Raising concerns over the proposed data policies in India, US Trade Representative Katherine Tai has termed the policy as ‘Digital Trade Barriers. According to the 2022 National Trade Estimate Report on Foreign Trade Barriers (NTE Report), the new data law was a significant barrier to American exports of goods and services, foreign direct investment (FDI), and electronic commerce (e-commerce) in key export markets for the country.
The NTE report identifies a range of important challenges and priorities to guide the Biden administration's trade policy. The report refers to the Data Protection Bill and finds that India's data localisation requirements could “serve as significant barriers to digital trade between the US and India,” impacting a wide range of bilateral goods and services.
The Report terms the conditions on the cross-border transfer of Sensitive Personal Data and Critical Personal Data as ‘onerous'. Further, the requirements could raise costs for service suppliers that store and process data outside India “by forcing the construction or use of unnecessary, redundant local data centers” in India, potentially serving as market access barriers, especially for smaller firms.
The report also highlights that “in the absence of standalone trade secret legislation, there is little recourse for firms in the event of misappropriation of their sensitive information. These provisions would undermine the ability of foreign firms to supply many services to Indian consumers on a cross-border basis and would not increase the protection of personal information.”
The report further refers to the Joint Parliamentary Committee (JPC) recommendations on the Bill and states that “US firms remain concerned that the new bill will negatively affect firms' ability to transfer data across borders, the authority of the DPA remains unclear, and the bill may require sharing of certain categories of non-personal data.”
Referring to the Non-Personal Data Governance Framework released by the Committee of Experts constituted by MeitY in 2020, it states that the framework would “impose burdensome requirements on domestic and foreign firms, including requests for mandatory data sharing, administrative obligations, and extending consent obligations to anonymised data. Additionally, these mandatory data sharing requirements may affect copyrighted content, patent, and trade secret protection”.
Over the last few months, the Data Protection Bill and the JPC's recommendations have been criticised by the industry in light of their potential adverse impact on the ease/cost of doing business in India. Concerns have been raised on the impact of increased compliances on India's domestic start-up ecosystem, overall global competitiveness, and FDI.