Indian Regulators to Ease on Data Storage and Transfer Policies


India plans to further relax its approach to data storage, processing and transfer beyond its borders, a boon for global companies such as Alphabet Inc.’s Google as well as Indian firms seeking growth abroad.

A draught version of a new privacy bill allows companies to export data to any country except those specifically named by New Delhi, according to people familiar with the matter, who requested anonymity because the bill has not yet been made public. In contrast, a previous draught made public in November restricted data export to all regions except those named by the government.

India, like governments around the world, is attempting to strike a balance between business needs and individuals' rights to data privacy. With a population of 1.4 billion people, the country is an appealing growth market for global internet behemoths, but corporations frequently clash with authorities concerned with protecting consumers' interests and assisting home-grown businesses.

According to the people, the Digital Personal Data Protection Bill 2023 requires companies to obtain consent before collecting personal data and prohibits them from using it for purposes other than those specified in the parties' contract. According to them, this means that companies cannot anonymize personal data and use it for products such as artificial intelligence models.

The bill expands the authority of sector-specific regulators, such as the central bank, over data rules for the industries they oversee. It enables companies involved in mergers, acquisitions, or spinoffs to export and store data as needed.