Government’s draft data protection bill is facing criticism from IAMAI, an industry body that represents both domestic and global internet companies and Nasscom, the trade association representing the IT sector. These two trade associations say the policy could significantly impact startups.
Both the associations have criticized the push from the government for data localization and believe that such a requirement will create trade barriers. The draft data protection also enforces restrictions on collection of data and there is uncertainty over the role and responsibilities of data fiduciaries. IAMAI argues that imposing limitations on purpose, storage and collection of data would make it difficult for Indian startups relying on data collection and processing to operate in the market.
“Collection and processing of firsthand data for monetization is the only lifeline for startups,” IAMAI said on Tuesday. “Restrictive clauses around purpose limitation, storage limitation and collection limitation will make it very difficult for startups and potential startups to get into the data business.”
“IAMAI recently organized a stakeholders’ consultation in which concerns around ‘restrictive clauses’ on data usage and high costs for startups were raised,” reports Economic Times.
While Nasscom has not issued an official statement, it has internally recognized challenges arising for local startups with data localization and difficulty with expanding globally. The association also added that privacy or security of data cannot be addressed by localization of data. A formal submission of their views to the government is expected by September 10.
For Indian startups, the biggest concern is around increased cost of managing data locally. If the draft data protection bill gets implemented as it is then companies will be forced to revisit how they process data and will add to their operating expenditure. “Both startups and large companies will be impacted. The nature of impact will vary depending on whether they have an entirely IT-enabled workflow or not,” Ashish Aggarwal, senior director for public policy at Nasscom told ET.
Watch: PUBG Beryl M762: All you need to know
IAMAI is also citing burden of compliance and follow up implementation of periodic data audit and seeking permission from the Data Protection Authority to introduce any new technology. Both the organizations are also questioning the status of Data Protection Authority with IAMAI claiming it would act as another complex regulator for the internet companies.