16 Apr 2012

India Expecting A Data Secure Nation Status From European Union

European Union (EU) is well known for its robust and stringent privacy laws and data protection regime. Naturally, EU also expects those dealing with it to follow similar privacy and data protection norms, especially those pertaining to commercial and outsourcing activities.

We have no dedicated data protection laws in India, privacy law in India, data privacy laws in India, etc. There is no second opinion that we need data protection laws in India, privacy rights and laws in India, etc. This is more so in the present information and communication technology (ICT) driven environment in which India is flourishing. Thus, privacy rights in India in the information age needs special attention of Indian government. As on date, privacy rights, privacy laws and data protection laws in India are not in good shape.

At the policy level as well privacy rights and data protection rights have been ignored in India. In fact, an Indian national privacy policy is missing till now. Even legislative efforts in this regard are not adequate in India. A national privacy policy of India is urgently required.

A right to privacy bill of India 2011 has been suggested in the year 2011 yet till now we do not have any conclusive draft in this regard that can be introduced in that parliament of India. In fact, we are still waiting for a public disclosure of final and conclusive proposed draft right to privacy bill 2011 of India that can be discussed in the parliament.

This apathy on the part of Indian government and parliament of India is resulting in loss of commercial business opportunities for India. European Union is not allowing sophisticated outsourcing business to India due to absence of privacy, data protection and data security framework in India. In fact, EU has been treating India as a non-data secure country.

EU is reluctant in sending sensitive data, such as patient information for telemedicine, to India under data protection laws in the EU. Although there is an exception to this directive that allows outsourcing to non-data secure countries by adhering to standard contractual clauses that place strict obligations on both parties to ensure privacy of data, yet these are onerous and considered as disincentive for business.

As a result, much of the outsourcing work coming to India is low-end and data processing work. The sophisticated and high end outsourced work in the field of health, clinical research, engineering design and intellectual property rights is very less in India. This situation cannot improve till India is treated as a data secure country by EU.

India has now demanded that the EU lift restrictions on flow of sophisticated outsourcing business to India by designating it as a data secure country. Let us see how EU would respond to this request of India.