ZDNet | July 10, 2012
India protests EU study on its data laws
Summary: Country upset over European Union’s decision to examine if it’s "data secure" before committing to bilateral free trade agreement aimed at boosting outsourcing flow between region and India.
By Jamie Yap
India has protested against the European Union’s decision to study its data protection laws and assess if these conform to other member states, before making a commitment on a bilateral free trade agreement (FTA) between the two.
The Economic Times of India reported Monday the EU was looking to ensure India’s data laws met its directive and had yet to accept India’s assertion it was a "data secure" country. This would affect the EU’s plan to double the cross-border flow of business outsourcing from the region to India.
The EU Data Protection Directive requires member countries to ban transfer of personal data to a non-EU country unless that country ensures adequate privacy protection. Last April, the Economic Times reported India demanded the EU designate it a data secure country and lift restrictions on business outsourcing to India.
As India is currently not considered data secure by the EU, sensitive data such as intellectual property and patient information cannot be transferred to the country under EU’s data protection laws. This issue has been taken by New Delhi in the FTA negotiations, which includes a chapter on the free flow of services, the report said.
It added that India’s commerce and industry minister, Anand Sharma, who recently met with EU trade commissioner Karel De Gucht, stressed the Asian economic giant be given the status of a data secure country before the two sides signed the FTA.
"We will not tie our demand for data secure status to any study from the EU side," an Indian commerce department official told Economic Times. "We do not want a situation where we are told just days before signing the deal that the study results were not positive. We have told the EU that our law may not be worded exactly in the way the EU directive is, but it essentially is the same."
The report also pointed out under EU laws, European nations outsourcing business to countries not certified as data secure have to follow stringent contractual obligations, which increases operating costs and affect competitiveness. Several European companies, hence, hesitate in doing business with India to avoid trouble from unwittingly failing to fulfill the conditions laid down by the EU.
"If India is given data secure status, not only will Indian firms save on costs but EU companies will also have increased confidence in doing business here," said Kamlesh Bajaj, CEO of Data Security Council of India (DSCI), in the report. The council is a self-regulatory, non-profit organization set up by India’s National Association of Software and Services Companies (Nasscom).
According to Bajaj, outsourcing business from the EU could jump within a short span from US$20 billion to US$50 billion annually once India is recognized as a data secure destination.
He said India had already given the EU enough material to demonstrate its IT Act 2006 already met the requirements of EU’s data protection directive. "We have incorporated the kind of privacy principles and enforcement mechanism that the EU asks for," he said.