The Computer & Communications Industry Association (CCIA) has submitted its comments to the Indian government regarding the draft Digital Personal Data Protection Rule. The CCIA's response highlights concerns about potential data localization requirements that may arise from the rule, which could grant the government extensive authority to limit data flows and potentially conflict with India's trade commitments.
In its submission, the CCIA advises that any restrictions on cross-border data transfers should be well-defined, based on specific risks, and accompanied by a reasonable notice-and-comment period. Furthermore, establishing a framework to certify countries or companies with adequate data protection measures would provide clarity, support global business operations, and ensure privacy protections. Addressing these points would enable India to safeguard its citizens' data while promoting international trade and innovation.
Jonathan McHale, Vice President of Digital Trade at CCIA, stated: “The growth and dynamism of India’s digital market, based on strong domestic suppliers and digitally-connected consumer base, make it a critical market for U.S. firms. But with Indian digital firms enjoying significant success in the U.S. market, a common-sense regulatory approach, that does not disadvantage U.S. firms, will be critical to supporting growth and enhancing the U.S.-India partnership. Accordingly, the government should ensure that any future rules do not unnecessarily restrict data flows or promote data localization policies—policies that undermine cybersecurity, economic competitiveness, and consumer welfare—and undermine international trade obligations.”
