“RBI, has already asked payment companies to store payment system data exclusively on the local servers.”
Who Needs Data Localisation
The latest data breach of around 53 million users, including 6 million Indian users from Facebook, is alarming for a country like India, which is enroute aggressive digitisation. Facebook already came under a scanner during the Cambridge Analytica’s case where it tried to manipulate and interfere in elections of several countries, including India.
The old adage that ‘whoever controls data controls everything’, has never been more true. Governments across the world have witnessed the powers of data analytics. They know that companies like FB rely on such data to mint money. Irking India is not an option. Governments can stifle data going out and slow down the internet giants. “India takes privacy seriously, of which informational privacy is an integral part, and data imperialism will not be acceptable,” said Ravi Shankar Prasad, India’s Law and IT Minister at the Commonwealth Law Ministers’ conference in Colombo, Sri Lanka.
Data localisation is the act of storing personal data generated on the devices and servers located within the borders of specific countries. It is not only a sensitive issue but an important one for India, with a 1.3 billion population and over 1 billion mobile phone users. With the drastic deployment of technology across sectors and IoTs market driving fast, there is a legitimate concern around the leakage of data.
Digital technologies such as AI, ML, IoT can extract tremendous value out of large-scale data, and it will prove to be dangerous if not contained within certain boundaries or regulations. The Indian government is now introducing a Personal Data Protection Bill indicating data localisation norms – based on Justice B.N. Srikrishna Committee report is under debate and discussed in the parliament.
The motivation for going towards data localisation can be understood from the fact that the Reserve Bank of India(RBI), has already asked payment companies to store payment system data exclusively on the local servers. However, the processing of payment systems can be done outside as well. Similarly, the telecommunications industry currently mandates the storage and processing of subscriber data on a local level and forbids the export of subscriber account information. Data localisation is a step towards providing safety and security of personal data; however, the same must not be considered as the panacea.