Why Data Localisation is Critical to India’s Long-Term Interests 

Why Data Localisation is Critical to India’s Long-Term Interests A map of submarine fibre-optic communication/Internet cables. 
  • Data localisation, on the surface, may seem a trivial issue. However, if seen as a piece of the larger puzzle, it is an opportunity worth billions in a market of a billion people.

    India, going forward, will have to create data slabs and work with data localisation on three fronts — local-only storing/processing, having local copies of data transactions, and sharing of data only if conditions are met.

As India engages with the United States Secretary of State Mike Pompeo in the run-up to the G-20 summit, the issue of data localisation would be critical for easing the trade stress the two countries find themselves in.

Given the market size, economic considerations, ease of doing business for foreign companies, and most importantly, the diplomatic challenges with the United States, India, going forward, will have to create data slabs and work with data localisation on three fronts.

First, local-only storing, transmission, processing, and analysis. This is the most stringent form of data localisation. Russia has implemented this across a wide range of data categories. In India, the Reserve Bank of India (RBI) has made it mandatory for payment data to be stored in India, adding to the grievance of companies like Visa and Mastercard.

Even though RBI, in its FAQs released yesterday (27 June), allowed for the payments to be processed outside India, the norm warrants that the final storage of data is in India alone. Also, companies would be required to delete the processed data stored outside India within a business day or 24-hours. However, RBI is not alone to call for such a norm. The People's Bank of China also does not allow the storage of individual financial information outside China.

The same provision, in India, must be extended to healthcare, given that huge amount of data will be generated in the next few years under the Ayushman Bharat programme. Australia also, for instance, does not allow individual healthcare information to be stored or processed outside the country.

This form of data localisation must be negotiated for financial, healthcare, and any other data form that is sensitive in nature.

Second, data localisation in the form of having a local copy. This will be useful for a wide range of categories that are not sensitive but can lead to individual attribution.

This form shall warrant the creation of local data centres, and while it may allow for processing of data abroad, it will be mandatory for at least one copy of the personal data to be stored in India. Vietnam, Argentina, and China have laws that deal with having at least one copy of data being stored locally. The same form is being proposed by India.

Third, data localisation with conditional restrictions and exceptions. European Union’s data protection framework — the General Data Protection Regulation (GDPR) — calls for sharing of data overseas if certain conditions are met.

However, aside from these, here’s why India must push further its own case on data localisation.

Short Term Reasoning: Data Protection, Law Enforcement, and National Security

One, data protection. Having no data regulation for companies with a customer base running into millions leaves the local population vulnerable. While the data shared between a consenting user and an online service is no business of the government, the vulnerability of millions of users may be attributed to the lack of jurisdiction of a government in the case of offshore storage of sensitive data.

Two, aiding the cause of law enforcement agencies. Foremost, a data law is needed to ensure that local law enforcement agencies do not have a free pass to users’ data from companies, as that could lead to digital profiling and surveillance.

If the data is not stored locally, a law enforcement agency has to fight through bilateral or multi-nation agreements in order to gain access to the data stored abroad. Not only does this waste critical time but it also adds to the costs and results in a lack of supervision by the concerned authorities.

For instance, a security regulator may want data for a company that has been indulging in unfair, fraudulent, or predatory trading practices on the stock market, and in this case, for justice to be served, ease of access to the data will be critical.

Three, national security and the concerns around it. While data centres across the world are heavily guarded and cannot be breached easily, the one reason cited for having a local copy of data is what if India is cut off from the Internet, from the world? For instance, what if Indians cannot access financial data worth trillions as they find themselves engaged in warfare with China or— in an alternate universe — the US?

This is a far-fetched situation. However, recent reports warrant precaution on this front. As of today, 97 per cent of the World Wide Web runs through a gigantic network of fibre-optic cables, located at the bottom of the world’s oceans. As per a report, these cables alone facilitate financial transfers worth $10 trillion each day. So, can one simply destroy these cables, and render a country helpless?

The answer is a gigantic no, and a very small yes.

The gigantic cable network runs over 600,000 miles, and each year, there are around 200 reports of the cables being destroyed, and in most cases, the cables are damaged as they are accidentally dragged by the ship’s anchors.

Now, assuming (and this is a big assumption) one cable connecting India to the world was destroyed, it might lead to a temporary shutdown that shall not last more than few minutes as traffic shall be quickly rerouted through other cables. As per the map of underwater sea-cables, India alone has 6 heavily guarded data points in 6 different cities, collectively hosting links to over 20 cables that connect India to the world.

However, India can use this report from the US Department of Homeland Security, which quotes an instance in 2008 when three cables in the Mediterranean Sea, connecting Italy to Egypt, were damaged by anchors of commercial ships. This resulted in 80 per cent loss of Internet connectivity between Europe and the Middle East, and hence, the US had to ground its Air Force drones in Iraq.

Such short-term disruption can be critical during warfare, financial transactions, and for healthcare accessibility, and thus, it adds to the reason to have user data stored locally.

Long Term Reasoning: Energising India’s Stagnant IT Industry

The story of India’s IT industry since the late 1990s has been that of an emerging urban middle class, striving for better standards of living, modern facilities, and western luxuries. In less than 20 years since 1998, India’s IT industry’s contribution to the GDP went from a mere 1.2 per cent to more than 7.5 per cent by the end of 2017.

The growth of IT in the last two decades complemented the transformation of some cities into major commercial hubs. These include Bengaluru, Chennai, Pune, and Hyderabad. In Noida, Gurgaon, and Mohali, villages, farmlands, and isolated city outskirts became hotspots for shopping malls, commercial working spaces, real estate projects, and much more.

It is here that data localisation comes into play as a long-term goal, stretching across the next decade and the one after it.

One, having data centres in India could facilitate the rise of an industry driven by services in the realm of data intelligence, analytics, and artificial intelligence. Not only will this open up new frontiers for employment but it will also make India the data intelligence capital of the world.

Two, for long, the IT Industry in India’s tier-two cities has survived without making any giant strides in their field. For most, the quantity of the projects outnumbered the quality. Though this has added immensely to the employment scene, it is no longer sustainable given the imminent global slowdown and the ease with which mobile apps and websites can now be created. Data localisation could well be a disruptor to this monotonous IT ideology.

Three, given the size and heterogeneous nature of the Indian market, research, study, and intelligence in data will drive newer innovations and solutions. While this shall allow the existing companies to diversify their operations, it will also enable entrepreneurial ventures as more STEM (Science, Technology, Engineering, and Mathematics) graduates are added to the workforce.

Four, companies like Amazon and Google will have to open up their data centres in India. While this will add to the investments in the country, it will also enable other companies to open their data centres, at a relatively lesser cost here. Also, the availability of labour in abundance at cheaper wages as compared to those in the West will guide the priorities of many medium and large companies across the globe.

Five, the investments in data centres will complement those in infrastructure and security. This will add to the employment prospects for non-STEM graduates. As any data manager with Amazon or any MNC would be happy to tell you, the security of a data centre is no mean feat, and hence would warrant the creation of jobs in the area of private security.

Six, India could well go on to become the key exporter of data solutions across the globe. This will enable Indians to work abroad across the US, Europe, Asia-Pacific, and especially in developing regions like Africa and the Middle East as data intelligence will be critical to every economy. The learnings from a market of over 900 million Internet users would be a worthy export, starting in the second half of the 2020s.

Seven, with local MSMEs expected to grow in number across the 2020s, the Indian IT industry shall find a local market for their data solutions, a market they struggled to create when it came to IT services. For MSMEs operating out of rural India, these data solutions will be integral to their growth and expansion. However, if India fails to create a local data service industry, the MSMEs may struggle to access such solutions from the West, given the high costs.

Lastly, with greater ease of doing business, more and more companies may want to move their operations closer to their biggest markets, especially the likes of Amazon, Walt Disney, Google, Facebook, and Apple. This may aid the ‘Make in India’ programme as companies may want to come up with hardware manufacturing facilities here in the future. This could further add to employment prospects in India.

The greatest benefit for India in calling the shots on data localisation lie in the IT industry it can create in the next 10-15 years. The late 1990s and early 2000s laid the foundation for an IT industry driven by services and customer care centres that offers plentiful employment opportunities even today. With data localisation, the government could lease a couple of decades more to India’s IT industry.

Data localisation, on the surface, may seem a trivial issue. However, if seen as a piece of the larger puzzle, it is an opportunity worth billions in a market of a billion people.

This is the final article in a two-article series on India’s push for Data Localisation. You can read the first part here.


Latest Articles

    Artboard 4Created with Sketch.