India may dilute its proposed regulations on data privacy and localisation
India may dilute its proposed regulations on data privacy and localisation, making only critical information to be mandatorily retained in the country. "The proposed (draft) Data Protection Bill will now be tweaked to allow personal information which is not 'critical' nor 'sensitive' to be stored and processed anywhere, while data classified as 'critical' should be kept only in India," a senior government official said, according to reports.
The Indian government is also likely to lower the number of circumstances where the company executives can be detained on account of violation of data security to just one. The executives can be jailed only for one provision pertaining to de-anonymising the already anonymised data to disclose personal information, as mentioned in The Economic Times report.
Meanwhile, another official said that this may help pacify strain in Indo-US trade ties.
The Personal Data Protection Bill of 2018 states that "every data fiduciary shall ensure the storage, on a server or data centre located in India, of at least one serving copy of personal data to which this Act applies". This means that when it comes to personal data, the 'golden copy' (the master version of a record of data) abroad must have a 'silver copy' (the mirrored version) in India. For instance, if Google offers a service from abroad, the golden copy of the data could be sitting out of servers in the US, but since the company is serving Indian customers, a silver copy must be in India too.
The bill is slated to be introduced in the ongoing session of the parliament. However, this development may cause a further delay to accommodate changes, the report said.
This development comes weeks after a high-level US trade delegation came to India to hold talks with several ministries, including IT and Commerce, amidt trade tensions between the two countries.