Ever wondered what happens to the data when you swipe your card for a transaction with any multi-national brand to pay the bill? How and where does the company store your financial information? Does it store it within India or does it gets processed outside the country?
What is data localisation
Worries begin in cases where the data gets stored overseas. In those cases, the Indian government too has only a limited access and control over your data. This whole scenario has been a point of discussion, debate and worry in recent times which the Reserve Bank of India(RBI) is trying to change through its policy on data localisation.
Data localization basically is the arrangement of storing sensitive data belonging to the customer within the boundaries of the country. The Srikrishna Committee’s recommendation which stated that the national government should have access to and control over their citizens data in policy making has been referred to, in this context, a lot. The RBI has also followed the aforementioned recommendation in its data localization policy that calls for unfettered powers of government to have access to data that has been majorly stored on Cloud in foreign countries.
“Data is the new oil.” This quote has been used innumerable times to signify the importance of data in modern age. Countries around the world are thus eager to control data within their boundaries, and if possible, outside them too. Data localisation is the storage of any kind of data locally – in servers, within a country’s geographical boundaries.
Data localisation is being debated fiercely around the world. In 2018, RBI issued data localisation guidelines for payment system operators (PSOs), advising them to store the Indian citizens’ payment data only within India. The Indian government also included data localisation in its draft ‘Personal Data Protection Bill‘, the strict guidelines of which were criticized by countries like the United States and technology companies like Facebook, Visa and Amazon.
Data localisation has several advantages. Outgoing data about Indian citizens’ consumption pattern can be analysed by technology companies through machine learning and big data. It helps them in making suitable products and reaping huge profits, none of which accrues to Indian government and its firms.
Localisation will help in India getting a lion’s share of that pie. It will also improve India’s data sovereignty and privacy of citizens. Data localisation can boost number of national data centers housing servers, thus helping Indian technology startups and renewable energy companies in the long run.
However, data localisation also means that multinational corporations will face an extra layer of regulation in the country. Their costs will also increase, since they will have to construct Indian servers. According to PSOs, deterrents to data sharing would also affect their fight against money laundering. Data localisation is a sensitive issue, impacting international trade and relations. It must be handled so as to protect the critical data of Indian citizens (Aadhaar number, etc.), while allowing the general data to flow unimpeded for international trade, thus leaving all stakeholders satisfied.
India will be joining other countries to discuss about the eCommerce chapter of the Regional Comprehensive Economic Partnership (RCEP) Agreement. The RCEP is a proposed free trade agreement between ten ASEAN member states and their six partners: Australia, China, India, Japan, New Zealand and South Korea.
India’s nod on Chapter 10 on eCommerce will have massive repercussions as it would hold back India’s policy on data localisation from getting imposed on companies that are looking to do business in India. However, India has been trying continuously to include a provision which would make the clauses of RCEP subject to domestic laws. This would allow India to prevent its policy on data localisation from being diluted.
The tussle is also between the data and the rule of law. To maintain and protect the privacy of an individual, it is necessary for the government to have control and access to the data of its citizens.
If the sensitive information of citizens is with foreign players over which the domestic government has no control, it would be massively detrimental to the citizens of the country. In this era where the right to privacy has become a fundamental right, data protection is an essential ingredient. But to ensure such protection, data should not be allowed to wander beyond the reach of the government.
Many countries of the world, as a result have started developing machinery and policies to get a stronghold on their citizens data. India also is striving to protect and get a hold of the data that would help it in the policy making, economic development and governance.
Vasundhara Singh has completed her LL.M. in International and Comparative Law from NUJS, Kolkata in 2019. She is a legal researcher and a contributing writer at The ArmChair Journal