India on Friday proposed a new data privacy law that will allow companies to transfer some users’ data abroad, while giving the federal government powers to exempt state agencies from the law in the interests of national security.
The proposed law would be the latest regulation that could impact how tech giants such as Facebook and Google process and transfer data in India’s fast-growing digital market. It comes after India in August withdrew a 2019 privacy bill that had alarmed companies by proposing stringent restrictions on cross-border data flows.
The latest privacy bill, however, relaxed certain stringent norms on cross-border transfers proposed earlier, with the government saying it could specify countries to which entities managing data can transfer personal data of users.The new bill also proposes financial penalties of up to 2.5 billion rupees ($30 million) if someone is found breaching the provisions of the law
A version of the previous bill had also introduced a provision empowering the government to ask a company to provide anonymised personal data and non-personal data to help target the delivery of government services or formulate policies.
That provision does not exist in the new bill, which Salman Waris, a managing partner at law firm TechLegis said “will be a relief to companies and the wider technology industry that had pushed back against the provision”