Store data responsibly, not necessarily locally

Homo sapiens is a mobile species, has been from the time of its evolution from proto-primates, thereby coming to inhabit practically every part of the earth’s surface, from polar ice caps to arid deserts, from mountain heights to hidden valleys, from landlocked enclaves to coastal tips of sea routes, from dense conurbations to remote jungles. There was a time, after the development of settled agriculture, when only the adventurous few travelled extensively. In the modern world, humans live a globalised existence — and not just through physical travel but also by means of financial and commercial transactions with counterparties in external jurisdictions, and by accessing nodes of networks, to access, virtually, resources located in lands far away.

You might also like 

What will be the math behind Budget 2023?

Reliance Capital lenders plan round 2 of auction

The worst may be over for emerging markets

E-scooter maker Ather Energy sets $1 bn revenue target

People leave their digital footprints on servers across the world. It is neither feasible nor desirable to bring all this digital data into the territory of their domicile. It might be pointed out that the proponents of data localisation might be concerned about not just any digital data but of digital data of a critical kind.

It is imperative, admittedly, for the data of Indian citizens to be stored securely, wherever it is stored, and for India’s law enforcement and regulators to have ready access to critical digital data. But this does not call for mandatory storage of citizen data on servers located within the country. What the government proposes, in its 2022 version of the data protection bill, is to permit citizen data to be stored in some jurisdictions that the government is satisfied will secure data and facilitate ready data access when legally required.

Minister of state for information technology Rajeev Chandrasekhar’s statement to Mint published Monday makes this absolutely clear. The government will create a white list of countries where the digital data of Indians can be stored, based on establishing what he called a digital corridor of trust with the country in question, consisting of reciprocal guarantees of data security and access. The substance of such trust is that “my rights as an Indian citizen today under the digital personal data protection law should be intact, regardless of whether you store it in country X or not. It means if it breaches from there, you’re still liable,” in the words of the minister.

In any case, the requirement of the earlier version of the data protection bill that all critical data of Indian citizens should be stored in India and only in India was too restrictive to be practical. India has a thriving business process/knowledge process outsourcing industry, which processes the personal data of the citizens of many foreign countries. If they choose to reciprocate the restriction that Indian law sought to place on Indian citizen data, that would have made life very difficult for India’s outsourcing industry.

It makes far more sense for India to follow the European Union’s requirement with regard to the location of citizen data. The European data protection law permits the digital data of the citizens of European Union member states to be stored in jurisdictions that meet the data protection standards of the EU. This is what, presumably, the government intends to do, via Section 17 of the proposed Digital Data Protection Bill 2022: The Central government may, after an assessment of such factors as it may consider necessary, notify such countries or territories outside India to which a data fiduciary may transfer personal data, in accordance with such terms and conditions as may be specified.

Jurisdictions that have data protection provisions that are at least as rigorous as India’s and are willing to enter into agreements of reciprocity on data security and data access with regard to citizen data stored in their territory should be safe for harbouring data on Indian citizens.

It is possible that the proponents of data localisation are also concerned about the business opportunity involved in the proposition. To store the voluminous data on India’s 1.38 billion strong, and growing, citizenry, a lot of server capacity would be required. Why not house this capacity in India?

If India builds the infrastructure — of inexpensive, plentiful, reliable, preferably renewable energy and physically secure built-up area of adequate size, insulated from floods and earthquakes, flash strikes, casual vandalism and terror attacks — there is no reason why India should not house the server farms that have to be built to store not just the voluminous data generated by ever more data hungry-Indians but also of the millions of machines that will chatter to other machines on 5G networks in India and across the world.

That, however, calls for applying oneself to building that demanding infrastructure, rather than mandating a requirement to store data locally.

Indian business gains from globalisation, and it should learn to play by its rules, rather than seek self-serving carve-outs.

Elsewhere in Mint

In Opinion, Manu Joseph says awful arguments were made against demonetization. Kaushik Basu argues India should propose a G Minor at the G20. Diva Jain says news of industrial policy’s demise was vastly exaggerated. In Long Story,  Minister of State for IT Rajeev Chandrasekhar clears misconceptions surrounding a slew of pivotal digital legislation.


Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint.
Download The Mint News App to get Daily Market Updates.


Source link

Tags: No tags

Add a Comment

Your email address will not be published. Required fields are marked *