Mumbai: Although a government panel has recommended extensive use of distributed ledger technology (DLT) in banks and other financial institutions, it observed that data localisation norms under the draft Data Protection Bill may create obstacles in the effective adaptation of the technology and suggested differential treatment for blockchain and DLT-based firms in terms of these norms.
The report suggested "careful" implementation of the localisation norms when it comes to DLT-based services so that the Indian companies and consumers do not miss out on the benefits of the DLT.
The draft Data Protection bill says that every data fiduciary, including the government or the company concerned, who holds the data, should ensure the storage, on a server or data centre located in India, of at least one serving copy of personal data to which the Act applies.
The Central Government should notify categories of personal data as critical personal data and that shall only be processed in a server or data centre located in India, the bill noted.
The draft legislation is to be placed before the cabinet, after which it will be introduced in Parliament.
The panel's suggestion for relaxation in terms of DLT, however, may be difficult to accept and implement for the government as it has so far not relented on the data localisation norms on any front.
The report, which was put on public domain on Monday, noted that the requirements for the localisation of certain personal data within the territory of India "may inhibit the uses of DLT in financial services being offered to Indian consumers".
It said that for example, the benefit of global or regional DLT-based services in trade financing, re-insurance and other similar services may not be available to Indian consumers if their data cannot be part of a regional or global DLT-based service. This may affect the ability of Indian manufacturers and consumers to benefit from the benefits of global supply chains and international services infrastructure in the medium to long term, the panel said.
"The Committee is of the opinion that data localisation requirements proposed in the draft Data Protection Bill may need to be applied carefully, including with respect to the storage of critical personal data so as to ensure that there is no adverse impact on Indian firms and Indian consumers who may stand to benefit from DLT-based services," it said.
Speaking to this agency, Prashant Garg, Partner, Data and Analytics, EY India said that blockchain technology on which DLT is based, is only accessible to the related parties of the transaction and secured with encryption.
"The concerned authorities have to think, how data protection law should be applied to blockchain technology. The data localisation law should have a specific chapter for how to interpret data in terms of blockchain and how to apply it, and in case of distributed data how the ownership would be defined and associated safeguards to be adopted should be specified in the law so when it gets implemented it helps easier adoption," he said.
The report and the draft bill on cryptocurrenies, emphasised on the usage of DLT and recommended that the Reserve Bank of India examine the utility of using DLT-based systems for enabling faster and more secure payment infrastructure, especially for cross-border payments.
The committee was set up on November 2, 2017 under chairmanship of the Economic Affairs Secretary Subhash Chandra Garg, with the Electronics and IT Secretary, the Chairman of Securities and Exchanges Board of India (SEBI) and a Deputy Governor of the Reserve Bank of India as its members to study the issues related to virtual currencies and propose specific action to be taken in the matter.