3. The final rules are yet to be Information Technology Industry Council, one of the signatories to the letter, counts Big Tech companies like Amazon, Apple, Google, Meta, Microsoft, Nvidia, and OpenAI as its members.'We urge the government to narrow and align these rules to bring them into alignment with the original intent of the DPDP Act,' the letter's nine signatories said. The other signatories are US India Business Council, Software and Information Industry Association, ACT | The App Association, Asia Internet Coalition, Asia Video Industry Association, Coalition of Services Industries, Computer and Communications Industry Association, and industry bodies were referring to Rules 12 and 14 of the draft DPDP rules.'This could be achieved by setting out a clear process, including timelines and safeguards, as well as adequate consultations and timelines for implementing any potential localisation requirements, and determining when and how such data localisation determinations will be made,' the associations said in their letter to The Ministry of Electronics and Information Technology (MeitY), a copy of which was seen by ET.'We would also urge the government to view any potential restrictions on data free flows from a future "bilateral digital trade "agreement perspective,' the signatories associations also want that Rules 3-15, 21 and 22 shouldn't take effect until or after two years from the date of 22, as currently drafted, provides the potential for an excessively broad scope of government access to private sector data without making clear that this will follow a robust, proportionate, and transparent process with proper avenues of redress and review, they further clarity on this process, including by referencing globally-recognised Trusted Government Access principles, would be an effective way to provide clarity and reassurance on this point, they associations supported the Global Cross Border Privacy Rules (CBPR) forum and similar regimes that facilitate the free flow of data across borders, promote interoperability between privacy regimes, and encourage responsible data use and strong privacy protections, they personal data breach reporting requires clear, risk-based reporting thresholds to ensure reporting timelines and processes do not end up compromising the efficiency of risk mitigation measures, the associations wrote in their letter dated May have also asked the MeitY to 'strongly consider' adding back language proposed in previous drafts of the DPDP Act to give critical exclusion for data pertaining to credit reporting to facilitate financial transparency and fraud prevention while supporting financial bureaus such as TransUnion CIBIL, Experian, Equifax, and CRIF High Mark are approved by the Reserve Bank of India for operating in the country.
