Companies around the world scrambled to try and meet a RBI-mandated deadline to store Indian users’ financial data in India, reigniting conversation about “data localisation”. Across ministries and sectors, the government has firmed up its stance on storing data of Indian users in the country, to the discontent of international players and the delight of domestic ones.
The Indian data localisation wave is the latest digital battleground of ongoing power wars between government and industry as the world weighs free global data flow against national security.
Data localisation is a concept that the personal data of a country’s residents should be processed and stored in that country. Some directives may restrict flow entirely, while others more leniently allow for conditional data sharing or data mirroring – in which only a copy has to be stored in the country. As of now, much of cross-border data transfer is governed by individual bilateral “mutual legal assistance treaties” (MLATs).
Why is it important?
The main intent behind data localisation is to protect the personal and financial information of the country’s citizens and residents from foreign surveillance and give local governments and regulators the jurisdiction to call for the data when required. This aspect has gained importance after a spate of lynchings across States was linked to WhatsApp rumour. Revelations of social media giant Facebook sharing user data with Cambridge Analytica, which is alleged to have influenced voting outcomes, have led to a global clamour by governments for data localisation.
The other argument is that data localisation is essential to national security. Storing of data locally is expected to help law-enforcement agencies to access information that is needed for the detection of a crime or to gather evidence. Where data is not localised, the agencies need to rely on mutual legal assistance treaties (MLATs) to obtain access, delaying investigations. On-shoring global data could also create domestic jobs and skills in data storage and analytics too, as the Srikrishna report had pointed out.
However, on the flip side, maintaining multiple local data centres may entail significant investments in infrastructure and higher costs for global companies, which is why they seem to be up in arms against these rules.
How will it affect us?
As all of us are trusting global service providers with more and more information, both on a voluntary and involuntary basis, we may like to have greater accountability from these firms about the end-use of this data. Data localisation may not entirely avoid Facebook-Cambridge Analytica-like episodes but it may at least ensure that domestic law enforcement can respond more effectively to our complaints.
Data localisation is undoubtedly a nasty wrinkle on the face of the idealised conception of the internet as a borderless world. And though this idea of the borderless internet has lost some of its sheen in recent years, it’s hard to deny that it has been one of the main reasons for explosive digital growth. Online services can spread and scale across dozens of countries without having to set up physical infrastructure in more than a few. Plus, the ability to aggregate data and derive value from it is a key value proposition for many internet businesses, and data localisation jeopardises that model.
Major Indian startups such as Freshdesk, Ola, and Zomato, benefit from this borderless world which allows them to offer their services in new countries while still largely operating their digital infrastructure out of just one, with reduced infrastructure and compliance costs. There is an argument to be made that if India touches off a trend where major countries impose strong data localisation requirements, Indian startups could lose out in foreign markets against local rivals or deep-pocketed US and Chinese companies. A fragmented internet, or “splinternet”, is not a friend to permissionless innovation and would be at odds with the goal of India as a major digital power.