What is data localisation?
Data localisation simply refers to the practice of storing data of a user in a country in its own country. So, that means if a device is physically present within a country the data of that device will be stored in the country. Right now the data is usually stored in the cloud outside india. The process of localisation states to store the critical and private data of the consumer within the borders of the country. i.e Data from a person residing in India will be stored in India.
It is often dubbed as Data Residency. It is based on the concept of data sovereignty. Data sovereignty means that the data collected comes under the laws of the country it is collected in. i.e an Indian citizen is subject to Indian laws as will be the data collected in India.
If we consider the international scenario there are many countries that have implemented the process of implementing data localisation laws like Chinc, USA, Brazil, Indonesia and Russia. Th European data protection laws are limiting the cross-border data flow to the countries which do not have data protection laws.
How can it be beneficial?
The process of data localisation can help secure citizens data and provide privacy from foreign surveillance. The foreign surveillance is no joke and can be time and again seen like in the case of Cambridge Analytica. The localised data will also help the law enforcers to ensure better monitoring. There will be more national security. And there i\will be greater accountability of the technological giants like Facebook and Google. There will be minimisation of conflict due to cross border data sharing. It will be economically beneficial as there will be creation of local infrastructure, employment as well as significant contribution to the AI systems. The local hosting of data would mean that users in case of any dispute can avail the local remedies.
The Duality of Data Localisation
As a concept, Data Localization is interesting and attractive but it comes with many challenges. There will be a need for creation and maintenance of multiple local data centres which may lead to major infrastructure costs for global companies. Secondly, Infrastructure in India for effective and efficient data collection is lacking. Thirdly, even after data is stored in the country the encryption keys may still remain out of reach of the national agency. Like what happened with Apple and China. Fourthly, the point of being safe from foreing surveillance raises the question for domestic surveillance.
Striking a Balance
There needs to be a balance in the implementation of data localisation so that it’s beneficial for the businesses as well. The businesses won’t be having any incentive in operating in India if there are increased costs. There is a need for a mechanism that will be beneficial for the company and at the same time be compliant and under the data localisation laws. Apart from the businesses the users could be under domestic surveillance. There needs to be a mechanism to save the users from surveillance and to protect the user’s privacy.
In conclusion, India has a long walk towards data localisation though there have been steps in the direction. The RBI has taken the forefront in data localisation by making the storage of the data relating to payment systems operated by providers to be mandatorily stored in India. After that, there have been eight other sectoral notifications that are mandated for data localization in some or the other form; these include sectoral regulators governing insurance, healthcare, and e-commerce data. There are things developing for the process to start on a national level. The privacy bill is one such example and in the future there will be more and more steps towards privacy.
With the advent of new laws there needs to be an added protection for the protection of privacy of the users. Or else it will turn into an Orwellian state. One measure could be abandoning the data sovereignty approach and adoption of approaches that ensure the free flow of data and protection of the rights of users both at the same time. This will be beneficial for both the users as well as the organisations.