Why MeitY Needs To Consider IFF’s Recommendations For Data Centre Policy

Why MeitY Needs To Consider IFF’s Recommendations For Data Centre Policy

The Internet Freedom Foundation (IFF) recently published its recommendations for the draft on Data Centre Policy by the Ministry of Electronics and Information Technology (MeitY).

The draft, published by MeitY on November 5 this year with several policy strategies for the growth of the data centre sector in India, asked for recommendations from domain experts, public policy professionals, and students within 15 days.

In a response to the MeitY’s request, points made in the recommendations published by the IFF present valid concerns in terms of the lack of data governance and security standards in the draft.

AIM Daily XO

Join our editors every weekday evening as they steer you through the most significant news of the day, introduce you to fresh perspectives, and provide unexpected moments of joy
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

Security Issues

With the number of internet users in the country predicted to grow to 800 million by 2023, India will generate a huge amount of personal data that will get stored in data centres.

While that is the case, India has been a host to 1.45 million cyber-security incidents from 2015 to 2020 (till August), according to the Computer Emergency and Response Team – India and 54 Central Ministries websites and 37 State governments websites have been hacked in 2019 and 2020 (till August).

Download our Mobile App

Around 66% of Indian enterprises as well, have witnessed data breaches since the COVID lockdown, as most employees from these firms are now working from home.

The IFF, thus, rightly points out the lack in the specification of security standards in the policy draft that the data centres must adhere to.

Given that the country is plagued with data breaches, IFF recommends that the policy specify security standards for the data centres or follow the ones that may be prescribed by the Data Protection Authority proposed under the Data Protection Bill. At the very least, IFF feels it is important for the policy to lay down a broad framework to ensure data protection.

Digital Rights & Regulatory Oversight

As the draft on the Data Centre Policy lacks language regarding privacy and data rights, the question remains whether they will be covered under the Data Protection Bill, as the regulation of the operations at the data centres are likely to come under it. 

IFF recommends that if the issues are going to come under the Data Protection Bill, then a method for ensuring compliance with the same must be specified.

It states that there should be a ‘clear and unequivocal acknowledgement’ within the policy for oversight by the Data Protection Authority contemplated by the impending Personal Data Protection Bill, 2019.

While the recommendations rely on the Data Protection Bill and the resulting Data Protection Authority that is to be put in place, several criticisms have been made with respect to the Bill itself, both inside and outside parliament.

One of the main issues is pertaining to the exemptions given to the government for the processing of data. Several experts have also called more autonomy or independence for the Data Protection Authority and questioned its composition.

As a response to this, the IFF recommends the use of an alternative private member bill, that was introduced by MP Dr D Ravikumar, as it addresses several of these issues.

Imposition Of Essential Services Maintenance Act

The Essential Services Maintenance Act (ESMA) was enacted by the parliament in 1968. This act lists services that are essential and prohibit key employees working in these services from striking, putting ‘significant curbs’ on employees’ right to freedom of expression, according to the IFF.

In 2010, for instance, the state of Andhra Pradesh included the IT industry under the ESMA. This gave the police the right to arrest any IT employee on strike without a warrant.

While IFF recognises the importance of data centres in today’s digital world, it states that the draft policy does not make any valid arguments to warrant the inclusion of data centres under ESMA and calls the inclusion ‘a step too far’. 

Wrapping Up

While several economic and geopolitical advantages of growth of the data centre industry in India merit a Data Centre Policy, at the same time it is equally important for the policy to address issues like regulatory frameworks that will protect data, privacy, and rights of the people.

It is crucial that MeitY considers the recommendations made by the IFF to ensure sustainable and safe growth of the data centre sector in the country.

Sign up for The Deep Learning Podcast

by Vijayalakshmi Anandan

The Deep Learning Curve is a technology-based podcast hosted by Vijayalakshmi Anandan - Video Presenter and Podcaster at Analytics India Magazine. This podcast is the narrator's journey of curiosity and discovery in the world of technology.

Kashyap Raibagi
Kashyap currently works as a Tech Journalist at Analytics India Magazine (AIM). Reach out at kashyap.raibagi@analyticsindiamag.com

Our Upcoming Events

27-28th Apr, 2023 I Bangalore
Data Engineering Summit (DES) 2023

23 Jun, 2023 | Bangalore
MachineCon India 2023

21 Jul, 2023 | New York
MachineCon USA 2023

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox

The Great Indian IT Reshuffling

While both the top guns of TCS and Tech Mahindra are reflecting rather positive signs to the media, the reason behind the resignations is far more grave.

OpenAI, a Data Scavenging Company for Microsoft

While it might be true that the investment was for furthering AI research, this partnership is also providing Microsoft with one of the greatest assets of this digital age, data​​, and—perhaps to make it worse—that data might be yours.