A last-minute effort to dilute the Reserve Bank of India (RBI) directive on data localization by American global payment companies has triggered direct intervention by US lawmakers urging Prime Minister Narendra Modi to soften tough stand taken by the country’s monetary authority.
The US companies want Donald Trump administration to put pressure on Indian authorities in a bid to seek relaxation on the RBI order of ensuring implementation of data localization by 15 October. US companies have been lobbying with the Finance Ministry and the RBI over the issue.
U.S trade groups, representing companies such as Amazon, American Express and Microsoft, have opposed India’s push to store data locally. That push comes amid rising global efforts to protect user data but is one that could hit planned investments by the firms in the Indian market, where the companies currently have limited data storage.
What does Data Localization mean?
Data localization is the act of storing data on any device that is physically present within the borders of a specific country where the data was generated. Free flow of digital data, especially data which could impact government operations or operations in a region, is restricted by some governments. Many attempts to protect and promote security across borders, and therefore encourage data localization.
Goals set in the Draft National Digital Communications Policy 2018, along with various government notifications and guidelines such as Reserve Bank of India’s notification on Payment Data Storage 2018, and the Guidelines for Government Departments for Contractual Terms related to Cloud Storage 2017, show signs of data localization.
The rationale behind such mandates has been attributed to various factors, such as: securing citizen’s data, data privacy, data sovereignty, national security, and economic development of the country. The extensive data collection by technology companies, due to their unfettered access and control of user data, has allowed them to freely process and monetize Indian users’ data outside the country.
Why technology firms are worried?
Stricter localization norms would help India get easier access to data when conducting investigations, but critics say it could lead to increased government demands for data access. Technology firms worry the mandate would hurt their planned investments by raising costs related to setting up new local data centers.
Why government is in favor of data localization?
Greater use of digital platforms in India for shopping or social networking have made it a lucrative market for technology companies, but a rising number of data breaches have pushed New Delhi to develop strong data protection rules.
Also, minimal or deregulated governance on critical data, due to the absence of localization requirements, could be detrimental to India’s national security as data would be outside the purview of existing data protection legislation. The ineffectiveness of Mutual Legal Assistance Treaties (MLATs) in this realm aggravates such government fears.
In addition to these, India also aspires to become a global hub for, among others, cloud computing, data hosting, and international data centers, all of which are prompting the government to enact data localization requirements for accelerating the nation’s economic growth, especially in the sphere of digital technologies.
Is data localization the solution to physical data access and decryption of enciphered data? Can data localization be conflated with access?
The proposed law by Srikrishna Committee cannot be a knee-jerk reaction to some events; it has to be in line with the SC judgment, which supports the march of technology, innovations, growth of knowledge, and big data analytics for the growth of economies, and for better services to citizens. It recognizes the role of data-driven innovation (DDI) for the growth of economies, and for job creation. But it emphasizes that the data so collected be utilized for a legitimate purpose
Though these policy goals are justifiable, a deeper analysis is required to determine the possible adverse spill-over effects on relevant stakeholders in case a faulty roadmap is adopted to achieve them.
Adequate attention needs to be given to the interests of India’s Information Technology Enabled Services (ITeS) and Business Process Outsourcing (BPO) industries, which are thriving in the cross-border data flow.