Advertisment

EU’s Data Protection Law Worries Indian IT

author-image
Onkar Sharma
New Update

The European Union is wading through troubled waters for the last few years, which is hitting the Indian outsourcing business as well.

Although business opportunity is huge in the EU region, there are challenges for Indian companies ahead since the region is all set to embark on a sweeping new ‘data protection regulation' that will have a profound impact on Indian outsourcing firms willing to do business with EU countries.

Advertisment

In order to understand the implications, Dataquest had a word with Jeff Gould, president, SafeGov.org, who has continuously tracked this area and was in touch with the EU officials.

On Data Protection Regulation...

The European Union's (EU) data protection regulation, which is currently being debated within the European Commission, is set to have far-reaching impact on data center destinations around the world, since those which do not meet the EU's data protection laws will not be able to handle their citizens' data.

Advertisment

"As the new law comes into being, it would be difficult to do business in Europe for the Indian outsourcing companies. The law will forbid them to operate in the EU with their citizen data being stored outside the EU," says Gould.

Absence of Data Protection Law

What will deter Indian companies from doing business in the EU? "Well, it is the data protection law. India does not have any data protection law at present. So the chances are that India will certainly lose on the opportunity. But having data protection law alone will not help. The EU data protection law, in other words, in India will only help," reveals Gould.

Advertisment

The European governments are against allowing personal data concerning EU residents to be sent out of the EU to foreign data centers unless the foreign countries in question have passed their own strict ‘data protection' laws that are approved by the EU authorities in Brussels.

Since India currently does not have a ‘data protection' law that has been approved by the EU, this EU regulation will create a serious barrier for India's large IT outsourcing industry. India and the United States have come to an agreement about data protection issues and thus US firms are able to outsource large IT operations to India. "While India and the US are in agreement on ‘data protection, India has not yet reached a similar agreement with the EU. In the background to these issues, the ride for Indian outsourcing industry will be rough which is not a good news at all," he adds.

Who will Benefit?

Advertisment

While India loses on the pie, Asian counterparts are set to gain from India's loss. Asia's data center market leaders such as Singapore, Hong Kong or even Malaysia might thus gain from the impending regulatory changes. As against India, these countries can easily ensure their data protection regime is adequate to meet the EU's standards. This way, they can go ahead of India and other rivals and increase bilateral trade with Europe, further states Gould.

Gould sheds light on Europe's ongoing regulatory amendments for data protection laws aimed to streamline the implementation and enforcement of the rules in member EU states. Its primary aim is to protect EU citizens' data from being compromised, which means if the data subject's details can only be sent overseas, if that particular country is compliant with the EU's data protection laws.

The challenge, however, is that not many countries comply to Europe's stringent data protection requirements. In Asia-Pacific, for example, only Australia and New Zealand meet the European Commission's criteria of having the adequate level of protection ‘by reason of its domestic law or of the international commitments it has entered into', according to the EC's website.

Advertisment

Singapore Positioned Ahead of India

Gould believes that Singapore has the advantage to comply with Europe's data protection regulation over India, since Singapore has already introduced its Personal Data Protection Act 2012 (PDPA) in phases. India does not have a data protection law in place.

Secondly, why Singapore will outpace India is because of its advantage of being recognized as a reputable data center destination in Asia-Pacific. In addition, Singapore is the EU's largest trading partner in Southeast Asia.

Advertisment

The bilateral trade between the EU and the Association of Southeast Asian Nations (Asean) reached well over 200 bn euros ($262.1 bn) in 2011, of which the EU-Singapore trade comprised about a third, or 74 bn euros (US$94 bn), the European Commission data states.

Gould is less optimistic about India's ability to ready its IT industry for the data protection changes. "While it is urgent for India to reach an agreement to the new regulations to safeguard business interests, I do not see as much national unity in addressing the shortcomings of the domestic data protection laws," observes Gould.

According to him, India has been pushing hard that the EU grants it the much-coveted data-secured destination status, as India is aware of the boost it will give to the local business process outsourcing (BPO) industry.

Advertisment