- GS 3: Awareness in the fields of IT, Space, Computers.
- Visa becomes the first global financial services company to comply with RBI’s data localisation mandate.
Data Localisation: What is it?
- Data localisation is the act of storing data on any device physically present within the borders of a country. As of now, most of these data are stored, in a cloud, outside India.
Developments around the world
- Data localization comes in various forms. Where some countries enact blanket bans on data transfers, many are sector specific, covering personal, health, accounting, tax, financial, mapping, government, telecommunications, e-commerce and online publishing data.
- According to European Union GDPR (General Data Protection Regulation), companies have to keep the data secure inside the EU and if the data is to be transferred outside of the EU, then it can only be transferred to countries that have signed up to equivalent privacy protection.
- While Australia mandates data localisation for health sectors, Canada and Russia mandates the same for all personal data.
- Similarly, while China mandates data localisation for personal, business and financial data, South Korea does it for geospatial and map data.
Developments in India
- Srikrishna Committee recommended that at least one copy of personal data will be stored within the Indian territory. Moreover, critical personal data will be stored in India only.
- Data Protection Bill 2018 has a provision where the Central Government shall notify the critical personal data that shall only be processed in a date centre located in India.
- Draft National E-Commerce Policy recommends that 2-year sunset period will be given to the companies to adjust with the data localisation.
- Protection of personal and financial information of the country’s citizens and residents from foreign surveillance and giving local governments and regulators the jurisdiction to call for the data when required.
- This aspect has gained importance after a spate of lynching across states in India was linked to WhatsApp rumour.
- Facebook sharing user data with Cambridge Analytica, which is alleged to have influenced voting outcomes.
- It is essential for national security. Storing of data locally is expected to help law-enforcement agencies to access information that is needed for the detection of a crime or to gather evidence.
- Where data is not localised, the agencies need to rely on mutual legal assistance treaties (MLATs) to obtain access, delaying investigations.
- On-shoring global data could also create domestic jobs and skills in data storage and analytics.
- Maintaining multiple local data centres may entail significant investments in infrastructure and higher costs for global companies, which is why they seem to be up in arms against these rules.
- India lacks efficient infrastructure for data collection and their management.
- These protectionist policies have a spill-over effect on the other countries and every country will try to follow suit, making it difficult for the companies to manage data.
- The geographical location of data centres provides no guarantee that the encryption keys will also be placed within the national boundaries.
- Strict data localisation norms can be seen as a trade barrier and lead to retaliatory measures.
- We need an integrated, long-term strategy for data localisation policies.
- Data localisation should integrate a range of perspectives—social, political and economic.
- An optimal regulatory and legislative framework need to be developed for data processors in the country.
- Adequate attention needs to be given to the interests of India’s Information Technology enabled Services (ITeS) and Business Process Outsourcing (BPO) industries, which are thriving on cross border data flow.