The Ministry of Electronics and IT (MeitY) is considering the possibility of relaxing regulations in response to complaints from many Indian start-ups that the current proposal of the personal data protection bill’s data localisation requirements is too “compliance intensive” and could hinder ease of doing business, a senior government official has revealed.
The proposed Bill requires organisations working with users’ personal data to keep a copy of such data in India and forbids the export of personal data that isn’t specifically classified as “critical.” Personal data is any information, whether online or offline, that may be used to uniquely identify a person, allowing for that person to be profiled.
“We’ve had hundreds of emails from start-ups expressing their worries, and we don’t want a bill that would inhibit innovation, the official added. “Start-ups have stated they do not want a strict localisation mandate, as set forth in the latest draft, thus we are reviewing the provision for start-ups,” the statement reads.
The official emphasised the need to strike a balance between privacy and innovation and noted that the General Data Protection Regulation (GDPR) of the European Union is viewed as being overly harsh. “There is a common understanding that GDPR has made it harder for the regions to innovate since it requires strict compliance. The government does not want to put needless obstacles in the path of India’s start-up ecosystem, which is among the most active in the world in comparison to the EU, the source added.
One factor is that startups frequently employ third-party services from businesses that may not really be located in India, and a strict localisation mandate makes cross-border operations difficult.
This occurs at a time when Indian start-ups are experiencing a sharp decline in financing. According to a July analysis by PwC India, geopolitical uncertainties brought on by Russia’s invasion of Ukraine, a decline in the value of IT stocks, and inflation caused investment for Indian start-ups to drop by 40% to $6.8 billion in the April-June quarter.
After a joint parliamentary panel released a version of the data privacy bill last year, it is currently being discussed. The original proposal was created in 2018 by a group under the direction of Justice BN Srikrishna, a retired judge.
Big Tech companies like Google and Meta have expressed worry about the planned data localisation regulations in addition to regional start-ups. Rob Sherman, vice president and deputy chief privacy officer at Meta, has previously stated that the country of India’s data localisation regulations may make it “impossible” for the firm to provide its services. The top privacy officer of Google, Keith Enright, stated last month that data localisation standards should be “as narrowly targeted as feasible.”
