A snapshot of recent key technology policy developments in India that present risks and opportunities for international companies. PDF available here.

Data protection:

Since the Personal Data Protection (PDP) Bill – India’s cross-sector data protection bill – was put forth in Parliament in December 2019, a Joint Parliamentary Committee (JC) has been examining the bill. The bill presents numerous potential concerns for international companies operating in India, including but not limited to limitations on cross-border data flow, multiple excessive restrictions on processing data, onerous requirements to demonstrate compliance, and excessive deference to the Data Protection Authority (a new regulator envisioned in the PDP Bill). The JC continues to consult stakeholders including industry. When the JC’s deliberations conclude potentially later this year, it is expected to issue a report detailing its assessment of the bill and possibly recommending edits.

In parallel, Indian policymakers have been developing an e-commerce policy. Its 2019 draft defined e-commerce extremely broadly and contained several provisions related to data which were ambiguous and created significant inconsistencies with the cross-sector data protection bill (see ASG’s analysis here). Among other things, it imposed limitations on cross-border data flow and restrictions on the treatment of data transferred abroad. The policy was delayed for various reasons including industry pushback. Policymakers say they will release a new draft for public consultation in the next several weeks.  

Non-personal data:

The Indian government seeks to define and regulate “non-personal data” – currently understood, broadly, to mean data that does not reflect individuals’ identities. The government is expected to require international companies to share such data with the government to support policymaking and with Indian businesses to help them grow. This presents numerous risks for international companies operating in India. For example, it potentially jeopardizes their intellectual property, raises their costs, creates an uneven playing field, and undermines customer privacy. Additionally, companies may face conflicting and unclear obligations regarding non-personal data because three separate policy initiatives likely seek to develop rules on non-personal data: the PDP bill, the e-commerce policy, and a committee established by the Ministry of Electronics and Information Technology (MeitY).

Digital tax:

After the government of India recently announced that it would (in sum) tax at 2% the consideration non-resident e-commerce operators receive from the services they offer in India, the government is considering deferring this “equalization levy” (currently due early July) by a quarter to ease compliance. However, the government has not so far signaled interest in eliminating the levy, despite industry’s requests.

Relatedly, the Office of the United States Trade Representative (USTR) has started investigating, under Section 301 of the Trade Act, 1974, the Digital Services Taxes (DSTs) adopted or being considered in numerous jurisdictions, including India’s levy. USTR will, in sum, evaluate whether the DSTs are “unreasonable or discriminatory” and “burden or restrict” U.S. commerce. The investigation could lead the U.S. to, among other things, raise duties on imports and end benefits under trade agreements. In parallel, the U.S. has “paused” its involvement in international negotiations regarding taxing digital companies, potentially further signaling frustration with DSTs.

Content regulation:

MeitY is working to finalize its draft amendments to the Intermediary Guidelines (accompanying the Information Technology Act), dramatically expanding the role intermediary technology platforms must play in regulating content on their platforms, with “intermediary” defined extremely broadly. The final amendments, which have been delayed for some time, may be softer in some ways than the draft amendments, but the extent of that softening is unclear. The recent U.S. move to revisit social media platforms’ role in content regulation could hasten and embolden Indian policymakers finalizing the amendments to the Intermediary Guidelines.

Beyond intermediary platforms, the Ministry of Information and Broadcasting (MIB) has been contemplating the regulation of content on streaming platforms and has encouraged self-regulation. Accordingly, the Internet and Mobile Association of India (IAMAI) announced a voluntary self-regulation code, but several platforms have expressed concerns with the code, including its potential to stifle free expression and its redundancy, given existing laws that could address objectionable content. IAMAI now seeks to build consensus, among platforms, on a self-regulation code.

About ASG

Albright Stonebridge Group (ASG) is the premier global strategy and commercial diplomacy firm. We help clients understand and successfully navigate the intersection of public, private, and social sectors in international markets. ASG’s worldwide team has served clients in more than 120 countries. 

ASG’s South Asia practice has extensive experience helping clients navigate markets across South Asia. For questions or to arrange a follow-up conversation, please contact Nikhil Sud.