EU Imposes Fine on Meta, Indian Businesses on Alert: Part 2

Part 1 of this series discussed the EDPB’s findings on Meta’s illegal data transfers to the US and its decision to impose a 1.2 Billion Euro fine on Meta. In Part 2, the article attempts to highlight the impact of this decision on Indian businesses with active platforms in the EA/EU region. While doing so, it articulates Meta’s response to the EDPB, India’s existing international data transfer and retention policy, the data protection framework between India and the EU, and the way forward.

Impact of the Decision on Indian Businesses’ Operational in Europe

Meta in its statement issued in response to this decision has warned that such stern restrictions have the potential to hinder international commerce and global economies, which applies to India as well.

India, not being a signatory to the Data Free Flow with Trust (DFFT) initiative due to its commitment to data localisation and stringent data protection measures makes EU operational Indian businesses come under the radar of the EU authority just like the US. For instance, according to Article 19(2) of the Constitution of India, all fundamental rights, including the Right to Privacy granted by the Supreme Court in 2017, are subject to reasonable restrictions. Section 69 and 69B of the Information Technology Act, 2000 (Act) and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 lay down the conditions wherein Indian authorities are empowered to collect, monitor, decrypt or intercept data from any computer source (inclusive of data servers) located in India.

Furthermore, the extension of the Right to Privacy under Article 21 of the Constitution to non-citizens means that EU citizens engaging with Indian platforms have a right to constitutional remedy in Indian courts if their privacy is violated, the effectiveness of which remains to be tested.

Conclusion

The EU imposing a 1.2 billion euro fine on Meta Inc. for violating data protection laws and transferring personal data of EEA subjects to the US underscores the significance of robust data protection regulations. The GDPR ensures the rights of data subjects and places the responsibility of data protection on companies. Meta’s non-compliance with the GDPR and adherence to US surveillance laws led to this substantial fine. The decision has implications for Indian businesses operating in Europe, as they also need to adhere to the GDPR. The lack of an independent data protection regulator in India raises concerns, and the existing information technology laws grant authorities extensive powers to access data. The availability of effective remedies for EU data subjects and the potential extension of constitutional remedies to non-citizens in India add further complexity to the data transfer landscape.

Corrida Legal is the preferred corporate law firm in Gurgaon (Delhi NCR) and Mumbai. Reach out to us on LinkedIn or contact us at contact@corridalegal.com in case you require any advice or legal assistance. Go to our Data Privacy and Protection page for similar articles.

Leave a Reply

Your email address will not be published. Required fields are marked *

To Top