The data economy provides a plethora of opportunities for both businesses and citizens in the world’s largest democracy. India’s data consumption is expected to grow at a compounded annual growth rate of 72.6 percent by 2022. This presents a promising future for India’s homegrown technological ventures catering to the needs of Indian audiences. Along with the rapid growth of the data economy, comes the challenges of protecting the data and privacy of India citizens. From boosting economic growth to creating a level playing field for India’s technology startups, India needs data localisation
Data Localisation is a process of storing data on any device physically present within the borders of the country. Localisation mandates companies that collect critical data to process and store citizen’s data within the country. There are several motivations for localising data. In April 2018, The Reserve Bank of India (RBI) mandated payments providers to store payments related data in India. Along with card payment services such as Visa and MasterCard, other companies that offer digital payment services such as WhatsApp, Google and Paytm were also mandated to comply with data localisation. The intent of localisation is for the government to protect national and individual privacy. Protecting the personal and financial information of the country’s residents from foreign surveillance is also a policy imperative.
RBI’s mandate follows the recommendations given by the ten-member committee headed by B.N. Srikrishna in the draft data protection law. It stated that, government must enjoy unfettered access to its citizens or residents’ data for use in domestic policy making (through Big Data analytics and Artificial Intelligence). The Committee’s report also highlighted the issue of data transfer outside India. In an era where free flow of data is the norm, the report highlights the importance of data protection and how the privacy of the people is affected when data crosses borders. While recognising this Laissez Faire model, the committee suggests that Indian data protection and privacy laws should apply even if the data is sent with the aim of crossing international borders. While protecting citizen’s data the government should also have the power to define sensitive personal data, critical and non-critical data. As these caveats and nuances become more defined, the storage and protection of citizens’ data will become more efficient.
Data Localisation enhances national security. Today, a disproportionate amount of data of Indian citizens is stored in the United States. Indian law enforcement has to go through the cumbersome process of Mutual Legal Assistance Treaties (MLATs) to gain access to its own citizens’ data. Storing data locally not only eliminates this process, but also helps law enforcement gain access to data which is critical in detecting a crime or gathering evidence. Secondly, social media platforms such as Facebook and WhatsApp have created echo chambers of hate speech and fake news directly connected to a series of lynching cases across India. Misinformation and false rumours online have led to violent outcomes offline. Additionally, we have already witnessed the Cambridge Analytical scandal with its sinister data collection capabilities impacting voter outcomes. Thus, there are two aspects to data localisation and its significance for national security. Firstly, it enables the government access to data essential in maintaining law and order. Secondly, it prevents foreign surveillance of Indian citizens.
The concept of data sovereignty also goes hand in hand with national security. The Chinese apps ecosystem is an apt example of how our data sovereignty is compromised. China has sealed off its own “cyber borders” by creating an ecosystem that serves as a counterpart to western apps. At the same time, it is also a well-known fact that the Chinese government has close ties with Chinese companies making foreign surveillance a major challenge. For instance, TikTok, a Chinese app with 120 million monthly active users in India, has been accused of illegally sharing its user data with the Chinese government along with violating user privacy. China fervently protects Chinese citizens’ data and restricts them from using foreign apps, while also surveilling its own population to uphold the government and thwart dissent within Chinese society. For Indians, the learning lesson is to be careful about our own data. Through data localisation we can achieve two goals. Firstly, protection of Indian citizens from foreign surveillance and misuse of our data. Secondly, data sovereignty ensures access to information to our law enforcement agencies.
Assessing the cost benefit analysis reveals that data localisation can boost digital infrastructure. The process of data localisation has the ability to enhance India’s innovations in big data analytics and artificial intelligence. Data localisation also gives a boost to the Indian startup ecosystem. It creates a level playing field for Indian technology startups to compete with foreign technology companies.