India's Personal Data Protection Bill may tighten compliances for Big Tech

India’s Personal Data Protection Bill, 2019 is expected to increase compliances for big tech companies such as Amazon, Google and Facebook about dealing with personal data of individuals in the country. Besides an additional load of commitment for data protection, it would also require them to spend time, money and resources on ensuring compliance with the regulation, according to the experts.
 

“This is India’s first foray in data protection legislation. It is going to be a game-changer,” said Pavan Duggal, a top cyberlaw expert and a Supreme Court lawyer. “These firms are handling a lot of personal data, offering (e-commerce) platforms and dealing with financial information.”
 

It has been learnt that e-commerce giant Amazon has expressed inability to appear before a joint parliament committee looking into the Personal Data Protection Bill, 2019.  It was reported that this amounts to "breach of privilege of parliament.”
 

According to sources, Amazon had informed the committee that its experts were abroad and were unable to travel to India due to the Covid-19 pandemic. The meeting was scheduled for next week.
 

Duggal said the government can take a very “serious note” about Amazon not appearing before the committee.  “The joint parliamentary committee is not powerless,” said Duggal. “It can actually recommend action to be taken.”
 

Experts said the parliament committee wants to examine all the stakeholders including Amazon, Facebook and Google to get their perspective about personal data protection issues. These big service providers are data intermediaries and are dealing, handling and processing humongous volumes of data.
 

Top officials at social media giant Facebook have made a detailed presentation before the joint committee on the Personal Data Protection Bill, according to the sources. India is the biggest user base for Facebook with around 328 million users while its WhatsApp messaging app has 400 million users in India, also the world’s highest.
 

People in the know said that officials from companies such as Google, Twitter and digital payments firm Paytm are expected to make the presentations during the last week of this month.
 

India’s digital transformation opportunity and anticipated 850 million smartphone users by 2025,  has made the country a very attractive market for big tech companies. The market opportunities for online commerce in the country are expected to touch $200 billion by 2028 from $30 billion in 2018. Also, due to Covid-19 pandemic, more Indian’s are getting online. All of these transformations are generating huge amounts of data.
 

LocalCircles, the community platform, had done extensive work on ‘Personal Data Protection’ in 2017 and people had raised key areas of concern where personal information gets compromised.  “Some of the top sectors were telecom, banking and insurance data where their field staff and service providers were capturing consumer information and reported to be sharing and selling it with other service providers and companies,” said Sachin Taparia, founder and chairman, LocalCircles.
 

Taparia said the Parliamentary committee working on the PDP Bill must ensure that they take the time to understand how on the ground data gets compromised in India and address these vulnerable areas. “In the last few years we have not received much consumer complaints of personal data getting compromised by social media, technology or e-commerce companies," said Taparia.
 

The Personal Data Protection Bill, 2019 was introduced in Lok Sabha, last year in December. The Bill seeks to provide for the protection of personal data of individuals and establishes a Data Protection Authority for the same.
 

According to PRS Legislative Research, the Bill governs the processing of personal data by the government, companies incorporated in India, and foreign companies dealing with personal data of individuals in the country. Personal data is data which pertains to characteristics, traits or attributes of identity, which can be used to identify an individual. The Bill categorises certain personal data as sensitive personal data.  This includes financial data, biometric data, caste, religious or political beliefs, or any other category of data specified by the government, in consultation with the Authority and the concerned sectoral regulator, according to PRS Legislative Research.
 

Some analysts said that the Indian government wants to make the big tech companies more answerable. They said there is a perception that these firms are not very responsive compared to their efforts to answer the summons by the US government.

“A lot of consumer data has been stored by these (big tech) companies,” said  Satish Meena, a senior forecast analyst at Forrester Research. “These hearings are going to increase in India to make sure these firms are held more accountable.”