Government to Ease Data Storage Regulations, Benefiting Google and Indian Companies
The government intends to expand its lenient stance on data storage, processing, and transfer beyond national borders, which will benefit global companies like Google and Indian firms aiming for international expansion.
A draft version of the new data protection law will allow companies to export data to any country other than those specifically named by New Delhi, the people familiar with the matter said, asking not to be named because the bill is not yet public. An earlier draft, released in November, by contrast, restricted the export of data to all but government-designated areas.
India, like governments around the world, is trying to balance the needs of businesses and the rights of individuals to data protection. The country of 1.4 billion people is an attractive growth market for global internet giants, but the companies regularly clash with authorities focused on protecting consumer interests and supporting domestic companies.
The Digital Personal Data Protection Act 2023 requires companies to obtain consent before collecting personal data and prevents them from using it for purposes other than those specified in the agreement between the parties, the people said. That means companies can’t anonymize personal data and use it for products like AI models, they said.
The bill gives sector-specific regulators, such as the central bank, a wider say in the data rules of the industries they oversee. It allows companies undergoing mergers, acquisitions, or spinoffs to export and store data as needed.
India’s technology ministry did not respond to a request for comment. The amended law was approved by Prime Minister Narendra Modi’s government this month and is set to be tabled in parliament in a session starting on July 20.
The bill comes as digitization is booming in the world’s most populous country, thanks to increased use of smartphones and mobile apps. India’s years-in-the-making data protection push is in line with similar efforts in other countries.
Other key aspects of the bill — such as the creation of a Data Protection Board of India to determine non-compliance and impose penalties for violations, and requiring companies such as Amazon.com Inc and Meta Platforms Inc to appoint India-based data protection officers — remain unchanged from earlier drafts. The decision of the Data Protection Board can be appealed to the Court of Appeal and then to the Supreme Court.