The Internet and Mobile Association of India (IAMAI) has sought reconsideration of most of the key points in the proposed data protection bill, including rules on data localisation, and demands removal of criminal penalties.
A report, released by the IAMAI on Wednesday, said it has observed a conflict between the Ministry of Communications and the Ministry of Electronics and IT based on a set of recommendations by telecom regulator Trai and suggested that cloud service providers should be the government through the IT ministry.
Expressing concern over data localisation norms, the report, authored by Ikigai Law, said all legislative and policy developments on data governance in the country thus far have advocated the storage of personal data on servers located in India.
"However, there are a number of concerns with operationalising data localisation. First, the storage of all the country's critical data within India runs the risk of creating a 'honeypot' of such data, which is vulnerable to cyberattacks, foreign surveillance and other threats," said the report, titled 'Digital Technology Policy for India's USD 5 Trillion Economy.
The IAMAI-Ikigai report cited a study by the European Centre for International Political Economy which found that economy-wide data localisation laws drain between 0.7 per cent and 1.1 per cent of the gross domestic product from the economy for no benefit.
The report demands removal of proposed criminal penalties for data breach under the Personal Data Protection Bill (PDP Bill).
Offences under the Bill are punishable with criminal penalties that include imprisonment of up to 5 years.
More From This Section
"Such penalties are excessively harsh and disproportionate, particularly since the civil penalties themselves function as effective deterrents against data breaches and other violations of the PDP Bill," the report said.
It said the criminal penalties would disincentivise small- and medium-sized enterprises from participating in the digital economy
The report, which recommends a growth road map for digital players as India desires to become a USD 5-trillion economy by 2024, identified proposed intermediary rule under the Information Technology Act as one of the hurdles in the current form.
The report suggests that IT platforms, identified as intermediaries, should not be mandated to set up an office in India to comply with the law of the land.
"The Draft Intermediary Guidelines require certain intermediaries to have a registered office in India. This will increase operational costs. Certain companies may choose to not comply with this requirement and stop offering services in India. This will reduce the quality of services available to Indian citizens who will lose out on innovative online products and services," the report said.
Former telecom secretary Aruna Sundararajan, who was present during the report's release, said otherwise. She said social media players based overseas have bad track record of responding to government concerns.
IAMAI said Vietnam, which has a similar requirement for the local presence of foreign service providers, is already facing the commercial harms of this mandate.
"We believe that these strategic decisions should be left to market forces. The government may incentivise companies to set up companies in India instead," the report said.
IAMAI report has also recommended removal of provision mandating pro-active content monitoring requirements as automated tools may be error-prone and sub-standard tools may censor even legal content.
"All this is likely to have a chilling effect on free speech and expression which is a constitutionally protected right. Therefore, the Draft Intermediary Guidelines must be revisited," the report said.
Disclaimer: No Business Standard Journalist was involved in creation of this content
