US tech circles wagons as India reviews data protection proposals
Ex-Cisco CEO-chaired lobby leading the charge
America's major tech companies are pushing back against India's proposed data protection laws, with a lobby group led by ex-Cisco CEO John Chambers emerging as the protest organiser.
The draft copped criticism when it was published because of its "data localisation" provisions, which demanded local storage for some citizen data; and for banning the re-identification of anonymised data without offering protections for security researchers trying to improve security of anonymised data sets.
Last week, India's IT minister, Ravi Shankar Prasad, said he had asked Amazon to set up servers in the country, to comply with the localisation requirements.
India mulls ban on probes into anonymized data use – with GDPR-style privacy lawsREAD MORE
Prasad announced the move in a press conference, according to Entrackr, saying he was concerned at data being moved offshore without the consent of end users.
Reuters yesterday reported that companies including Amazon, Microsoft, and American Express want the issue raised at US-India trade talks in September.
The report quoted Mozilla global policy adviser Amba Kak as saying the issue is worth national-level negotiation, adding: "Data localisation is not just a business concern, it potentially makes government surveillance easier, which is a worry."
The John Chambers-led US-India Strategic Partnership Forum (part of the US Chamber of Commerce), whose main focus to date has been opposing Indian tariffs on American products that came into effect in February, reportedly organised a meeting of tech companies to fight data localisation.
Facebook, Mastercard, Visa, AmEx, PayPal, Amazon and Microsoft reportedly took part in the meeting putting together a plan to lobby Indian parliamentarians on the country's IT and finance panels.
The forum previously told The Economic Times that companies should be able to design and implement their own storage plans, and get those plans approved by government, rather than being subject to a "one-size-fits-all" localisation law.
While a relative rarity, data localisation laws aren't confined to regimes like Russia and China. Australia and Germany, for example, have decided some sensitive citizens' data should remain onshore (health data and telecommunications metadata, respectively).
In Australia, Microsoft has decided to comply rather than fight, and last year identified Canberra Data Centres as its host for government-grade services. ®
Sponsored: Becoming a Pragmatic Security Leader