Out-Law / Your Daily Need-To-Know

Out-Law News 1 min. read

India prepares data protection laws to aid outsourcing


India is seeking to upgrade its data protection laws to make the process of outsourcing from Europe and the US as trouble-free as possible. EU law in particular restricts businesses transferring data to countries with weak privacy protection.

Currently, the US is the biggest investor in Indian IT services, with major players like IBM and Accenture taking advantage of India's cheap labour costs – almost an eighth of wages in the US.

According to a recent study into business process outsourcing, reported on Silicon Valley Business Ink, someone working in a technical support call centre would be paid $1.50 in India and over $15 in the US, while a Java programmer in India is paid $3.50 per hour, compared to $25 pre hour in the US.

European firms are severely restricted in terms of the Data Protection Directive of 1995 as to what data can be transferred or stored in countries without equivalent rules and enforcement procedures. At present, India has no such regulations, and relies on individual contracts negotiated between the main company and the Indian outsourcing contractor to address the data protection issues.

In the US, there is unease over data security in outsourcing. In June the states of New Jersey, Maryland, Connecticut and Washington, were considering legislation to prevent the transmission of data to developing nations.

Accordingly, the Indian government has been urged to provide the EU and US with the reassurance they need, particularly in light of the growing pressure on governments in both continents to limit the export of jobs.

According to a report in The Times of India yesterday, the Indian Government is not likely to bring into force a data protection act as such, but might amend existing legislation, such as the country's Information Technology Act 2000.

The preferred approach, according to The Times of India, is to negotiate a safe harbour agreement with the EU, along the lines of the safe harbour agreement that currently exists between the EU and the US.

Under that safe harbour deal, US companies can voluntarily adhere to a set of data protection principles recognised by the Commission as providing adequate protection and thus meet the requirements of the Directive as regards transfers of data out of the EU.

Although participation in the safe harbour is optional, its rules are binding for those companies that decide to join, and compliance with the rules is regulated, in the US, by the Federal Trade Commission and (for airlines) of the US Department of Transportation.

The Times of India reports that the Indian Government's department of IT is corresponding with Indian ambassadors in both the EU and US over the proposal. Nasscom, India's National Association of Software and Service Companies (NASSCOM), has also been asked to develop best-practice guidelines to assist companies in this area.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.