Data Privacy Law in India: Impact on Corporates & Startups
Recent years have witnessed a digital boom worldwide as data has become a vital part of our lives, but it has also given rise to the issue of maintaining accountability and fair use.
India has come a long way to become an effective IT services hub in the last decade. However, (2000) and its ancillary IT Rules (2011) are not enough and need a scope expansion.
Despite highly appointed chief information security officers in the most companies and numerous services available online, maintaining the privacy and protection of user data requires the formulation of an all-encompassing and up-to-date data privacy law in India using a dedicated and expert resource called as data protection officers.
The Personal Data Protection (PDP) Bill, 2019, was recently introduced in the Indian Parliament and referred to a Joint Parliamentary Committee for a thorough examination. Inspired by Europe’s GDPR, the PDP Bill was proposed to bring a comprehensive update to the current data protection services being provided in India.
PERSONAL DATA RIGHTS
The proposed bill provides users with numerous personal data rights, including access, correction, portability, and erasure. So, any startup or corporate entity or any entity for that matter will be mandated to spend resources and design their systems to fulfill these proposed data rights of the users.
NON-PERSONAL DATA ACCESS
While the PDP Bill excludes non-personal data from its scope, it still gives the government powers to demand anonymized data and insights from any company to aid in comprehensive policy-making. It is a cause of concern for any startup or corporate entity since the bill wants many data privacy compliance practices to be adhered by them.
We offer cost-effective techno-legal services such as preventive cyber legal services and consulting for data privacy compliance for budding startups so you can safeguard your intellectual property and confidential data while securing your business proceedings. Schedule your startup consultation today!
INFORMED CONSENT
Lawfully processing data will require business entities to provide extensive consent notices to users at the time of data collection. Serving such detailed notices in multiple languages at each data collection instance can be highly difficult and costly for companies and may even cause consent fatigue in users.
UNDERAGE USER DATA
The PDP Bill defines anyone under 18 as a child, so every online entity will need to undertake vigorous age verification and obtain parental consent before processing any child data. Such age-based restrictions may result in children losing access to valuable online services like education, healthcare, and gaming while negatively affecting child-based technological innovations.
DATA TRANSFER ACROSS BORDERS
Sensitive Personal Data (SPD), including health, finance, biometrics, and undefined Critical Personal Data (CPD), shall be stored locally under the data privacy law in India. Such restricted storage requirements may shut off access to primary global cloud services and the latest technologies for startups. The cost of building efficient data farms huge enough to contain such large volumes of data will also increase operating costs for businesses.
DATA PROTECTION AUTHORITY OF INDIA
The Data Protection Authority (DPA) and the central government have been vested with various powers under the PDP Bill, like notifying Significant Data Fiduciaries (SDFs) and classifying new SDP/CDP categories. SDFs will also need to conduct data protection impact assessments, appoint a data protection officer, and follow several additional obligations which may incur a high compliance cost for startups and corporates in India.
The PDP Bill will require business entities to overhaul their operations, rework their business practices, and change how they process user data. From demanding access to companies’ proprietary data to restricting data flow, from revamping the data processes to embedding privacy within the system architectures, the impact of the proposed data privacy law in India will be significant for startups and even established corporate firms.
At Cyberra Legal Services, our expert data privacy & cybersecurity team has collectively spent years delivering dedicated techno-legal services to our clients. Over the years, our proud team has handled all kinds of cyber world issues across every industrial sector with finesse to make us a premier cybersecurity organisation