- Education And Career
- Companies & Markets
- Gadgets & Technology
- After Hours
- Banking & Finance
- Energy & Infra
- Case Study
- Web Exclusive
- Property Review
- Digital India
- Work Life Balance
- Test category by sumit
India’s approach to Data Localisation or Deconstructing India’s approach to Data Localisation
India with its billion plus population are already big markets for global companies for their products and services. Mining of data of our citizens will provide an extra edge to these companies to sell their products and services and improve their businesses, thereby making our citizens data valuable to them
Photo Credit :
Post Snowden’s revelations, it was evident that the US Government had informal arrangements with the information intermediaries such as social media firm to compromise their security infrastructure and not to implement strong security protocols to facilitate state surveillance. This revelations of widespread electronic spying by United States Intelligence agencies has prompted foreign states including India to turn to local data storage requirements and prevent data leaving their borders, allegedly into foreign hands. There has been growing consensus among governments that data localization and reliance on domestic infrastructure will safeguard privacy and security of citizens, especially against obtrusive foreign intelligence.
With the six-month notice period to payment companies ending earlier this week and no extension accorded, the Reserve Bank of India has shown that it will not come under undue and unrealistic pressure from organisations such as Google, Amazon, Visa, Mastercard and their business association representative body USISPF. By not complying to transfer their customer’s data and end-to-end transaction details in Indian servers in accordance with the RBI policy, these companies are in breach of the deadline. RBI has asked these overseas service providers to submit a status report on the progress made by them with regard to data localisation. Even the proposal to allow data mirroring, that allows to retain a copy of the data on their overseas servers has been rejected. It needs to be understood that globally payments come under the ambit of regulatory oversight. Infact of the 80 payments service provider that have been issued the notice to store data locally, 64 organisations have confirmed their readiness to do so. It’s the 16 companies like American Express, Mastercard and Visa who were expecting an extension of the deadline and a relaxation of the rules.
The Internet has become the global trade route and one of the key drivers in the Internet economy is the flow of personal data. For the online service providers and information intermediaries, the collection and analysis of data about individual consumers is integral to how they do business. The consumer data processed needs to be protected as per laws of the land. It is in the interest of the service providers to ensure that the data stored in India is in compliance with all legal, regulatory requirements and follow the best practices in terms of security and privacy. Storage of data locally does not have any implication on the global flow of data nor does it raise any cost for local businesses.
One of the contentions of the international (mostly United States based) payment organisations and also cloud service providers has been the cost of storage would increase and the high cost of power in India. In United States, the electricity prices is at 0.20 US dollars per kilowatt hour (kWh), whereas in India its 0.08 US dollars per kWh.
The growth of startups will entail a rise in demand for technology infrastructure like hosting facilities and data centres. Additionally with the rise in the mobile apps being created by the technology startups, the scope for growth of digital hosting infrastructure providers is optimistic. The smart phone penetration and increasing use of social media assist in gaining traction with the internet population, thereby translating into browsing power and internet capabilities being extended to remote parts of India. Traditional hosting solutions will see a ramp up in operations in the long run. Having home-grown players in the data center and hosting segment will reduce the cost of such facilities to a great extent due to economies of scale, cheaper power, internet and operational costs. The data centre market will also become competitive by offering wider state-of-the-art digital products to the corporates and startups. This will reduce the cost of data processing and thereby of the business operations and allow the startups to scale up without thinking about the data storage costs.
Indian government does not have an authoritarian role where state censorship and surveillance laws would have over-encompassed and create significant liabilities for international service providers. At the same time, its obligated to protect the Indian citizens, including both preventing harms and punishing those who have committed crimes. After the 2008 Mumbai attacks, the Indian government sought access to telecommunications providers’ data and asked certain telecommunications providers (including Blackberry) to locate their servers in India to facilitate access to data by law enforcement. More recently, after the revelations of widespread NSA spying, the Internet Service Providers Association of India, which represents India’s domestic Internet Service Providers, asked the government to require foreign internet companies to offer services in that country through local servers, citing concerns for their consumers’ privacy. Data localization would boost law enforcement agencies’ efforts to access information required for the detection of crime as well as in gathering evidence for prosecution due to easier access to information within their jurisdiction as compared to waiting for responses to requests made to foreign entities which store data overseas.
There also should not be any concern on the scarcity problem of hiring sufficient qualified cybersecurity, data centre experts to manage, defend the increasing number of data centres in India. India has a vast pool of skilled professionals who can be upskilled into specific data centre security in a short time. In addition the entry level positions can be filled by the graduates in Information Technology, Computer Applications with relevant training in cybersecurity or data centre management.
India does not also pose the level of threat of natural disasters such as earthquakes, tsunamis, hurricanes, and typhoons like the United States. The data centre facilities can be seismic certified across the country with multiple connectivity arrangements with replication in another location across the country, thus providing seamless access to the data.
India with its billion plus population are already big markets for global companies for their products and services. Mining of data of our citizens will provide an extra edge to these companies to sell their products and services and improve their businesses, thereby making our citizens data valuable to them. While there could be an investment required to setup data centres by large corporations, the dynamics and the potential of our country more than compensates these investments.
The vision and intent of the government is clear on data localization and with the policies being implemented by Reserve Bank of India (RBI) for the payment banks, recommendations in the draft Personal Data Protection Bill, 2018, draft e-commerce policy, draft report of the cloud policy panel, draft Digital Information Security in Healthcare Act and the draft amendments to Drugs and Cosmetics Rules, 1945. Its now to the service providers to comply with the regulations in the stipulated time frame.
Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house. Unless otherwise noted, the author is writing in his/her personal capacity. They are not intended and should not be thought to represent official ideas, attitudes, or policies of any agency or institution.