by Gowri Dixit
Every second, each person generates about 1.7 GB of data; this huge amount of data is stored in servers all across the globe. The way this data is collected, stored, transferred, and used is all about data governance. Data Localisation is collecting, processing, and storing the data generated in a country in its territorial borders. Backed by laws on data protection, it is a bid to store the data generated by citizens of a country in their country; any transfer of data and its usage must happen in compliance with the country’s laws. Data localisation draws predominantly on data sovereignty, a concept that advocates for processing and storing data generated in the territory of a nation under national laws. Data Localisation norms look to impact the flow of information from one country to another, manage the costs of maintaining data, and set up compliance mechanisms; these norms also have implications for a country’s national security and sovereignty.
There are two arguments about data localisation. On one hand, some countries oppose the idea of localisation because they believe allowing the free flow of information will aid the economy. On the other hand, privacy, human rights, and national security becomesparamount.
Data localisation: Implications on National Security
Data is a tool that, when used positively for the well-being of humankind, can bring development. However, when data reaches the hands of a hostile, it becomes a lethal weapon that controls people’s lives. And hence, data can pose threats to national security. One of the arguments for data localisation is that the free flow of data from one country to its hostile peer can make the country vulnerable.
From India’s demand for local data storage from big tech giants, to America’s banning of Huawei’s 5G trial, many such cases highlighted the essentiality of ensuring national security. As there are supporters of data localisation, there are people who are against it. They argue that there is no evidence that local data is safe. There are enough possibilities that the data stored locally are hacked and misused. It is also true that a government can use data localisation to curtail the flow of information and, as an extension, curtail civil liberties.
India’s Attempt on Data Localisation
Data localisation has grown in policy importance in India during the last decade. India is one of the world’s largest data producers, and the perceived financial advantages of processing Indian customer data have influenced this discourse. Along with the economic benefits, the difficulties faced by law enforcement and security agencies in accessing personal information from huge tech giants prompted the need for data localisation.
India introduced the Personal Data Protection Bill (2019) in Lok Sabha; after three years of discussion, the bill was withdrawn in 2022 to facilitate amendments. The bill aimed to create the first national framework for data localisation with the aim of mandatory storage of a copy of personal data in India.
However, the localisation clause in the bill is more of an attempt to establish standard procedures for localisation, similar to sector-specific localisation norms like the Reserve Bank of India mandates that all the banking information of the citizens of India must be stored on a server within India. This led to smartphone manufacturers like Apple introducing different payment mechanisms in India to facilitate its customer base to access their online products as they chose not to set up a data centre in India. The telecommunication sector is another example where data is stored locally in India.
The two aims behind proposing data localisation are faster access to personal data for law enforcement agencies and data sovereignty. One of the attempts to access personal data was with the Government of India’s IT rules mandating tracking of “First Originator” in social media. This issue rose to discussion amongst the general public during the Delhi Riots of 2020. During this time, many Indian initiatives like Koo and FAUG found ground in the Indian digital environment. These came as a challenge to already established tech giants in a bid to ensure Indians a safe access point to express themselves.
The Way Forward
While the implication on national security is pressing, data localisation is just one small step that can possibly secure our data from hostile agents. The multitude of tasks that follow data localisation is, creating infrastructure to handle data, and developing, maintaining, and updating the cyber security infrastructure. It is to be noted that these processes are energy intensive. Data localisation is a Legislative Support Intensive process. The legislative Support must be citizen-centric, ensuring citizens’ rights are secure in accordance with the Constitution. It is essential that, as a sovereign country firmly rooted in the values of democracy, India approaches data localisation so that the interests of its people are secured while not compromising on the security, unity, and integrity of the nation.
Gowri Dixit is a Student of Public Policy, School of Social Sciences, Ramaiah University of Applied Sciences and is a Security Studies Enthusiast.
References
Decrypting RBI Data Localization Policy for Payment Companies|M2P Fintech Blog. (n.d.). Retrieved May 5, 2023, from https://m2pfintech.com/blog/decrypting-rbi-data-localization-policy-for-payment-companies/
Draft Digital Personal Data Protection Bill, 2022, Parliament of India (2022) (testimony of Ministry of Electronics & Information Technology). https://www.meity.gov.in/writereaddata/files/The%20Digital%20Personal%20Data%20Potection%20Bill%2C%202022_0.pdf
Sharma, A. B., Upasana. (n.d.). How Would Data Localization Benefit India? Carnegie India. Retrieved May 5, 2023, from https://carnegieindia.org/2021/04/14/how-would-data-localization-benefit-india-pub-84291
Yayboke, E., Ramos, C. G., & Sheppard, L. R. (2021). The Real National Security Concerns over Data Localization. https://www.csis.org/analysis/real-national-security-concerns-over-data-localization
Cover image: Pinterest
**images are for reference purposes only
POLICY MILIEU 