Reliance Jio, Airtel & Paytm bat for personal data localisation
centre’s move to allow transfer of personal data of Indians to ‘trusted geographies’. They are asking for data of Indians to be stored within the country in a stance counter to that adopted by the industry’s nodal grouping Internet and Mobile Association of India (IAMAI).
Airtel, Paytm and Jio, have officially communicated their position to the Ministry of Electronics and Information Technology through a submission routed through IAMAI, accessed by ET.
All three companies are also members of the industry body.
While the industry association is backing the government’s position, some of the companies are not, “Jio is strongly opposed to any form of cross-border transfer of personal data of Indians,” a senior industry executive told ET.
Instead, “it wants the government to mandate that personal data of Indians must reside in the country itself,” the person added.
The latest draft of The Digital Personal Data Protection Bill, 2022 has mooted a
concept of “trusted geographies” where the government will prescribe a country or territory onto a “whitelist”, to which personal data may be transferred from India.
Discover the stories of your interest
The Indian internet industry has largely welcomed the government’s revised stance on allowing cross border data flow while doing away with hard data localisation mandated in the previous versions of the Data Bill.
However, the telecom majors contend that any transfer of data will mean India’s law enforcement agencies will face big challenges in accessing data of Indian citizens “once it is processed by an overseas telco or a tech company based in a foreign country,” said the executive cited above.
ET’s specific queries in this regard to Reliance Jio, Airtel and Paytm did not elicit a response until press time.
Heightened risks
Cross-border personal data transfers could potentially leave Indians in a vulnerable position, especially if their personal data gets compromised or misused in any overseas country, sources said.
“The possibility of the impacted Indian individual having any form of legal recourse mechanism to fight such misuse in a foreign country will be remote,” they said while adding that “Indian law enforcement agencies may be unable to help as they are unlikely to have real-time access to the private data of Indian citizens once it is transferred outside the country.”
The Indian companies are asking that the Centre ensures that rights of Indian users are equally enforceable, and that local law enforcement agencies have access to Indian user data processed in a third country, “before whitelisting any foreign countries.”
“Equally, foreign law enforcement agencies should have no access to data of Indian users being processed in their countries,” said the people cited above.
Further, Indian companies would be unwilling to invest in expensive data centres locally if the government allows cross-border data transfers. “There would be no business case to build state-of-the-art digital storage infrastructure in such a situation and existing investments will also go waste,” said a source aware of Jio’s thinking on the matter.
Airtel too has similar concerns against cross border transfer of data of Indians, according to the sources.
They pointed out that any move by the government to allow cross-border transfers of personal data of Indians could put on-hold billions of dollars of potential investments in state-of-the-art data centres and in building India’s digital infrastructure.
IAMAI submission
The last date for public consultation on this draft data bill was January 2, 2023.
In its submission, IAMAI stated that “Our members, Airtel, Paytm and Reliance Jio have divergent views to those expressed in this (cross border data transfer) section.”
The industry grouping has suggested that Meity consider permitting the overseas transfer of personal data by default and formulate a negative list of countries to which personal data cannot be transferred.
“This would enable MeitY to develop a specific list of factors about a country/territory that makes it a harmful destination for the personal data from India,” it said.
Jio is also opposed to certain other recommendations from IAMAI including doing away with the need for the data protection officer to be based in India and the definition of “personal data”.
The definition of personal data in the bill is currently broad enough to include data that has been anonymously aggregated, as that could still be considered data about an individual who is identified in relation to such data, IAMAI observed in its submission.
Such a broad definition of personal data could have a big impact on keeping content and resources on the internet free or nearly free, enabled by the ads funded business model, IAMAI said.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.