India’s outsourcing industry breathes a sigh of relief as the government exempts it from strict new data protection rules. Personal data sent to India by customers outsourcing IT work there will not be covered by India’s new privacy rules, the government announced in late August. The clarification was a huge relief to India’s large outsourcing industry. The data privacy rules, issued in April, require companies or their intermediaries to get written consent from individuals about the use of the sensitive personal information they collect. But it would have been very difficult for Indian outsourcers to operate if they had to get written consent from every foreign citizen whose personal data moves through India’s vast collection of call centers and other outsourcing operations. India’s Ministry of Communications and Information Technology issued a clarification saying the new rules apply only to Indian companies that collect information from individuals. That ended confusion over whether U.S. and European companies sending data for processing to Indian outsourcers would have to follow India’s privacy rules while collecting data in their countries. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe The rules define “sensitive data” as including passwords, financial information, medical conditions, sexual orientation and biometric information. It is now clear that it is the companies collecting and sending the data—not outsourcers—that are responsible for protecting the privacy of the data according to the rules of the countries they operate in, says Kamlesh Bajaj, CEO of the Data Security Council of India. The council was set up by India’s National Association of Software and Service Companies to set standards for data security and privacy for outsourcers. However, the preferential treatment given to outsourcers could be struck down in court, says Pavan Duggal, a cyberlaw consultant and advocate in India’s Supreme Court. The clarification has not been issued under any provision of the country’s IT Act, and in fact violates the spirit of the IT Act, which does not limit the jurisdiction of its laws to companies within India, Duggal says. The clarification is also vague and could lead to a variety of companies claiming to be exempt from the personal data rules, he adds. Related content brandpost Fireside Chat between Tata Communications and Tata Realty: 5 ways how Technology bridges the CX perception gap By Tata Communications Sep 24, 2023 9 mins Emerging Technology feature Mastercard preps for the post-quantum cybersecurity threat A cryptographically relevant quantum computer will put everyday online transactions at risk. Mastercard is preparing for such an eventuality — today. By Poornima Apte Sep 22, 2023 6 mins CIO 100 Quantum Computing Data and Information Security feature 9 famous analytics and AI disasters Insights from data and machine learning algorithms can be invaluable, but mistakes can cost you reputation, revenue, or even lives. These high-profile analytics and AI blunders illustrate what can go wrong. By Thor Olavsrud Sep 22, 2023 13 mins Technology Industry Generative AI Machine Learning feature Top 15 data management platforms available today Data management platforms (DMPs) help organizations collect and manage data from a wide array of sources — and are becoming increasingly important for customer-centric sales and marketing campaigns. By Peter Wayner Sep 22, 2023 10 mins Marketing Software Data Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe