In Context
- The local storage requirements (Data Localisation) clause in India’s recently proposed Personal Data Protection Bill is facing controversy.
- Facebook’s parent company Meta Platforms has recently stated that this clause could make it “difficult” to provide its services in the country.
Data Localisation
- About:
- Data localisation simply means restricting the flow of data from one country to another.
- The Personal Data Protection Bill requires companies to store a copy of certain sensitive personal data within India.
- The bill prohibits the export of undefined “critical” personal data from the country.
- Localisation will make it mandatory for companies collecting critical consumer data to store and process it in data centres present within India’s borders.
- Legislations on Data Localisation:
- As of now, much of cross-border data transfer is governed by individual bilateral “mutual legal assistance treaties” (MLATs).
- In India’s context, in 2018, based on the recommendations of the Justice Srikrishna Committee, the Reserve Bank of India (RBI) mandated companies to locally store and process sensitive data belonging to Indian users of various digital payment services.
- Until then, most data from India was being stored on a cloud database outside the country
- France, Austria, South Africa and more than 50 other countries are accelerating efforts to control the digital information produced by their citizens, government agencies and corporations.
- Governments are increasingly setting rules and standards about how data can and cannot move around the globe.
- The goal is to gain “digital sovereignty”.
- Outcomes:
- For most people, the new restrictions are unlikely to shut down popular websites. But users might lose access to some services or features depending on where they live.
Significance of Data Localisation
- Protect the personal and financial information:
- The main intent behind data localisation is to protect the personal and financial information of the country’s citizens and residents from foreign surveillance.
- National security:
- Data localisation is essential to national security. Storing data locally is expected to help law-enforcement agencies to access information that is needed for the detection of a crime or to gather evidence.
- It may also enable the better exercise of privacy rights by Indian citizens against any form of unauthorised access to data, including by foreign intelligence.
- In the case of data being stored in countries hostile to India, say China, it can become a tool for mass surveillance.
- Data can be weaponized and Indians, especially State officials, could become vulnerable if Indian regulators were not in total control of all the locally generated data.
- Economic benefits:
- The economic benefits will accrue to local industry in terms of creating local infrastructure, employment and contributions to the AI ecosystem.
Criticisms/Issues
- Cost issues:
- According to Facebook’s parent company Meta Platforms, requiring local storage and processing of data or similar requirements could increase the cost and complexity of delivering their services.
- Global connect:
- A big part of providing services to people in India, acc. to Meta, is to enable them to communicate globally.
- State control of Data and its effectiveness:
- Critics not only caution against state misuse and surveillance of personal data, but also argue that security and government access is not achieved by localisation.
- Even if the data is stored in the country, the encryption keys may still remain out of the reach of national agencies.
- Trade Distortive:
- Countries like the USA has criticised the policy of data localisation as a ‘significant barrier to digital trade’.
- EU had said in its response to India’s data protection draft bill that “data localisation requirements appear both unnecessary and potentially harmful as they would create unnecessary costs, difficulties and uncertainties that could hamper business and investments”.
Way Forward:
- In order for localisation-related norms to bear fruit, there has to be broader thinking at the policy level.
- This may include, for instance,
- Reforming surveillance related laws,
- Entering into more detailed and up-to-date mutual legal assistance treaties,
- Enabling the development of sufficient digital infrastructure,
- Creating appropriate data-sharing policies that preserve privacy and other third party rights, while enabling data to be used for socially useful purposes.
- This may include, for instance,
Source: IE
Previous article
Qutub Minar Not a Place of Worship
Next article
International Booker Prize