Check SCREEN READER MODE to make this survey compatible with screen readers.
NASSCOM-DSCI Survey on Government Data Access Requests for IT-BPM and GCC Companies
1.
Context
As you might be aware, Earlier in July 2020, the Court of Justice of the European Union (CJEU’s) in the case of Data Protection Commissioner v Facebook Ireland Ltd, Maximilian Schrems (Schrems-II) invalidated the US-EU Privacy Shield, and led to wide-reaching ramifications in terms of cross-border data transfers outside the EU, conducted on the basis of Standard Contractual Clauses (SCCs).
One of the main implications of the judgment,[1] is that cross-border data transfers of personal data of EU residents, can no longer be held to be valid merely on the basis of SCCs, and would also require an independent assessment by the relevant data exporter, on the adequacy of protection granted by the jurisdiction of import. Such an assessment, and its validity will have to be determined by the relevant national Data Protection Commissioners (DPCs) in EU Member States.
The adequacy assessment inter alia looks at the existence of equivalent levels of protection under national data protection laws in the jurisdiction of import, the availability of judicial redress, and the existence of safeguards against illegal surveillance.
In this regard, NASSCOM and DSCI are currently working on a joint Work Program to assess the impact of the Schrems-II judgment on EU-India data transfers. As a part of this exercise, NASSCOM and DSCI are analysing the various legislative and regulatory requirements under Indian law, that can enable access to personal data (both domestic and foreign).
The current questionnaire seeks certain information regarding the on-ground implementation of these legislative requirements, and our Member companies’ prior experience with data access requests from the Government and Law Enforcement Agencies (LEA).
We hope you find the time to provide us with your responses. The inputs received would be a valuable addition to our Work Program and would enable a more informed discussion on the issue. We request you to kindly provided your responses before 31 January 2021.
[1] A brief analysis of the Judgment of the Court of Justice of the European Union in Schrems II is available at: https://community.nasscom.in/communities/policy-advocacy/data-protection-impact-of-recent-developments-on-the-future-of-eu-india-digital-trade.html