Our Bureau

Naascom, which represents the IT sector, along with the US India Business Council, has raised several flags over the provisions of the Data Protection Bill, 2019.

In a statement, Nasscom expressed concerns over the central government’s power to exempt data processors that process personal data of data principals who are outside the territory of India.

“The industry, in particular the IT-BPM (business process management) and GCC (global capability centre) industries, will need greater certainty on the scope and issuance of the exemption,” Nasscom said.

Nasscom also pointed to the powers that the Bill gives the central government to direct data fiduciaries or data processors to share anonymised data or non-personal data for the purpose of enabling better targeting for delivery of services or for the formulation of evidence-based policies by the Centre.

“No safeguards have been provided for protecting IP rights or other business-sensitive non-personal data,” Naascom said

Processing of financial data related to employees for operations such as payroll services is also an area of concern.

“Given that explicit consent is the only ground for processing sensitive personal data, the classification of ‘financial data’ as sensitive personal data poses potential problems for other business operations such as risk management, fraud detection, among others,” Nasscom said.

USIBC’s reservations

“The Bill contains several new provisions outside the core issue of data privacy that raise serious concerns for the private sector, particularly the inclusion of requirements around non-personal data and social media intermediary liabilities,” USIBC president Nisha Desai Biswal said in a statement.

USIBC suggested in the statement that the Bill be revised to provide ample time to establish a new Data Protection Authority (DPA) and strengthen the DPA’s independence and effectiveness, as well as allow companies to transform business operations, develop new technologies, and innovate digital solutions.

Related Topics