The European Commission, the executive wing of the European Union (EU) responsible for introducing and enforcing the bloc’s laws, is analyzing India’s privacy law, the Digital Personal Data Protection (DPDP) Act.
This was announced by the European Commission in response to Moneycontrol’s question as to whether the DPDP law would affect data transfers from the EU to India.
According to the EU General Data Protection Regulation (GDPR), personal data of EU citizens may only be transferred to countries that ensure an adequate level of protection.
This means that the recipient country, such as India, must have data protection laws equivalent to the protections offered by the GDPR. Experts say provisions of the DPDP law, such as government exceptions and the government’s right to request information, can hamper that assessment.
“We take note of the passage of the law and are analyzing it,” a spokesman for the European Commission told Moneycontrol. The Commission services participated in several events and consultations during the legislative process of the DPDP Law.
Also read: What the Digital Personal Data Protection Act means for you
The DPDP bill was enacted in early August after President Droupadi Murmu gave her assent to the law after it was passed by both chambers of parliament amid protests over certain provisions.
Opposition MPs, civil society and human rights groups have claimed that some of the provisions violate privacy rights, facilitate surveillance and also limit press freedom. Some are even considering a legal challenge to the law.
Ireland’s Data Protection Commission, which recently fined Meta $1.3 billion over an issue related to the transfer of EU user data to the United States, welcomed India’s DPDP law. Ireland, like other EU countries, falls within the scope of the GDPR.
“The Data Protection Commission welcomes the increased data protection standards brought about by the new legislation,” a spokesman for Ireland’s DPC told Moneycontrol.
The Organization for Economic Co-operation and Development (OECD), which issued a statement in December on government access to data in the private sector, declined to comment. Brazil’s Privacy Commission also declined to comment.