December 24, 2024 11:10 am (IST)
Follow us:
facebook-white sharing button
twitter-white sharing button
instagram-white sharing button
youtube-white sharing button
Congress leader files complaint against Allu Arjun for 'insulting police' in Pushpa 2: The Rule | Ahead of Jaishankar's US visit, foreign secretary Vikram Misri meets top US diplomats | India refrains from commenting on extradition request for ousted Bengladeshi PM Sheikh Hasina | I don't blame Allu Arjun, ready to withdraw case: Pushpa 2 stampede victim's husband | Indian New Wave Cinema Architect Shyam Benegal dies at age 90 | Cylinder blast at a temple in Karnataka's Hubbali injures nine people | Kuwait PM personally sees off Modi at airport as Indian premier concludes two-day trip | Three pro-Khalistani terrorists, who attacked a police outpost in Gurdaspur, killed in an encounter | Who is Sriram Krishnan, an Indian-American picked by Donald Trump as US AI policy advisor? | Mohali building collapse: Death toll rises to 2, many feared trapped for 17 hours

Regulation on data protection & privacy: ASSOCHAM-PwC study suggests providing relaxations & exceptions to MSMEs

| @indiablooms | Sep 19, 2018, at 04:01 pm

New Delhi, Sept 19 (IBNS): The regulation on data protection and privacy should adopt a risk-based approach and provide certain relaxations and exceptions for micro, small and medium enterprises (MSMEs) under specific circumstances, suggested a recent ASSOCHAM-PwC joint study.

“In Indian context, it is also important to ask questions on the applicability and impact of any such data protection regulation on small and medium businesses (SMBs),” said the study titled, ‘Privacy in the data economy,’ jointly conducted by The Associated Chambers of Commerce and Industry of India (ASSOCHAM) and global professional services firm PricewaterhouseCoopers (PwC).


The report stated that stringent regulations may deter MSMEs due to the high costs and technology investments necessary for compliance. However, in the new age economy, a number of small enterprises are capturing and processing large volumes of data.

It further said that certain categories of private processing, such as processing carried out by not-for-profit organisations or charitable institutes, may have to be dealt with categorically and provided with certain exemptions.

The ASSOCHAM-PwC joint study suggested that privacy laws should also cater to specific sectors such as healthcare, telecom, banking and finance to address various nuances in each sector.

With a view to establish a robust, transparent and enforceable regulation, the study has outlined following recommendations:

·                     Borderless Internet - The regulation should not only apply to entities (both public and private) within India that process personal data of Indian citizens and residents but it should also be applicable to all kinds of processing carried out on the personal data of Indian citizens and residents, even though such processing may not be entirely based in India or may be carried out by non-Indian entities that do not have a presence in India.

·                     Cross-border transfer of data - The regulation should clearly restrict transfers only to countries that offer an adequate level of protection and propose additional measures that need to be ensured for data transfers that do not meet such standards.

·                     Accountability of data - Both the data processor and data controller should be equally accountable for safeguarding data.

·                     State interest vs individual’s privacy - The proposed regulation will need walk a tight line between right to privacy and national security considerations in order to strike the right balance and avoid excessive interference in citizens’ personal life without justification. Such considerations, categories and exceptions should be clearly called out to avoid any ambiguity to the extent feasible.

·                     Localisation of data - The regulation should take a call on data localisation after considering a cost-benefit analysis between the enforcement benefits derived from data localisation and the costs involved pursuant to such requirements. A one size-fits-all model may not be the most fruitful and may cause more harm than benefit to the industry.

·                     Penalties and compensation - There should be a higher level of penalty for breaches of privacy that organisations wilfully make or that result from negligent security practices. As regards compensation, there should be clarity around the quantum and nature of the same to the extent feasible.

Support Our Journalism

We cannot do without you.. your contribution supports unbiased journalism

IBNS is not driven by any ism- not wokeism, not racism, not skewed secularism, not hyper right-wing or left liberal ideals, nor by any hardline religious beliefs or hyper nationalism. We want to serve you good old objective news, as they are. We do not judge or preach. We let people decide for themselves. We only try to present factual and well-sourced news.

Support objective journalism for a small contribution.