Welcome Guest Login | Register | Site Map | | Make TelecomTiger my homepage     
Telecom News
Enterprise |  Policy & Regulation |  Mobiles & Tabs |  Corporate |  VAS |  People Movement  |  Technology  |  LTE
Policy & Regulation
Proposed Data Protection Bill 2018 ambiguous: PwC-Assocham
TT Correspondent |  |  24 Aug 2018

The Personal Data Protection Bill 2018 draft resembles the EU’s General Data Protection Regulation (GDPR) and comes with ambiguities and has its own pain points, a PricewaterhouseCoopers (PwC) and the Associated Chambers of Commerce and Industry of India’s (Assocham) collaborative finding said.

In July this year, the Justice BN Srikrishna committee proposed India’s Personal Data Protection Bill, 2018 to the Centre, with an aim to create a comprehensive framework for data protection— suggesting companies to adopt certain practices to collect, process and store consumers’ data.

“The proposed Personal Data Protection Bill runs into 112 sections and is very similar to the EU’s GDPR and however, it comes with its own challenges and ambiguities,” the PwC-Assocham study said, adding that even as organisations in India were coming to terms with the GDPR, they found themselves confronted with another regulation.

The draft recommends that every data fiduciary (any entity processing personal data) shall ensure the storage, on a server or data center located in India, of at least one serving copy of personal data to which the Act applies which, however, typically means that companies would be required to build servers locally.

“The move to allow data fiduciaries save a local copy of all personal data that is stored outside the boundaries of India could have some negative consequences,” the report said

In order to protect national interests and containing the risk of surveillance from foreign states on critical data, the draft bill prevents data fiduciaries from sending ‘critical’ personal data outside the territory of India.

However, what constitutes personal data and ‘critical’ personal data is a decision that has been left up to the authority, the 21-page study added.

The intentions behind the move are good, but maintaining data locally would have an impact on businesses across multiple industries that are today cloud led, and it would increase the general cost of doing business across industries.

The BN Srikrishna committee’s proposal to bring criminal liability, making the offenses cognisable and nonbailable under the new norms, however, may also force private sector executives to face conviction, a clause contested by various stakeholders.

Following the Supreme Court’s recognition of the ‘right to privacy’ as a fundamental right under the Constitution of India in August 2017, the draft Bill guidelines, has attracted much attention in the country.

The study also pointed out that the system integrity may be threatened when purging the data.

“Data destruction may compromise system integrity in many legacy and CRM systems as these are not built to allow data destruction or anonymization,” the study said, adding that the companies might have to retune the systems to address such challenges.

The exclusion of anonymised data will considerably bring down the obligations on entities— both in the private and public sector— and it suggested that in order to prevent harm to specific groups of individuals, the limitation of processing and publishing analysis of anonymised data should be evolved.

Companies will have to limit collection and reuse of data in line with the consent obtained from the data subjects, which according to the finding, would be challenging for organisations to change the mind-set of collecting and keeping more data than necessary.

Data breaches, according to the PwC-Assocham, are a serious business issue, and added that the Bill proposes a layered approach for levying penalties for non-compliance on organisations.

In order to avoid significant business ramifications due to data breaches, organisations need to outline a well-defined testing mechanism to assess readiness to address any eventualities, the report added.

(Reported ET)

Other Stories in this Section
 mail this article    print this article    Show and Post comment
24 Aug 2018(IST)  
Maintain Business Continuity with Cisco ASR 9000 nV Technology
It is a virtual chassis solution where a pair of ASR 9000 routers acts as a single device by maintaining a single contr...read more
Simplify Your Network with Cisco ASR 9000 nV Technology
With the new Cisco Network Virtualization (nV) technology in the Cisco ASR 9000 Series Aggregation Services Routers, se...read more
Cisco Small Cell Solution: Reduce Costs, Improve Coverage
It is designed to address the challenge of mobile service coverage and to expand network capacity...read more
Other Stories of the Day