Overview

Transborder data flow facilitates business process streamlining, improves market access, and maintains business relevance in a fast-evolving business landscape. The maturing business and technological landscape, rapid globalization, increasing value of data and its exchange over e-borders, necessitates examining data policies, frameworks, practices and standards. However, the involvement of multiple countries on the one hand and privacy concerns of businesses and individuals on the other, while complexing the situation, also gives rise to constructive opportunities for their improved effectiveness in all spheres.

The need of the hour is to walk the fine balance between supporting and enabling global movement of data to facilitate commerce while, simultaneously, inspiring trust among individuals, industry and governments and enhancing their ability to control access to their data, even as economic value is generated out of such data collection and processing for all players. DSCI interacts with the European Union (EU), United States (US) and, International organizations in the Asia-Pacific (APAC) regions to analyze their respective data protection regimes and data flow frameworks, and facilitate relaxation of restrictions on cross-border data flows for mutual benefit. Among all the markets, Indian IT-BPM organizations have been striving to get access to the European market. The EU Data Protection Directive (Directive), through Article 25, sets out the criteria for assessing adequacy of data protection in a third country and where India is not considered as an ‘adequate’ country. The adequacy requirements lead to hesitation, inhibitions and impediments around data protection, which translates into significant top line revenue loss to Indian IT-BPM industry.

Despite ability and competence of Indian IT-BPM companies, earned by serving 70 plus countries, the adequacy requirements discriminates Indian industry against the nearshore destinations. Though EU allows legal instruments for data transfer, these have been criticized as complex and lengthy. Their inconsistent implementation and operationalization increases compliance cost and creates hurdles for the industry, thereby complicating the issue further.

Data adequacy requirements create hindrance in accessing the EU market, in the following ways:

DSCI along with the Department of Commerce (DoC), Government of India and Department of Electronics and Information Technology (DeitY), has been actively engaged with EU on the issue of market access and Adequacy Requirement for the Indian IT-BPM industry. Our team conducts regular response meetings, roundtables, prepares white papers and presentations for negotiations with various stakeholders.

  • Topline revenue growth is affected, as some sectors, and data types are not allowed to transfer information or additional significant conditions are imposed, before transferring information.
  • Cost of compliance and delay in business transactions, due to existing use of instruments, which are advocated by the EU as an option for data adequacy such as Model Contract and Binding Corporate Rules (BCR)
  • Restriction on flow of data to India, also deprives the EU companies to avail best-in-class services and become competitive, as was seen in case of other geographies. This closes reach of Indian industry to SME sector of the EU