Data localisation may cause cyber attacks, hurt privacy, business competitiveness, says think tank

By: |
January 19, 2020 2:46 PM

Data localisation, if implemented, without adequate preparation and accountability measures, may reduce freedom of speech while enhancing risks of censorship, privacy violations, data breaches and cyber-attacks.

The experts also questioned the ability of law enforcement agencies in fighting cybercrimes.

The need for data localisation mandated under the Personal Data Protection Bill may lead to enhanced risks of privacy violations, cyber attacks, and data breaches, according to trade and regulatory think-tank Cuts International. According to a study titled Consumer Impact Assessment of Data Localisation conducted by Cuts on data localisation impact from the consumer perspective, consumers perceiving higher risks showed lower levels of data usage. Data localisation, if implemented, without adequate preparation and accountability measures, may reduce freedom of speech while enhancing risks of censorship, privacy violations, data breaches and cyber-attacks, the study said.

Data localisation may “lead to loss of international competitiveness among service providers along with creating a ‘honeypot of data’ based in a single location and hence increasing risks of data breaches and cyber-attacks,” Udai S Mehta, Deputy Executive Director, Cuts International told Financial Express Online. The study, which surveyed around 1,300 users of data-led services and interacted with 40 experts in government, legal, service providers, civil society organisation and academia, added that experts were “sceptical of the state having adequate cyber-security experts and vulnerability proof digital infrastructure for securing personal data stored within the country.”

Also read: Global private equity investors raising more funds despite declining returns is not a sign of success

The experts also questioned the ability of law enforcement agencies in fighting cyber crimes even as they stressed on chances of government’s excessive tracking of personal data, said Mehta. The changes made to the data localisation provisions in the bill last year from 2018 included non-sensitive and non-critical personal data may not be stored in India from earlier requirement of storage of a copy all personal data in India. However, it may be difficult to separately store different types of personal data, said Cuts. Among other changes, the 2019 bill also expanded the scope of personal data to include online and offline features potentially increasing the scope of sensitive personal data and critical personal data.

The report also pointed towards the possible adverse impact on the availability of services and innovation as data localisation may enhance the costs of operation (due to the need of setting up data centres in India) to serve Indian consumers. This may impact small businesses as they may not be able to “justify with respect to their commercial interests, forcing them to pull out of the Indian market.” Hence, the government should “focus on enhancing consumers privacy by avoiding unjustified data access by third parties, pruning state exemptions, and making the government’s request for data subject to judicial review. (It should) combat data breaches and cyber-attacks, prescribe an effective grievance redress mechanism, and foster data-driven innovation,” the study recommended. It also suggested a separate policy to incentivise processing of data in India instead of forced data localisation.

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1LVB customers can access all services: DBS
2AGR dues: ISPs may move Supreme Court to seek relief on lines of PSUs
3Some support from UK govt required to make business self-sustaining: Narendran