For Prelims: Personal Data Protection Bill, Data Localization, Data Protection, Personal Data, Privacy, and Other Related Laws.

For Mains:  Information Localization: Benefits, Issues, Indian Provisions, and Actions

Why in News?

The European Union (EU), the United States, India, Indonesia, and South Africa are among the leading emerging digital economies working to protect, monetise, and use domestic data collected within their borders. 

  • According to a UNCTAD report, companies that use the internet for international trade have a higher survival rate than those that do not.

Need for Data localisation

  • Accessibility: If the data is kept outside of India, access will be constrained by regional laws, and Indian agencies will be subject to the whims and fancies of the governments of the host countries. 
  • Concerns about privacy and security: It might also help Indian citizens exercise their right to privacy more effectively against any unauthorised access to data, including that by foreign intelligence.
  • Preventive foreign surveillance: It aims to shield the nation's residents' personal and financial data from foreign snooping. When data is kept in nations that are hostile to India, like China, it can be used for mass surveillance.
  • Benefits for law enforcement: Because they can use it as evidence in the event of a breach or threat, this will be especially helpful to law enforcement organisations. 
  • Benefits to the Economy: Governments have been forced to enact regulations that limit cross-border flows due to growing economic interests, which impacts discussions about international trade and commerce. Local businesses will reap financial rewards from improved infrastructure, jobs, and contributions to the AI ecosystem.

How does data localisation work?

The term "data localisation" refers to several legislative initiatives that limit the amount of data that can be physically stored and processed outside the borders of a particular jurisdiction. Numerous nations have adopted localisation policies to address various issues with the free flow of data.

  • Data localisation's most crucial component is controlling our data because it strengthens our country's defences against privacy, data leaks, identity theft, and security.
  • Additionally, it has enabled the nations to develop independently, adapt locally, and thrive in their native languages.
  • Since we all send data when using the internet in some way or another, the requirement for data localisation strengthens personal data protection.

What Benefits Come with Data Localization? 

  • A rise in the ability for regional authorities and regulators to request information when necessary, as well as the protection of residents' financial and personal information from foreign surveillance.
  • The significance of this issue has increased since a WhatsApp rumour was implicated in a wave of lynchings in several Indian states. 
  • Cambridge Analytica is accused of using user data from Facebook to influence elections.
  • National security depends on it. Local data storage is anticipated to make it easier for law enforcement organisations to access data required for crime detection or evidence collection.
  • In cases where the data is not localised, the agencies must rely on MLATs to get access, which slows down the progress of investigations.
  • Global data onshoring may also lead to the development of domestic data analytics and storage jobs.
  • Reduces delays in the administration of justice in the event of a data breach and minimises judicial conflicts resulting from international data sharing.

What Drawbacks Come with Data Localization?

  • In India, more infrastructure must be developed to manage and collect data effectively.
  • In a world with a shattered internet, protectionist policies may have a domino effect and cause other nations to follow suit.
  • National agencies might still be unable to access the encryption keys.
  • Maintaining multiple local data centres for international businesses may result in significant infrastructure expansion and increased costs.
  • Forced data localisation can result in inefficiency, cost, and availability issues for data-dependent services.
  • The maintenance of many regional data centres, which may necessitate significant infrastructure investments, may result in higher costs for international businesses.
  • Forced data localisation may lead to inefficiencies for both businesses and customers.
  • Services that depend on data may also become more expensive and less accessible.

Developments in India

  • A minimum of one copy of personal data should be kept on Indian soil, per the Srikrishna Committee's recommendation. In addition, only India will be used to store important personal information.
  • The Central Government shall notify the Critical Personal Data that shall only be processed in a Data Center located in India, according to the Data Protection Bill 2018.
  • According to the draft national e-commerce policy, businesses should be given a 2-year sunset period to prepare for data localisation.

Steps to take

  • An integrated long-term strategy is required for the development of data localisation policies.
  • Given how heavily they depend on international data flow, India's Information Technology enabled Services (ITeS), and Business Process Outsourcing (BPO) industries need to be considered adequately.
  • India's G20 data strategy may gain support from ongoing efforts to rewrite the Personal Data Protection Bill and incorporate it into a "more comprehensive framework" that addresses related issues like cybersecurity. 
  • Indian law enforcement agencies' ability to access data in the event of a breach or threat cannot be based on the whims and caprices of another country that hosts data produced in India, nor can it be hampered by the drawn-out legal procedures of that country.
  • According to sources, insufficient law enforcement is causing issues with the recent Free Trade Agreement (FTA) between India and the UK.
  • All parties involved—banks, telecom companies, financial service providers, technology platforms, social media platforms, e-commerce companies, and the government—must be responsible for preventing innocent citizens from suffering losses.

Source: TH