Brussels chiefs have infuriated the Indian authorities by blocking plans to sign a trade agreement – which would open the floodgates to the transfer of even more sensitive data to the country – following fears its data laws are inadequate.
The deal, which could see the value of outsourcing more than double to £32bn a year, has been put on hold until the EU carries out an investigation to determine whether India is a “data secure” country.
The EU Data Protection Directive requires member countries to ban transfer of personal data to a non-EU country unless that country ensures adequate privacy protection.
And India is currently not considered data secure by the EU, meaning sensitive data such as intellectual property and patient information cannot be transferred to the country under EU’s data protection laws.
An Indian commerce department official said: “We have told the EU that our law may not be worded exactly in the way the EU directive is, but it essentially is the same.”
Under EU laws, European nations outsourcing business to countries not certified as data secure have to follow stringent contractual obligations, which increase operating costs and affect competitiveness.
Several European companies hesitate in doing business with India to avoid trouble from unwittingly failing to fulfill the conditions laid down by the EU.
“If India is given data secure status, not only will Indian firms save on costs but EU companies will also have increased confidence in doing business here,” said Kamlesh Bajaj, chief executive of Data Security Council of India.
According to Bajaj, outsourcing business from the EU could jump within a short span from £12.8bn to £30.2bn annually once India is recognised as a data secure destination.
He said India had given the EU enough material to demonstrate its IT Act 2006 already meets the requirements of EU’s data protection directive.
“We have incorporated the kind of privacy principles and enforcement mechanism that the EU asks for,” Bajaj said.
