Personal critical data should be processed only in India

Vastavam web: All critical personal data on people in India should be processed within the country, a government panel said on Friday.The recommendation comes at a time when data breaches are becoming common globally and there is heightened scrutiny by governments on how companies handle user data.The panel said “personal data determined to be critical” will be subject to the requirement of being processed “only in India”, according to its 213-page report released on Friday.

“The central government should determine categories of sensitive personal data which are critical to the nation,” the panel said, adding that there will be a prohibition against cross-border transfer of such data.The panel recommendations were keenly awaited by U.S. trade groups and global technology companies, who fear any stringent data localisation directive by the government could alter their business models and raise costs.

“They seem to be conscious of the threat of data breaches,” Chaudhari said. “The devil here is the detail, we will need to know what is critical personal data.”
U.S. trade groups, representing companies such as Visa, Mastercard and American Express, have been protesting against an Indian central bank directive which said in April that all payments data should be stored locally within six months.The government panel also recommended setting up a “data protection authority”, an agency which would look at enforcement and implementation of the new data protection law.

India has in recent months become increasingly conscious of the risk of data breaches.The government on Thursday said it had asked its federal police to probe misuse of Facebook user data by Cambridge Analytica, a political consultancy which was earlier this year accused of improperly using data of 87 million Facebook users.