Data protection has become a significant issue in today’s digitized world, with the cross-border transfer of data sparking new discussions about privacy and security. The United Nations Conference on Trade and Development (UNCTAD) recently emphasized the importance of Data Localisation in protecting data during these transfers. According to UNCTAD, businesses that use the internet for global trade tend to have a higher survival rate than those who do not.
Defining Data Localisation
Data Localisation refers to the practice of storing both critical and non-critical data within one’s own territorial boundaries. This method not only provides control over sensitive data but also strengthens a country’s resilience to privacy concerns, information leaks, identity theft, and security issues. Additionally, it aids in the development and evolution of homegrown startups, enabling them to flourish in their native language.
Advantages of Data Localisation
There are several benefits associated with data localisation. It secures citizens’ data, providing privacy from foreign surveillance, and ensures data sovereignty. Furthermore, it allows for unfettered supervisory access to data, thus enhancing law enforcement monitoring and demanding greater accountability from tech giants regarding data usage. It simplifies the process of investigations and aids national security, reduces conflicts in jurisdiction due to cross-border data sharing, and even boosts employment by benefiting local data center industries.
Challenges of Data Localisation
Despite its advantages, data localisation also poses some difficulties. Significant investments are required to maintain multiple local data centers, leading to increased costs for global companies. It could contribute to a fractured internet and does not guarantee complete security as encryption keys could remain out of reach of national agencies. Further, it could create inefficiencies for businesses and consumers, potentially impacting economic growth negatively.
Data Localisation Norms in India
In India, the Srikrishna Committee Report suggested that at least one copy of personal data should be stored on servers located within India. Similarly, the Personal Data Protection Bill, 2019, aimed to regulate the collection and processing of personal data but was later withdrawn. The Draft National E-Commerce Policy Framework recommended data localisation and proposed incentives to encourage data localization. Interestingly, India boycotted the Osaka Track at the G20 summit 2019 because it pushed for laws allowing data flows between countries and opposed data localisation.
Global Data Localisation Norms
Data protection and localisation norms vary worldwide. Countries like Canada and Australia have strong protections for health data, while China mandates strict data localisation within its borders. The European Union enacted the General Data Protection Regulation (GDPR) establishing privacy as a fundamental right. The United States lacks a single federal-level data protection law but has specific laws for various sectors.
Need for a Strategic Approach to Data Localisation
The growing importance of data protection and localisation underlines the need for an integrated, long-term strategy for policy creation. Special attention must be given to India’s Information Technology enabled Services (ITeS) and Business Process Outsourcing (BPO) industries, thriving on cross-border data flow. Access to data by Indian law agencies should not be dependent on the whims and fancies or lengthy legal processes of another nation hosting data generated in India. Banks, telecom companies, financial service providers, technology platforms, social media platforms, e-commerce companies, and the government all need to play a responsible role in ensuring data protection for innocent citizens.
