‘Data is the new oil’ is a 21st-century buzzword. In the digital economy, data is fuelling the fourth Industrial Revolution, and is the most valuable resource for governments, law enforcement and private industries alike. In that context, the debate around data localisation has been a recurring point of contention globally. In India, it has recently resurfaced owing to RBI’s April circular mandating the storing of Indians’ data from e-payment and fintech companies locally. The companies were given an October 15 deadline to comply. Data localisation is a divisive issue in India and globally. From a national security point of view, allowing Indians’ data to be stored on foreign cloud services is problematic.
Data localisation could provide a massive boost to domestic employment and economy. Setting up the physical infrastructure for local data storage as well as running data centres (and processing and analysing data) would create jobs, and give impetus to entrepreneurial innovation in, say, alternative energy-powered data centres.
Localisation will also bring in infrastructure and technology to India, which could contribute immensely in building our indigenous capabilities and developing industries like artificial intelligence (AI) and data analytics.Some of the biggest opponents are international tech and payment giants like Google, Facebook, Visa and Mastercard, as well as industry bodies and associations, particularly those with interests in the US.
But the real grey area, the root of the debate, lies in the question of data security in India. As digital citizens, we must ask: is our data secure in India?Data centres require essentially two layers of security: physical, where protocols are required to be built into the very infrastructure of the centres to safeguard against physical damage or attacks; and network, to prevent malicious data breaches and hacks.
However, what India doesn’t have are internal safeguards in terms of data protection and privacy laws like the US and Europe do .So, one can argue that data could be less safe in India because of this data protection vacuum, because citizens don’t have access to a legal and regulatory framework that safeguards their personal data.The draft Personal Data Protection Bill, 2018, submitted by the Srikrishna Committee, recommends storing one copy of all personal data in India, and ‘critical’ personal data only within the country.
India can definitely benefit from data localisation. But these benefits must not be stymied by a weak data protection regime.When GoI legislates on this, it must incorporate the highest standards of privacy and data protection for its citizens — without compromising national security — even if it means protecting them from GoI itself.
Comments
write a comment