Technology Law Update: Privacy Law Developments in India – Wrapping up 2019

From what was expected to be a prospectively chaotic year in terms of privacy law developments, has turned out to be a rather mellow year thus far. The introduction of the revamped general privacy and data protection law in India continues to loom but there appears to be some time until it is introduced. This update brings to you privacy and data protection related developments in India during the past 11 months, which may be of interest to organizations doing or looking to do business in India.

1. New privacy and data protection law lurkingIndian Parliament is likely to consider the Personal Data Protection Bill, 2018 that is set to revamp the existing framework in India, in the upcoming Winter Session commencing from 18^th November. The proposed law was publicly released last year and appears GDPR-inspired on various fronts. The proposed law may have a considerable impact on MNCs operating in India, whether with or without a physical presence, due to its data localization requirements and cross-border data transfer restrictions.Our paper provides details of the proposed law, how it compares to the GDPR, specific industry implications and tax considerations. Our Technology and Privacy law team had also hosted a webinar to discuss the development and our analysis.

2. Clarifications on data localization in the payments industryThe Reserve Bank of India (apex bank in the country) had in April last year issued a data localization directive, mandating all authorized payment system operators and banks to store payment systems data only in India. This led to various ambiguities in the requirements as well as industry pushback on the strict requirements imposed, especially by global payment companies. Our write ups on this are accessible here and here. The RBI also issued the much awaited clarifications on the said directive. One of the major clarifications being that where processing of a payment transaction happens overseas, then the payment systems data (including end-to-end transaction details) for the said transaction could also be stored abroad, but only for a limited period i.e. for the duration of processing the transaction.We have analyzed the implications of the clarificatory press release here.

3. Dedicated committee to look into governance of non-personal dataThe Ministry of Electronics and Information Technology (MEITY) had in September released an office memorandum which constitutes a new Committee of Experts, chaired by Shri. Kris Gopalakrishnan (Co-Founder, Infosys). The MEITY had taken cue from the Committee that framed the draft Personal Data Protection Bill, 2018, that observed that community data is relevant for understanding public behavior, preferences and making decisions for the benefit of the community. MEITY observed that there is also a need to ‘recognize the economic dimension of data and suitable taxonomy of data’ and that privately collected digital data could be a necessary requirement for policy making, governance and public service delivery in many areas. The terms of reference of this committee are to:i. study various issues relating to non-personal data; and
   ii. make specific suggestions for consideration of the Central Government on non-personal data.

   The report and recommendations of the Committee is currently awaited.

Interesting and exciting times lie ahead. As one can see, data is no longer looked at as an intangible commodity but rather as an asset on which further value can be derived. Both consumers, organizations and now the Government see value in data, its usage and security. Also, as sectoral and industry-wide regulation evolves, business models will have to keep up. One must wait and watch whether 2019 has a twist in the tail, but certainly buckle up for 2020.

IFLR1000: Tier 1 for Private Equity and Project Development: Telecommunications Networks.
2020, 2019, 2018, 2017, 2014

AsiaLaw Asia-Pacific Guide 2020: Ranked ‘Outstanding’ for TMT, Labour & Employment, Private Equity, Regulatory and Tax

FT Innovative Lawyers Asia Pacific 2019 Awards: NDA ranked 2nd in the Most Innovative Law Firm category (Asia-Pacific Headquartered)

RSG-Financial Times: India’s Most Innovative Law Firm
2019, 2017, 2016, 2015, 2014

Chambers and Partners Asia Pacific: Band 1 for Employment, Lifesciences, Tax and TMT
2019, 2018, 2017, 2016, 2015

Benchmark Litigation Asia-Pacific: Tier 1 for Government & Regulatory and Tax
2019, 2018

Legal500: Tier 1 for Dispute, Tax, Investment Funds, Labour & Employment, TMT and Corporate M&A
2019, 2018, 2017, 2016, 2015, 2014, 2013, 2012

Who’s Who Legal 2019:
Nishith Desai, Corporate Tax and Private Funds – Thought Leader
Vikram Shroff, HR and Employment Law- Global Thought Leader
Vaibhav Parikh, Data Practices – Thought Leader (India)
Dr. Milind Antani, Pharma & Healthcare – only Indian Lawyer to be recognized for ‘Life sciences – Regulatory,’ for 5 years consecutively

Merger Market 2018:Fastest growing M&A Law Firm in India

Asia Mena Counsel’s In-House Community Firms Survey 2018:The only Indian Firm recognized for Life Sciences

IFLR: Indian Firm of the Year
2013, 2012, 2011, 2010

IDEX Legal Awards 2015: Nishith Desai Associates won the “M&A Deal of the year”, “Best Dispute Management lawyer”, “Best Use of Innovation and Technology in a law firm” and “Best Dispute Management Firm”