While a discussion is going on on the CERT-In Guidelines and the Data Protection Act in India, the United States Cloud Act (2018) is said to offer an approach to enabling law enforcement agencies in India accessing data stored by US Service providers.
According to this article in orfonline.org foreign law enforcement agencies may be able to access evidence directly from US service providers in case of investigation of “serious crimes”, through an executive agreement drawn up by the two countries for the purpose.
To enter such an agreement with the US, a foreign country must meet certain procedural and substantive requirements, including having protections against surveillance and safeguards against unbridled government access to data. It also requires the partner country to show a commitment to an open and interconnected Internet, and to free flows of data across borders. This is like the adequacy clauses in the GDPR.
It is stated that the United Kingdom (UK) was the first country to have entered into a CLOUD Act agreement with the US, in 2019.
Probably this consideration may be kept in mind by the MeitY while passing the PDPB2019.
Naavi
