EU analysing India’s digital data protection law amid privacy concerns
Under European Union rules, personal data can only be transferred to countries with protection laws equivalent to its own General Data Protection Regulation
The European Commission operates as a cabinet government, with 27 members of the Commission headed by a President
The European Commission, the executive wing of the European Union (EU) responsible for initiating and enforcing the bloc’s laws, is analysing India’s data protection law the Digital Personal Data Protection (DPDP) Act.
The European Commission said this in response to Moneycontrol’s queries on whether DPDP Act would have an effect on data transfer from EU to India.
Under the EU’s General Data Protection Regulation (GDPR), the personal data of EU citizens can only be transferred to countries that ensure an adequate level of protection.
This means that the recipient country like India must have data protection laws that are deemed equivalent to the protection offered by the GDPR. Experts say DPDP Act provisions such as exemptions for the government and the right of the government to call for information can hamper that assessment.
“We take note of the adoption of the law, and we are analysing it,” a European Commission spokesperson told Moneycontrol. The commission’s services participated in several events and consultations during the legislative process of the DPDP Act.
The DPDP bill was enacted into law earlier in August with President Droupadi Murmu giving her assent to the legislation after it was passed by both houses of Parliament amid protests over certain provisions.
Opposition MPs, civil society and rights groups have alleged that some of the provisions violate the Right to Privacy, may facilitate surveillance and also clamp down on press freedom. Some are even contemplating a legal challenge to the law.
Ireland’s Data Protection Commission, which recently fined Meta $1.3 billion for an issue related to EU user data transfer to the United States, welcomed India’s DPDP Act. Ireland, like other EU countries, comes under the jurisdiction of GDPR.
“The Data Protection Commission welcomes the increased data protection standards brought by the new legislation,” a spokesperson for Ireland’s DPC told Moneycontrol.
The Organisation for Economic Co-operation and Development (OECD), which in December adopted a declaration on government access to data held by private sector entities, declined to comment. Data privacy commission of Brazil, too, declined comment.
#modernbusinessnetwork #modernusinessindia #modernbusinessamerica #modernbusinesseurope #modernbusinessasia #modernbusinessgulf #modernbusinessgermany #modernbusinessworld #modernbusinesstimes
