(Image source from: Investing.com)
The government panel on Friday said all critical personal data on people in India should be processed within the country.
As the data breaches are becoming common globally, the recommendation comes at a time and there is a sharp inspection by governments on how companies handle user data.
A draft bill was presented by the panel, headed by former Supreme Court judge BN Srikrishna, that will go before parliament planned to intensify data protection. The legislation could affect how global companies store data in India.
The panel said "personal data determined to be critical" will be subject to the requirement of being processed "only in India", according to its 213-page report released on Friday.
"The central government should determine categories of sensitive personal data which are critical to the nation," the panel said, adding that there will be a prohibition against cross-border transfer of such data.
By global technology companies and the United States trade groups, the panel recommendations were keenly awaited, who fright any rigorous data localization directive by the government could alter their business models and raise costs.
Nehaa Chaudhari, a technology policy expert at Indian law firm TRA, said the recommendation was strong as it showed the government wanted to see some kind of data localized.
"They seem to be conscious of the threat of data breaches," Chaudhari said. "The devil here is the detail, we will need to know what is critical personal data."
The U.S. trade groups, representing companies such as Visa, Mastercard, and American Express, have been protesting against an Indian central bank directive which said in April that all payments data should be stored locally within six months.
Asked about how financial data should be stored, judge Srikrishna said at a press briefing that the Reserve Bank had "jumped the gun", adding that a new data protection law will "override" all other notifications and regulations on data storage.
The setting up of "data protection authority", is likewise recommended by the government, an agency which would look at enforcement and implementation of the new data protection law.
India in recent months become progressively conscious of the peril of data breaches.
The government on Thursday said it had asked its federal police to probe misuse of Facebook user data by Cambridge Analytica, a political consultancy which was earlier this year accused of improperly using data of 87 million Facebook users.
"It is suspected that Cambridge Analytica may have been involved in illegally obtaining data of Indians which could be misused," the Information Technology (IT) minister said.
By Sowmya Sangam