Big Tech Using Uncle Sam To Pressure India On Data Location; We Must Tell Them To Take A Walk

There is a real danger that India will start buckling under American political and business pressure to roll back, or substantially downscale, the requirement that Indian customer data must be stored in India.

The Reserve Bank asked payment firms in April to store their customer data in India in order to facilitate “unfettered regulatory access.”

Last month, the B N Srikrishna panel on data privacy mandated much the same thing for all firms collecting Indian customer data, proposing that all “critical personal data” should be stored and used within the country.

While payment firms – including the likes of MasterCard, Visa, and PayPal – have lobbied hard with the Reserve Bank to dilute the local location norms, bigger guns from the technology industry, including Amazon and Microsoft, have elevated their lobbying efforts to the political and trade levels, which means ultimately Uncle Sam will be battling on behalf of his tech giants.

It is not that the tech giants have no case. They can argue that locating all servers in India will add to costs (power and real estate costs are much higher in India, for example), and there could be demands from the government for accessing user data based on law and order and security concerns, impacting privacy. A Reuters report quoted Amba Kak of Mozilla as saying that “Data localisation is not just a business concern, it potentially makes government surveillance easier, which is a worry.”

The payments data location issue has also been muddied by Paytm, substantially owned by Softbank and Alibaba, lobbying for it, with the United States (US) tech giants ranged against it. The unstated allegation is that the Reserve Bank law suits Paytm, since its data is already located in India.

Indian data belongs to India and Indians. And it cannot be subject to foreign jurisdictions. The issue is not where data is specifically kept, but whether India can have direct access to it without recourse to other legal impediments. If the Reserve Bank of India cannot access Indian payment firms’ data without moving US courts, what kind of supervision can it do?

So, when US political pressure comes to the aid of its tech giants, India needs to keep its arguments strong and ready. It should be asking the following questions of the other side:

One, if data servers are in the US, can the companies concerned guarantee that the data will not be shared with local law enforcement without Indian customer or government consent? Moreover, if Indian courts and/or government need the data, will US law stand in the way? Without satisfactory answers to these questions, there can be no compromise on this issue. If the answer is that India will have unrestricted and direct access to Indian data on US servers and can enforce compliance, then we can always compromise. But one cannot see the US agreeing to this at all. Consider how much trouble we are having with the United Kingdom on Vijay Mallya, where we have to satisfy their courts not about his alleged guilt in financial fraud, but about our jail conditions.

Two, privacy concerns are as much Indian as that of US companies. Once privacy laws in India are tightened, there is no reason why US privacy laws should supersede Indian ones.

Three, the cost concerns are important, but this is an argument against all forms of localisation. We should counterpose this question: it is cheaper to employ Indian engineers in information technology companies, both offshore and onshore; so, why the restrictions on free movement of natural persons in Indian tech companies? If the US can legislate what can or cannot be outsourced, doesn’t the same logic apply to Indian data? In fact, purely from our point of view, data location must be seen as source of local job creation, just as the US imposes high fees for H1-B visas and insists that even Indian companies must incur costs in complying with US FATCA laws.

India must keep its powder dry and not buckle under US governmental and tech giants’ pressure to retain their current advantages in where they hold or host customer data. The above arguments will bolster its case.