Under the Data protection legislation of many nations, the emphasis on the necessity of data localization has been pressing, albeit to varying degrees. What is data localisation? What is its need? What are the concerns related to data localisation? Scroll down the page to know more about Data localisation.
The most recent version of the data protection law, the Digital Personal Data Protection Bill, 2022, takes a softer stance on the need for data localization and allows data flow to specific international locations based on specified predetermined evaluations.
Let’s move on to its details.
What is Data localisation?
The act of storing data on any device that is physically present inside the boundaries of a certain country where the data was generated is known as “data localisation.”
Data localisation is founded on the fundamental precepts that state that data must be localised and made locally accessible within the geographical limits of a country because it is a vital resource in the context of today’s digital world.
For instance, responsibilities under the General Data Protection Regulation (GDPR) of the European Union (EU) require enterprises in the EU to keep their data secure inside the EU.
Also read: Right to be Forgotten
Need for Data localisation
Protection of personal and financial information
- The major goal of data localization is to allow local governments and regulators to request the data when necessary while protecting citizens’ and residents’ personal and financial information from international monitoring.
- For example, the Reserve Bank of India has ordered that payment system data be held in India for better monitoring and safety due to the rising volume of digital payments nationwide.
- The harsh stance taken by regulators on data localisation may be motivated by concerns about national security and the avoidance of foreign spying.
- For instance, if Indian regulators did not have complete control over all locally created data, Indians, especially state officials, may become exposed. Data can also be weaponized. For example, a person’s debit card history can be a useful tool for honey potting and social engineering.
- Additionally, scandals like the Facebook-Cambridge Analytica affair have prompted governments all around the world to press for the localization of data.
Greater law enforcement data access
- Local data storage is anticipated to make it easier for law enforcement organisations to access information required for crime detection or evidence gathering. In cases when data is not localised, the authorities must rely on MLATs to get access, which slows down investigations.
- The Justice Srikrishna Committee had suggested that storing local citizens’ data in India would give law enforcement agencies more power.
- Data localisation is now one of the main forces behind the economic expansion and job creation, particularly in developing nations.
- For instance, data localisation mandates that businesses establish data centres across national borders; frequently, these centres must be completely new construction. Numerous employment opportunities result from this. A rise in employment prospects of this magnitude would benefit the nation’s economy.
- Data localisation proponents think data ought to be treated like a national resource. This implies that the country’s government ought to be entitled to the proceeds from that resource.
- The movement of data into and out of the country should be taxed, just as the influx and outflow of products and services. The government can then utilise these higher levies to fund new social programmes.
Also read: Digital Personal Data Protection
Data localisation and India
The Digital Personal Data Protection Bill, 2022
- The most recent draft of the data protection law has now been made available for public discussion.
- In August 2022, the Personal Data Protection (PDP) Bill, 2019, the draft was withdrawn.
- The Digital Data Protection Bill, 2022, which does away with the strict data localization requirement proposed in the earlier version, offers a relatively lenient stance on data localization requirements and allows data transfer to specific international locations (referred to as “trusted geographies”) based on some predefined assessments.
- The nations to which businesses can transmit customer data will be determined by the government.
B N Srikrishna Committee
The committee suggested processing sensitive personal information of Indian people in facilities based domestically.
Draft National E-Commerce Policy Framework
- The policy limits the transfer of vital information about Indian users gathered by e-commerce companies and social media platforms across international borders.
- The draft e-commerce policy asks for the expansion of server farms, data centres, and storage facilities in India. It also supported establishing a technological and legal framework as the foundation for enacting controls on data movement across international borders.
Osaka Track on the Digital Economy
India abstained from the G20′s Osaka Track on the Digital Economy, which made a strong case for the adoption of legislation allowing data flows between nations and doing away with data localization.
Data localization-related concerns
- Makes data security more exposed. Since the data is no longer sharded, the forced localization may make data security more vulnerable (Sharding is a method for distributing a single dataset across multiple databases, which can then be stored on multiple machines.). Particularly in nations with weak IT infrastructure, this is true. Additionally, industrialised nations may employ advanced data surveillance capabilities, which would defeat the goal of securing data security by relocation.
- Data localization may raise operational expenses because businesses would have to invest a significant amount of money in establishing local servers and other infrastructure. The elimination of small and mid-size enterprises from the market and the promotion of monopolies could result from this. For instance, strict data localization requirements could have a negative impact on Indian entrepreneurs, especially those in the finance, cloud, and SaaS sectors.
- Data localization can represent an authoritarian system and be viewed as a tool to facilitate local monitoring, which could impact fundamental rights.
- A government can exert more control over its citizens’ online activities by passing data localization laws, but doing so increases the potential for misuse and jeopardises their right to privacy and freedom of expression.
- For instance, under the guise of a reasonable restriction provision in Article 19(2) of the Constitution, such as India’s sovereignty, integrity, security, and public order, Section 69 of the IT Act, 2000 permits the Government to intercept, monitor, or decrypt any information stored in any computer. If the government is given full access to data, its misuse and arbitrariness will know no limitations.
- The Internet fragmentation and “splinternet” balkanization: The idea of free flow of information underpins the internet. The internet will be destroyed if this free flow of information is restricted by levies or excessive protectionism. Many people are worried about the potential “Balkanization of the Internet” and the development of a fragmented Internet (or “splinternet”) that is divided into smaller national and regional pieces with barriers around each of the splintered Internets to replace the global Internet that we are all familiar with today.
- Global trade will be hampered by strict data localization regulations because they restrict the free flow of information across international borders, allowing governments and their law enforcement agencies to operate more effectively. For instance, the United Nations Conference on Trade and Development concluded in their report on the digital economy that companies that use the internet for international trade fare better than those that do not.
Localization-related norms require broad policy-level thought in order to be successful. This could involve updating and updating mutual legal assistance agreements, reforming laws relating to surveillance, facilitating the development of adequate digital infrastructure, and establishing suitable data-sharing laws that protect third parties’ rights and allow for the use of data for socially beneficial purposes.
Article Written By: Atheena Fathima Riyas