Several laws and regulators are converging on the hotbutton topic of data localisation. The deadline for a Reserve Bank of India (RBI) mandate for fintech firms to house data only in India lapsed last week. Other norms around holding accounting data dating back to 2014 locally, the draft ecommerce law that requires firms to locally store “community data collected by Internet of Things devices in public space” and “data generated by users in India from various sources including e-commerceplatforms, social media, search engines, etc,” only queer the pitch further.
What’s At Stake
There’s a massive explosion in data being generated by connected internet users in India. According to a report by real estate and infrastructure consultancy Cushman and Wakefield, the size of the digital population in India presents a huge potential demand for data centre infrastructure.
Digital data in India was around 40,000 petabytes in 2010; it is likely to shoot up to 2.3 million petabytes by 2020 — twice as fast as the global rate. If India houses all this data, it will become the second-largest investor in the data centre market and the fifth-largest data centre market by 2050, the consultancy has forecast.
Reactions Of Companies
Large tech companies are unhappy with such restrictive laws. Google’s privacy chief Keith Enright said in a recent blog post: “Mechanisms allowing for cross-border data flows are critical to the modern economy. Countries should adopt an integrated framework of privacy regulations, avoiding overlapping or inconsistent rules whenever possible.”
Indian Firms, Especially Startups, Are For It
Their push is from a data security angle and to safeguard India’s homegrown ventures. Companies such as Paytm and Phonepe have strongly endorsed data localisation, with a blog post from the latter contending that this move would “allow for better regulatory oversight and plug businessjurisdiction related loopholes that some foreign companies have long exploited to evade paying fair taxes in India.”
Issues Remain
Companies want to store, process and analyse data from multiple geographies. Some companies and lawyers argue that restricting the free flow of data may be counterproductive. “Excluding all Indian payment data from transfers is onerous, expensive, and can potentially limit the functionality which is currently available,” says Arun Prabhu, partner, Cyril Amarchand Mangaldas.
Now, A Trade Issue
While the tussle over data localisation started off within India, intense lobbying by tech MNCs has meant that this issue has now snowballed into one relating to free trade. Dennis Shea, the US ambassador to the WTO, has called for the banning of data localisation, even as US Senators John Cornyn and Mark Warner have called for India to soften its stance on the subject, according to a Reuters report.
Does Location Matter?
Technology experts such as Prashant Pradhan, vice-president and CTO (Asia Pacific) of IBM, argues that the physical location of data is irrelevant. Your data can be accessed from a server in Bengaluru or Boston just as easily. In fact, having a mirror of your data in India may actually increase the cost of operation and compliance. What’s more important is the quality, rather than sheer quantity. While terms such as big data were in vogue previously, what companies may be more interested in now is the quality of data they can secure and store. “While the amount of data itself has grown, what isn’t well understood is who has access to this data and what they can do with it,” he says.
Regulations Around The World
The European Union's General Data Protection Regulation doesn't have a specific data regulation rule, only stressing that cross-border data movement can happen if the other country has stringent rules to secure information. Several other countries have operationalised had various shades of data localisation.
Nigeria has, for example, required all subscriber and consumer data of tech and telecom firms and government data to be located locally, since 2013. Germany mandates that telecom and internet service providers store data locally, while Russia¡¦s rules mandate citizen data be stored within its borders.
However, by far, the most comprehensive laws are in China, where regulation covers not just personal information, but what is termed ¡§critical information infrastructure¡¨ that encompasses all aspects of daily life. Legal experts also say that the broad terminology paves the way for overt government access to this data and to build a strong cyber sovereignty.
No comments:
Post a Comment