Data Analytics Versus Data Localisation
Where technology has overcome the physical boundaries of country borders, the government need not create limiting boundaries
Photo Credit :
With the burgeoning penetration of the Internet – some estimate e-commerce to soon go past $38 billion. Data is the new currency of wealth and power. Its consumption will also account for more than 50 per cent of telco revenues.
Against this backdrop, the Reserve Bank of India (RBI) circular of 6 April, 2018, mandating that all payment system providers store their entire data relating to payment systems operated by them only in India, has stoked a substantial debate. The official argument in favour of such a fiat was that Indians could not be allowed to be blackmailed by foreign companies with control over their transactional data. Data relating to the foreign leg of the transactions, however, is allowed to be stored abroad as well.
Subsequently, there have been advocates of data localisation who have gone as far as to exhort a digital Dandi – maintaining that data localisation was central to ensuring the sanctity of the Indian Constitution and safeguarding our critical assets. Even the doyen of Indian business, Mukesh Ambani, has equated data with oil and urged the government to help end data colonisation.
The Justice B. N. Srikrishna Committee of experts that was set up to examine this subject, worked on the premise that it was the duty of the state to protect data privacy since the right to privacy was a fundamental right. Thus, the state was expected to put in place a framework that while protecting the citizen from informational intrusion, also served the common good, bearing in mind that data had the potential to both empower and harm. What is, however, overlooked is that the basic philosophy of the Internet is to be able to do unfettered e-commerce and e-governance without extraneous concerns.
The draft Data Protection Bill is a comprehensive personal data processing regulation. It recommends that for all data, only a copy be stored in India, but all sensitive personal data should necessarily be stored locally in India. While the advantage afforded to Indian data infrastructure companies is welcome, when we live in an era where data hacking has become the order of the day (recall the Facebook incident wherein the accounts of 87 million users were hacked, of which perhaps five million were Indians), how can we be certain that data stored in India cannot be hacked? Or that the Indian state, or a big data company will not become predatory?
What is more important is to ensure that data should be accessible no matter where it is stored. For this, protocols and partnerships should be devised and established to enable data access anywhere, anytime. This will help e-commerce grow and allow it to be competitive in terms of pricing.
A day may just come when an Indian company like PayTM may become global and establish its business in a hundred different countries. If all countries become insular and insist on data localisation, would we be happy to have our multinational forced to have a hundred different country server farms?
We also have to ponder on whether this practice will impact foreign direct inflows or be deemed a restrictive trade practice. Further, clarifications are needed: what is the foreign leg of the transaction? Does it include transactions done by foreigners in India or Indians when abroad?
The United States and most developed countries have a largely laissez faire approach to this matter. The European Union brought out the General Data Protection Regulation (GDPR), but it gave two years for adaption of the new law. In India, the RBI allowed a period of only six months for adapting to data localisation.
Where technology has overcome the physical boundaries of country borders, the government need not create limiting boundaries. Unprocessed data by itself is worthless. For a country that produces such large volumes of data and one that yearns to be the playground of global commerce, the defining importance is of data access and data analytics, not of raw data.
The key is to not just have all the data in the world. What will make a difference will be in being able to keep critical data, to protect it, to be able to effectively analyse it and make it promptly actionable. Those are the areas we should be astutely strategising on.
Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.