New Opportunities open up for India thanks to Singapore PDPA

When Singapore amended its data protection laws increasing the penalties for data breach to 10% of the annual  turnover, a window of opportunity has opened up for India to attract investments of data processing companies to India.

India presently is operating under the data protection regime of Section 43A of ITA 2000 and is not considered good enough for global companies to have their personal data processed in India. But once the Personal Data Protection Act is passed, India can on paper sport a data protection law which is on par with global laws.

At the same time, if some companies were considering setting up their operations in Singapore because there was a better industry environment there and a better “Ease of Doing Business”, they have been jolted by the recent amendment to PDPA 2012 increasing the penalties for data breach. The data breach risk will increase the cost of operations along with the  cost of risk mitigation and Cyber insurance cost both going up not to talk of occasional data breach which may escape all security measures.

The recent relaxation of OSP guidelines from DOT is another major positive development which could also attract some fence sitters to consider India as their investment destination.

Hopefully, the PDPB 2019 will be passed without further delay so that Government can spread the word around about the better business environment in India and attract investments.

At the same time, developments in the State of Maharashtra have set the industry back by a significant margin since the data protection industry look for a law and order situation where law enforcement works in protecting the industry rather than wage a war on the industry at the whims and fancy of the local Government and the Police. The inability of the federal Government and the Courts to intervene when it was required has put a doubt in the minds of international observers that if tomorrow, a data processing company is in the bad books of the local political party or the Police, then the operations of the company as well as the personal data entrusted to them for processing is not safe from being vandalized by the State.

Mumbai being a commercial hub with Pune being an important data IT hub, the impact of the developments regarding the Republic TV would cast a shadow on the lawfulness of  operations in the country. The developments have turned part of the country into a banana republic and going by the Schrems II decision of the EUCJ, India will not be considered a country which EU can rely upon.

In order to reduce the adverse impact of the Mumbai Police excesses, it is necessary for other States such as Karnataka to take extra efforts to attract the IT industries and more particularly the data processing industry that what is happening in Mumbai is an aberration and does not reflect the general status of lawfulness of the industry operations elsewhere in the country.

Perhaps to take the advantages from the two positive developments namely the amendment of the Singapore data protection act adverse to the industry, and the amendment of the OSP guidelines in India favorable to the industry as also to cushion the impact of the  misadventures of Mumbai Police and Government, the neighboring Governments in Hyderabad and Bangalore may undertake special projects to attract IT investors to these states.

Perhaps special economic zones such as ” Data Processing Zones” may be created for businesses involving the processing of personal data with support of employees working from home. Since the PDPB 2019 also provides that the DPA can notify a local data processing entity processing personal data of foreign citizens as being exempted from PDPA of India, if the local state Governments provide the assurance to the industries that they are not like the Maharashtra Government and will not behave like what Maharashtra is behaving in the case of Republic TV, then we can not only move some projects from Singapore to these states , but also move many projects slated for Pune and other parts of Maharashtra to Bangalore and Hyderabad.

Let us hope Karnataka Government seizes this opportunity and undertakes some programs on this theme during the Bengaluru Tech Summit due in the end of November.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.