This is a question hundreds of millions of Indian internet users seldom ask: should digital data generated by them be stored in India? There’s little popular discussion on this because the debate happens between experts who use complicated terms. So, let’s try to frame the issue simply.
Digital data is stored in servers. ‘Data localisation’ means storing Indian internet users’ data in servers located in India. But since most internet activity happens on platforms owned and operated by foreign technology companies, almost all user data generated in India is stored abroad. Much of the data is stored in the US, home to most internet giants, and some in a few other countries.
Some technology companies like Microsoft have India-located servers. But they are used for B2B (businessto-business) digital data. There are no servers in India run by any major global internet giant that house personal user data.
Broadly speaking, there are two kinds of user data: financial and nonfinancial. When you use a digital wallet to pay for a movie ticket, that’s personal financial data. The other kind of data is generated when you, say, post photos of your birthday party on asocial media platform, or search for anything through an internet browser.
RBI recently asked all firms in the business of digital payments to transfer all Indian user data to local storage sites in six months. That order will have to be complied with. So, one part of the question we asked at the beginning has been answered. The debate is now focused on non-financial personal digital data.
Many clever people argue data localisation isn’t necessary. They say personal information stored (mostly) in US-located servers is perfectly safe. That when local Indian authorities need to access data for law and order and national security purposes, established global protocols help them get that information from US authorities. Also, that local storage raises the cost of business for firms, and to that extent may do more harm than good for countries planning data localisation.
No Green Card for Data
Studies by consultants claim data localisation for highly digital countries can have non-trivial negative impact on GDP. None of these arguments addresses three crucial issues.
First, assume American internet users’ personal data is stored in servers outside the US. How would the US government and the American public react? They won’t countenance this at all. So, in principle, no country should.
Related to this, the scandal surrounding the US’ National Security Agency (NSA) and its apparently unbridled monitoring of data from all over the world raised questions on the safety of non-American personal user data stored in the US.
Data localisation, in this context, means Indians’ personal data won’t be outside Indian authorities’ administrative and judicial sphere of influence. Of course, there must be strict safeguards to prevent Indian authorities from merrily violating citizens privacy.
Second, countries like China and Russia have full or partial data localisation norms, and their internet economies haven’t taken a hit simply because of this. True, China isn’t a democracy, and Russia is barely a democracy. But the argument that data localisation is inefficient and, therefore, should be avoided doesn’t make any distinction about political systems. Plus, some forms of data localisation are practised by full-fledged democracies as well. EU’s detailed guidelines on safeguarding citizens’ digital data is a good example.
Also, China is the world’s second most successful internet economy after the US. That’s been made possible partly because China has practised an internet policy that strongly discourages foreign players’ dominance at all points in the internet economic value chain, including storage.
But what about the argument that costs will rise after data localisation? Many Indian internet entrepreneurs are also apprehensive about this. The simple answer: the market. When rules mandate that Indian users’ data must be stored locally, the huge business opportunity for those manufacturing and maintaining servers will ensure that price competition brings down costs.
Third, India is now a major internet market, in the big league with the US and China. It will grow even more attractive for technology players as GDP and per-capita income rises, and more Indian users start spending more money.
This means India should — and must — take more control of its internet future by using its market power. That’s how global economic relations basically work. The more powerful make things easier for themselves. If Google, Facebook, Microsoft, etc, could see India as the most important market of the future, India must ask them to do what’s right for Indians.
Data Follows Funds
This logic applies to other aspects of the internet economy as well. Most successful Indian internet ventures are funded by Chinese, Japanese and US investors. That’s not the case with China, which has become an internet powerhouse through local funding. Funds localisation is arguably even more important than data localisation.
Coming back to data storage, before any policy is announced, there will be plenty of details to sort out. Should all data be locally stored, or only some data? What sort of privacy safeguards should be mandated? Which authorities should be allowed to ask for user data?
But let’s not get so lost in details that a policy takes another few years to frame. The prime minister recently asked for data localisation. That should be enough incentive for GoI to move quickly.
Source: Economic Times