FPIs oppose proposed data protection norms

By: |
Published: October 4, 2019 5:31:32 AM

The Sections 40 and 41 of the Personal Data Protection Bill (PDPB) outline restrictions and requirements regarding location and transfer of personal and sensitive personal data.

FPI, financial data, PDPB, Ministry of Electronics and IT, ASIFMA, Goldman SachsInvestors are mainly concerned over the categorisation of all financial data as sensitive data in the proposed norms.

Foreign portfolio investors (FPIs) have once again expressed their opposition regarding the proposed data protection norms that mandate local storage of financial data and put restrictions on the cross-border movement. Investors are mainly concerned over the categorisation of all financial data as sensitive data in the proposed norms.

The Sections 40 and 41 of the Personal Data Protection Bill (PDPB) outline restrictions and requirements regarding location and transfer of personal and sensitive personal data. Apart from that, the Bill mandates that data that are termed critical shall only be processed in a server located in India.

FPIs earlier also expressed their views when the Ministry of Electronics and IT (MeitY) had been holding consultations with the industry regarding the PDPB last year. But as the MeitY has now started another round of consultations over non-personal data, investors are worried that it might create further problems.

As a result of that, the Asia Securities Industry & Financial Markets Association (ASIFMA), an association of foreign funds and financial institutions like Barclays, Bank of America Merrill Lynch, BNP Paribas, Citi, CLSA, Goldman Sachs, etc, has written to the government expressing its concerns.

“Our members are deeply concerned about MeitY’s limited consultation with select stakeholders on the PDPB in August 2019. We understand that a new notion of non-personal data has been introduced in additional consultations,” the ASIFMA said in a letter dated August 23, 2019 to MeitY.

“This is a significant concern as such proposals have not been part of previous consultations and will likely create further problems for the financial sector, particularly if such proposals are not carefully defined or calibrated, and if requirements overlap or conflict with other obligations under banking regulation and licensing requirements,” the letter, a copy of which has been seen by FE, said.

The association said its members have much analysis to offer on any future public consultation on the PDPB to ensure the perspective of international financial institutions with India-based and India-facing operations and business lines are adequately considered.

The ASIFMA said as entities process financial data daily, many of the proposed requirements from the PDPB would cut across existing financial sector rules and significantly undermine existing processes, with little additional benefit from a customer perspective.

The association further said provisions of PDPB should only apply to entities that collect and conduct processing activities within India in relation to personal data, sensitive personal data or critical personal data of persons reside in India. “Data from heavily regulated sectors (such as financial services) should be excluded from the extra-territorial applicability of the PDPB on the grounds that such data is already subject to confidentiality and other regulatory requirements,” it said.

The ASIFMA also said data collected offshore pursuant to offshore data protection legislation should therefore be excluded from the proposed norms. “Applying the PDPB to data collected from a third country may make it difficult to return the data back to the country of origin, which would render outsourcing to India highly impractical.”

The association cited examples of Indonesia, South Korea and China that have enacted or proposed data localisation of having the negative impact of an average -0.7% of the GDP. It has proposed that PDPB should consider adopting a differentiated approach whereby all data stored in approved locations like the US, European Union, UK and Singapore are exempted from the provisions of the cross-border movement.

“The solution to regulatory access to data held elsewhere is to ensure such data are accessible, wherever located, to the appropriate regulators rather than requiring data replication or localisation,” the ASIFMA said.

Do you know What is Repo Linked Lending Rate (RLLR), Wholesale Price Index (WPI), Public Debt, Finance Commission Grants & Other Transfers, Economic Survey? FE Knowledge Desk explains each of these and more in detail at Financial Express Explained. Also get Live BSE/NSE Stock Prices, latest NAV of Mutual Funds, Best equity funds, Top Gainers, Top Losers on Financial Express. Don’t forget to try our free Income Tax Calculator tool.