By Sidharth Narayan & V Sridhar
The new Parliamentary Standing Committee on Communications & IT has a daunting task ahead, as it aims to study the contentious issue of restricting cross-border data flow, or data localisation (DL) among other policy issues, in the first year of its constitution. More so, as the government may table the ‘Personal Data Protection’ bill in the winter session.
Data as oil or water is a raging debate across the world. Many have have advocated for the free flow of data across borders, as it provides various benefits, increasing consumer surplus through dynamic pricing mechanisms; maintaining availability and quality of service; promoting innovation in the provisioning of digital goods and services; ensuring ease of doing business; and preventing and detecting fraud. However, many countries, including India, are leaning towards DL.
Primary reasons being privacy; protection of national interest; utilisation as an economic resource; and so on. Other reasons include ensuring access to law enforcement agencies (LEAs) and creating a level playing field for smaller Indian tech companies.
Though there are many proponents and opponents of DL, conclusive research on consumer impact is missing. Consumer Unity & Trust Society (CUTS) is involved in a consumer impact assessment of data localisation.
The preliminary results indicates that claims of the opponents hold water. The survey shows that various consumer facing parameters such as freedom of speech, availability of services provided by smaller foreign service providers, privacy and data protection of consumers, are to be adversely impacted.
DL may result in reduction in international competitiveness of service providers. Moreover, DL may create a ‘honeypot of data’ concentrated in one geographical location, thereby enhancing the risk of data breaches and cyber-attacks. Also, experts are sceptical of the State having adequate cyber-security experts and vulnerability proof digital infrastructure. Capacity of LEAs in combating cybercrimes was also questioned. Furthermore, there were concerns of excessive tracking and monitoring of data.
Preliminary findings also show that the government may make it easier for LEAs to access data, create conditions for growth and narrow competition between foreign and domestics service providers.
On the issue of realising the full economic benefits of DL, experts opined that this may largely be dependent on government’s support in providing power, land and cooling for Data Centres (DCs). The capital intensive and not labour-intensive nature of DCs also question the amount of employment, DL is expected to create.
Furthermore, experts also believed that large foreign companies are better placed to comply with DL, and set up their DCs within India, as opposed to smaller domestic companies, which may result in unintended negative impact on competition, and thereby consumers.
It seems that DL may not be the most appropriate way of achieving the regulatory objectives, since the envisaged benefits of the regulation are unlikely to outweigh the consequential costs.As the way forward, it seems necessary to analyse consumers’ perceptions towards the benefits currently derived from data driven services, satisfaction levels with services and privacy risks faced, and estimate how the usage may change should these indicators be impacted on account of DL.
It is only then, that one would be able to answer the question if ‘data could be oil or water, and whether it should flow freely across borders?’, at least from a consumer perspective. Such evidence-based consumer facing findings, would certainly provide useful insights on the issue, and also act as fodder for further debate, which would ensure that data nationalism in the garb of additional security does not hurt consumer interests. Lastly, it is imperative for the government to explore less intrusive means to achieve the objectives of DL. Exploring alternatives to Mutual Legal Assistance Treaties (MLAT), such as becoming a member of “Chart of signatures and ratifications of Treaty 185: Convention on Cybercrime”, which has specific focus on cross border cybercrimes and associated mutual assistance amongst members, will certainly be useful in this regard.
Narayan is research associate, CUTS International. Sridhar is Professor, IIIT- Bangalore. (Views expressed are personal)