Nasscom hails draft data protection bill for dropping contentious rules

Industry body Nasscom has welcomed the revised version of the draft Digital Personal Data Protection Bill 2022 for dropping the provisions on non-personal data, criminal penalties, the hardware certification scheme, and statutory data residency requirements.

Union Minister for Communications and Electronics and Information Technology, Ashwini Vaishnaw, chaired a roundtable meeting last week with industry leaders and stakeholders from startups, and Small and Medium Enterprises (SMEs) on the Digital Personal Data Protection Bill 2022.

Nasscom, which was a part of the meeting, said the stakeholders appreciated the draft bill, which had been simplified by removing past proposals not related to personal data protection such as non-personal data. It added that the removal of provisions that could create “significant concerns to ease of doing business”, such as those on criminal offences, the hardware certification scheme, and statutory data residency requirements was also appreciated.

Earlier this month, MeitY released a revised draft of India’s much-awaited data privacy bill, renamed The Digital Personal Data Protection Bill, 2022. Released more than three months after discarding the previous draft, the new one has eased the data localisation mandate of the earlier version, which had alarmed many big multinational technology companies.

Nasscom said Vaishnaw promised the stakeholders that the government will strengthen data protection in India without disrupting cross-border data flows.

The industry body said the minister assured the stakeholders that all future rules will be put up for public consultation in line with the parliamentary mandate. He added that the Data Protection Board will be designed to redress concerns and complaints about data protection by making the mechanism accessible to and effective for every strata of society.

“On cross-border data flows, the industry felt that a framework prepared in consultation with government departments, sectoral regulators, and public consultations should provide a clear, proportionate, and enabling framework. Industry welcomed the retention of forward-looking concepts, such as the consent manager, to enable citizens to effectively manage their consent,” Nasscom said in a press note.

The draft is open for public consultation until December 17, while the final version is expected to be tabled in the Budget Session of Parliament next year. The 24-page document seeks to provide a legal framework for collecting and processing personal digital data in India.