India's proposed data protection regulations have received pushback from US tech giants.  |  Photo Credit: Twitter

India's plan to regulate 'non-personal' data has received significant pushback from US-based tech behemoths Facebook, Google and Amazon who, via the US-India Business Council (USIBC), has labelled the data sharing principals outlined by the Indian government as anathema to the promotion of competition, alleging that it will deter foreign investment made by technology companies into the Indian digital eco-system, and hurt economic growth.

In late July 2018, the Narendra Modi-led government introduced a far-reaching piece of data privacy legislation called the Personal Data Protection Bill, for Parliamentary review, reportedly, based on the European Union's Global Data Protection Regulation (GDPR) that came into effect in May that year.

However, privacy analysts have noted that there are elements of the proposed legislation that differ markedly from the EU's GDPR, that have, over the last two years, caused consternation among foreign tech players eager to gain access to India's lucrative digital markets.

The first of these relate to the cross-border flow of information and India's data localisation requirements. As per the current draft of India's data protection Bill, foreign entities are permitted to transfer personal data of users to servers outside India, as long as a copy of this data is stored in a local facility. Notably, it also bars any cross-border processing of what India deems 'critical personal data.' The treatment and use of another category, 'sensitive personal data' also requires companies to meet heightened consent, notice and compliance obligations.

Tech outfits like Facebook and Google have claimed that the India's data localisation demands are based on faulty logic, raising concerns that 'sensitive data' of Indian users may very well be entangled with that of non-Indian users, amounting to a privacy threat to non-Indians, if their data is stored locally. Separating Indian user data from non-Indian data, as Facebook has previously asserted, can prove to be extremely challenging.

The second bone of contention that US-based tech outfits have over the India's proposed data protection legislation has to do with non-personal data. In July, a goverment-appointed panel recommended the set up of a regulator to oversee the use and treatment of anonymised data, or data stripped of any personal identifiers.

The panel proposed that firms operating within India's digital eco-system be made to share data with other entities including their competitors, presumably, to prevent monopolistic or anti-trust practices.

Non-personal data is any dataset that does not contain information that can be used to identify individual persons. For instance, data collected by a taxi service will, naturally, contain details like a person's name and address. This data can only be classified as non-personal if such details are removed. However, there remain key concerns about whether data can truly be made anonymised with several studies showing that perfect anonymisation may not be possible, flagging risks to personal privacy.

Facebook, Google and other tech outfits have alleged that mandating sharing of this data goes against the principles of competition.

The non-personal data a company providing digital services collects can allow it to gain a critical advantage over its competitors, especially in highly competitive markets. The counter-argument here is that non-personal data, by itself, is of little use, and it is the way that this data is analysed, via artifical intelligent algorithms and other data mining tools that is, in truth, how companies gain leverage in the market.

See more here:

'Anathema' to competition: What are the sticking points between US tech giants and India over data protection? - Times Now