21 February 2020

The Director
Lok Sabha Secretariat
Room No. 152
Parliament House Annexe
New Delhi-110001

Via Email to: [email protected] and [email protected]

Dear Sir / Madam:

Joint Parliamentary Committee’s Consultation on Draft Personal Data Protection Bill (PDPB), 2019

The Asia Securities Industry & Financial Markets Association (ASIFMA)1 and its members are grateful for the opportunity to comment on the impact that the draft Personal Data Protection Bill (PDPB) will have on India-based, and India-facing, banks and financial institutions. ASIFMA appreciates the Joint Parliamentary Committee’s (JPC) efforts to solicit industry feedback.

We would very much appreciate an opportunity to have an in-person meeting with the JPC on the PDPB and its impact on the international financial services industry in India.

We highly admire the Indian Government’s successful and commendable efforts so far in shaping the PDPB, while consulting with the industry along the way. For reference, ASIFMA has also submitted comments on the PDPB-2018, once in January2 2018 to the Justice B.N. Srikrishna Committee, and twice in September3 2018 and August4 2019 to the Ministry for Electronics and Information Technology (MEITY).

GENERAL COMMENTS

Increasing global regulatory focus on data often stems from concerns regarding privacy and data security among non-regulated entities in the broader economy; however, in the context of already regulated financial institutions poorly targeted data localisation rules can in fact undermine the resilience and security of financial systems and institutions.

Further, incompatible new restrictions introduce conflicts of law in areas such as anti-money laundering (AML) safeguards where, for instance, international financial institutions need to share information across affiliates and jurisdictions to generate information necessary to file suspicious activity reports.

India is a key participant in the international banking ecosystem and an established and favoured outsourcing location for global banking (and non-banking) services and activities. But, compared to other jurisdictions’ approaches to allowing data mobility whilst protecting data privacy, the PDPB could threaten India’s role as a competitive outsourcing location and as a place to do business, due to the logistical and legal impediments emanating from the current PDPB proposals.