US firms press for cross border data flow Urge govt to publish names of restricted countries

You are currently viewing US firms press for cross border data flow Urge govt to publish names of restricted countries
Representation image: This image is an artistic interpretation related to the article theme.

US Firms Push Back Against Indonesia’s Draft DPDP Rules Over Data Localisation Requirements

The Draft DPDP Rules: A Call to Reconsider

The draft Data Protection and Privacy Policy (DPDP) rules, which aim to regulate data localisation in Indonesia, have sparked a heated debate among US-based technology and financial services firms. The rules, which are set to be implemented in 2024, require data to be stored within Indonesia’s borders for at least 6 months before it can be transferred to another country.

The Concerns of US-based Firms

  • The rules are seen as overly restrictive and may hinder the growth of the digital economy in Indonesia. The firms are concerned that the rules will lead to increased costs and complexity for businesses operating in the country. They also argue that the rules will limit their ability to provide services to Indonesian consumers.

    The Impact of the New Rules on Data Fiduciaries

    The new rules, which came into effect on January 1, 2023, have significant implications for data fiduciaries operating in India. These rules aim to ensure that personal data is handled and transferred in accordance with Indian laws and regulations. The rules also provide a framework for the classification of personal data, which is a critical aspect of data governance. Key aspects of the new rules include:

  • The requirement for data fiduciaries to obtain consent from individuals before transferring their personal data outside India. The classification of personal data into different categories, based on its sensitivity and potential impact on individuals.

    Firms must comply with Central government requirements to ensure transparency and accountability in the real estate sector.

    Compliance with Central Government Requirements

    The draft rules for the Real Estate (Regulation and Development) Act, 2016, emphasize the importance of compliance with the Central government’s requirements. Under Rule 14, firms must adhere to any directives issued by the Central government, which may include regulations on land acquisition, environmental impact assessments, and other related matters. Key aspects of compliance: + Firms must ensure that all projects are registered with the state government and comply with the state’s regulations. + Firms must also comply with the Central government’s directives on land acquisition, environmental impact assessments, and other related matters. + Firms must maintain records of all transactions, including sales, rentals, and other financial dealings.

    Ensuring Transparency and Accountability

    The draft rules also emphasize the importance of transparency and accountability in the real estate sector.

    The Draft Rules: A New Era for Data Protection

    The draft rules for data protection in the UK are set to undergo significant changes, aiming to strike a balance between the need for transparency and the potential burden on companies. The proposed revisions aim to introduce a more nuanced approach to reporting data breaches, one that takes into account the severity of the breach and the potential impact on individuals.

    The Current State of Data Protection

    Currently, the rules require firms to notify the Data Protection Board (DPB) immediately and submit a detailed report within 72 hours of discovering a data breach. This approach has been criticized for being overly broad, resulting in unnecessary notifications and potential reputational damage for companies.

    The Proposed Revisions

    The proposed revisions aim to address these concerns by introducing a more targeted approach to reporting data breaches. The draft rules would require firms to notify the DPB only in cases where the breach poses a significant risk to individuals. This would involve a more detailed assessment of the breach, taking into account factors such as the type of data involved, the number of individuals affected, and the likelihood of harm.

    The BSA’s Stance on Data Protection

    The British Standards Institution (BSI) has issued a statement on data protection, outlining its stance on the use of personal data in various contexts. The statement emphasizes the importance of data protection and highlights the need for companies to implement robust security measures to safeguard personal data.

    Key Points of the BSI Statement

  • The BSI has stated that personal data should not be required to be notified to individuals when it is unusable, unreadable, or indecipherable due to encryption or other security measures. The companies have also opposed the parental consent requirement for individuals under 18 years of age. The BSI has emphasized the need for companies to implement robust security measures to safeguard personal data, including the use of encryption and secure data storage. The statement also highlights the importance of transparency and accountability in data protection, emphasizing the need for companies to be transparent about their data collection and processing practices. ### Implications of the BSI Statement

    • Implications of the BSI Statement

    The BSI statement has significant implications for companies that handle personal data. The statement’s emphasis on robust security measures and transparency highlights the need for companies to review their data protection practices and implement changes as necessary.

    Government seeks to balance data localisation with cross-border flows.

    However, the government has been under pressure from various stakeholders to clarify its stance on data localisation.

    Understanding the Government’s Stance on Data Localisation

    The government’s approach to data localisation has been a topic of discussion for quite some time. The government has maintained that its approach will be sector-specific, meaning that different sectors will be treated differently when it comes to data localisation. This approach is aimed at addressing the concerns of various stakeholders, including foreign companies, Indian businesses, and the general public.

    Key Aspects of Sector-Specific Data Localisation

  • The government will consider the specific needs of each sector when implementing data localisation policies. Different sectors will be treated differently, with some sectors being more heavily regulated than others. The government will work with stakeholders to ensure that data localisation policies are fair and equitable. ## The Government’s Intentions*

    • The Government’s Intentions

    The government’s intentions behind data localisation are not to disrupt cross-border data flows. Electronics and IT minister Ashwini Vaishnaw had stated this in an earlier interaction with Fe.

    Leave a Reply