With the invention and mass adoption of the Internet, the world has now transformed into a global village. At present, the data can freely flow across the world. Though, some countries of the world are not satisfied with this data flow. Countries like Russia and China have strongly tried to enforce the data localization laws that can hinder this free movement of data across the globe. In recent times, the Indian also developed a new interest in data localization. All the developing nations across the world are persistently demanding for data localization and this can be both- interesting as well as unmatched.
What is Data Governance?
Data governance is referred to as the general management of the key data resources within a company or an organization. This often includes the elements for data usage, storage, and maintenance with security issues and the flow of data from one point to another in the overall IT architecture. Raw information is essential for most of the businesses and organizations; data governance can be a logical area of an overall IT strategy focus for most of the business organizations.
What is Data Localization?
Data localization refers to the act of storing data on any physical device that may be present within the territorial borders of a country where the data has been generated. Some governments often restrict free-flowing data and the data that could impact government operations in a region. Many governments attempt to protect and promote security across the borders to encourage data localization.
The need for data localization can be for various reasons like- mandate by the national laws that require a specific set of data to be stored physically on a server within the country and need to comply with regulations related to data protection. This can be true when there is a cross-border transfer where the data storage within a country can be a cost-effective and better solution. Most of the large organizations have been favouring data localization as they fear that their privacy might be lost to hackers when the data is stored outside the country.
Some organizations are against data localization as they fear that it might hinder the flexibility that Internet offers.
Present Data Laws in Effect
As of now, there is only a single mandatory rule for data localization in India. This is governed by the Reserve Bank of India (RBI) and is meant for payment systems. Besides this, other bill drafts are yet to take the form of a law.
The other prominent evidence present in this context is the Data Protection Bill of 2018. The bill itself has got a fixed set of requirements on the data transfer that takes place across the borders. The draft e-commerce policy has clauses on the cross-border transfer of data.
Mukesh Ambani has led the demand for data localization in India and has stated that the Indian data should be owned only by the Indian citizens. Ambani has even urged the Indian government to adopt regulations and bring an end to “data colonization” by the non-Indian companies. Data is considered to be the new oil in this era and Ambani has emphasized the need for migrating, controlling and having the ownership of Indian data back to India. He has clearly stated- “India’s data must be controlled and owned by Indian people and not by corporates, especially global corporations.”
Personal Data Protection Bill (2018)
The Personal Data Protection Bill has given a layout regarding data localization in India. This bill is postulated with the core objective of safeguarding and securing personal information and even preventing breaches of similar data. The bill proposes specific categories of sensitive data that are clubbed as ‘critical’ personal data, and this has to be stored exclusively in a server or data centre that is physically located in India. In the case of non-sensitive data, the bill demands to save at least one copy of data in an Indian server. The non-sensitive data can be transferred outside India to certain countries and sectors only if the Indian Government and Data Protection Authority have agreed on establishing the data at these routes. These countries, however, need to provide ‘adequate’ levels of data protection.
Advantages of Data Localization
1. In today’s time, data is considered to be the new oil, and this makes it very valuable. If the data is analyzed accurately, then it can form the backbone for any successful business. Governments looking to implement data localization might be seeking to give their local corporations a competitive edge. The national government can prevent the flow of data to external countries and thus, this data can be made available for the internal use by the domestic companies only. The informational asymmetry caused will prove to be beneficial for local companies.
2. Promoters of data localization believe that data is a national resource, and thus the government holds a right on the revenue that is generated from the data. Similar to the inflow and outflow taxation of goods and services, the movement of data can also undergo taxation. The government can use the additional taxes generated from data for developing newer programs.
Disadvantages of Data Localization
1. Foundation of the Internet lies with the free movement of data. In case the free flow of data is affected by imposing taxes or extreme protectionism, this will eventually destroy the Internet. Most companies prefer using the Internet as a medium to reach their customers is because it is cheaper and free of excessive regulation. When robust data localization and protection laws are implemented, then there is a high possibility that the Internet may face an abrupt end leading to its ‘death’.
2. Another disadvantage that data localization holds is the security problem that is associated with the storage of data at a single location. The concept of storing data in a single geographical region is entirely opposite to the diversification approach followed by the MNCs. Also, the citizens of the country are not willing to allow the government to spy on their data. If all the data is stored within the geographical boundaries, then the government can collate all this data and even invade an individual’s privacy, if needed.
Challenges to Data Localization in India
1. Presently, India doesn’t have any infrastructure to support the security of data being generated in the country. Without a secured infrastructure, the data remains prone to all kinds of cyber-attacks, and also there is a severe risk involved. With laws being implemented, it remains a challenge to develop an efficient infrastructure at a quick pace.
2. The storage of data in India includes higher operational costs for payment system operators. In the case of cross-border transactions, data has to be stored in two places, which could increase the costs, and there is a high chance that these extra incurring costs will fall on to the consumers.
3. Data localization can also be viewed against the intellectual property rights of an individual. This is because the individuals use their intelligence to form a system that can benefit from the data it has generated. Though, in the end, the consumers are deprived of these benefits, and a third-person might use the data in their favour.
Why has High Reluctance Shown by Companies?
Most of the companies in the Indian market are not willing to adopt data localization as of now. The major reason why the companies are reluctant to comply with data localization is due to the costs involved. The costs can be in various hardware forms such as- servers, USPs, generators. It could also include the cost of infrastructure. Some companies hold the belief that India is not ready to have such an infrastructure and ecosystem that supports data localization. Large e-commerce players in the industry feel that there might be an increase of about 10-50% in the costs, depending on the strictness and rigidness of the final law. However, the big e-commerce and social media players are not going to be affected by this. The smaller businesses in the economy will be the ones who’re going to be at the suffering end.
Global Effects of Data Localization
On the global scale, data localization regulations have created a significant impact on the economy in an era where economic growth is driven by the Internet. Internet is also the key enabler for trading taking place across several industries. With restrictions added on data storage and transfer, data localization holds a key threat to the free-flow of information taking place across the borders and maintenance of global supply chains. Due to the imposed regulations, there is a great impact that takes place on email communication, personal records, and social media services, adding to the limited access of information on which the manufacturing and service economies are heavily dependent.
It is too early to judge the data localization laws in India as it is still relatively a newer concept in the Indian context. In the beginning, companies will face technical difficulties regarding its implementation. With time, there would be significant steps by the Indian judicial body to ensure the privacy and security of the citizen’s data. However, to conclude it is evident that the Data Protection Bill will need a lot of homework, as observers feel it’s still not close to the EU’s General Data Protection Regulation (GDPR) policy. The final use of the Data Protection Bill needs a much more scholarly and academic depth to the consultations along with inputs.