11:39
13:16
09:59
14:15
10:28
09:59
11:39
13:16
09:59
14:15
10:28
09:59
11:39
13:16
09:59
14:15
10:28
09:59
11:39
13:16
09:59
14:15
10:28
09:59
India intends to allow the transfer and storage of personal data in other countries, easing pressure on tech companies.
The government will "notify such countries or territories outside India to which a data fiduciary may transfer personal data," according to the draft Digital Personal Data Protection Bill recently submitted for public consultation. The document must be approved by the country's parliament to come into force.
The Digital Personal Data Protection Bill would require users' consent to collect their personal data and impose stiff penalties for violating the law - with fines of up to 5 billion rupees ($61.2 million) for individuals or companies who leak, inadvertently or alter or destroy the data. In addition, the retention of personal data is limited to certain periods of time.
The need for new legislation in this area has been driven by the explosive growth of internet communications technology, applications and equipment in a country of 1.4 billion people.
Large companies, such as Meta and Alphabet, and local start-ups have called the original version of the bill onerous.
In August, the authorities withdrew the two-year-old document in its current version from the country's parliament, saying they would introduce new provisions based on comments received from lawmakers, including recognising platforms such as Meta as publishing organisations and establishing a supervisory body to oversee their activities.
The new bill would create an Indian Data Protection Board, which would monitor and identify breaches of relevant legislation and impose penalties for such breaches. At the same time, companies such as Amazon and Google, for example, are required to appoint data privacy officers to conduct their operations in India.
The bill also includes obligations on Google and Facebook to develop and maintain "accessible, transparent and inter operable platform" for obtaining, processing, reviewing and withdrawing consent for personal data.