Listen : Audio version of this article
At the time you swipe your Visa card or use any of the Amazon services, then have you wondered how you fend personal financial data is carried, stored, or processed? Well, most of the data even tend to be either the financial partly or completed stored outside India, quite apart from the worries about who has access to your data overseas, the Government of India, and regulations to have some of the limited access to this data. This is what the Reserve Bank of India wants to change with the help of its data localization rules.
What is Data Localization?
Previously, companies from all across the globe scrambled to comply with the RBI deadline for the purpose of localization of all the sensitive data, which is much more belonging to the Indian users of some of the various global digital payment services. Data localization is the act of storing the data on any of the devices which are physically present within the cross borders of the country. As of now, as many and most of these data are stored in the cloud, outside India.
RBI diktat has also followed some of the draft data protection law, which is even recommended by some of the committees of India in the month of July and August. One of the best recommendations was that the government must need to enjoy unfettered access to its residents or citizens of India for the use of data in the domestic policy, which makes it a big with the AI and Big Data analytics.
Localization also mandates that companies collecting critical data about the consumers must need to store and process them within the borders of the entire country. The RBI has also issued a circular mandating that the payments which are related to the data collected by the payment providers must need to be stored only in India, which is going to settled by the date of the 15th of October for the compliance. This covered not only covered the MasterCard or Visa but also of the companies such as Google, Paytm, and WhatsApp, which provide digital payment or electronic services. Many of the companies are even yet to comply with this rule, and the RBI has now also specified any penalties or fines for the delay.
Why is it important?
The primary intent behind the localization of data is to protect the financial and personal information of the country citizens and residents from the foreign surveillance and give some of the local governments and regulators that all the jurisdiction to call for the data where that is required. The aspect has even gained some of the importance after a spate of lynching across the entire states that were also linked to the rumors pretending to the WhatsApp. Revelations of the social media giant WhatsApp and Facebook sharing the user data with the Cambridge Analytica, which is even alleged to have influenced the voting outcomes, that also led to a global clamor by the Indian government for the data localization.
Some other argument that is included in the data localization is essential to the security of India. Stroking of data locally is expected to help the law-enforcement agencies to access some of the information that is much more needed for the detection of a crime or to gather some of the evidence. Where data is not even localized, the agencies need to rely on the mutual legal assistance treaties to obtain delaying and access investigation. On storing the global data could also create domestic jobs and skills in the data analytics and storage, too, as the report by the Srikrishna pointed out in the official statement.
Moreover, on the flip side, maintaining multiple local data centers may even entail significant investments in the infrastructure higher costs for the global companies, which is why they also seem to be up in arms against these rules.
Why should I care?
As all of us trust all the global service providers with more and more information, with respect to both on a voluntary and involuntary basis, we may also like to have greater accountability from these firms about the end use of this data. Data localization may not also entirely avoid the Facebook-Cambridge Analytica like the episodes, but it may at least make sure that domestic law enforcement that can even respond more effectively and efficiently to our complaints.
Driven by a view that the data is a wealth of the new market that needs to be controlled and secured for the development of the nation, India has also advocated data localization, the storage of the personal data on the servers which are located within the physical boundaries of the country.
As the Prime Minister of India, Mr. Narendra Modi put it at Davos earlier this year in 2018 that data is the real wealth, and it is also being said that whosoever acquires and took the control, then the data will have hegemony in the near future as well. The global flow of data is creating some of the significant and significant opportunities as well as the challenges.
No matter be it the RBI or the draft by the personal data protection bill, 2018, most policy statements linked to the data governance have urged in favor of the data localization.
But this move to make companies store the data locally has even faced the opposition from the global technology giants who also favor the free flow of data.
A new report also revealed from the industry body internet, and free association of India has cautioned against the imposition of the norms from the data localization.
There is also a wide range of concerns with operationalizing data localization, according to the report which has been revealed by the digital technology policy for the India USD 5 trillion economies, released last month by the Finance Minister.
First, the storage of all the country critical data within the Indian runs the risk of creating with the honeypot of such data, which is vulnerable to cyber-attacks, threats, and some other foreign surveillance, said the official report.
With respect to a couple of studies, the report went on the argue with the data localization may also have potentially harmful consequences for the Indian economy.
The European Centre for the International Political Economy, has found that the economy-wide data localization laws drain between the 0.7% and 1.1% of the GDP from the economy for no benefit since then, and any grains stemming from the data localization are also too small to outweigh losses in terms of the welfare and output in the general economy section, said the report.
With respect to the harmful consequences associated with the mandatory localization of data, it is even recommended that the government should also consider the position of hard data localization, revealed the report. Moreover, an incentive framework should be created to incentivize a voluntary shift to storage on the local data servers in India in the form of long-term growth without even disrupting the ease of doing business in India.
Moreover, according to the Pavan Duggal, one of the national leading cyberlaw experts revealed that in terms of the data localization, the provisions of the PDP bill go against the stand taken by the RBI.
The Reserve Bank of India, which has also granted and taken the stand that all the payment and Banking data, which is much more related to the people of India, should be physically stored in India. The proposed data protection bill says that you do not need to keep the data in India, only keep a servicing copy.
Some of the leading and significant technology policy and media consultant revealed that argues that the data localization would not adequately address some of the security issues.
Some of the business-wise, it also causes some of the extra costs of efforts, and jot just for the foreign firms for the India based ones as well who that are also working on the beginning to face the same demands in countries which are looking to the Localization India laws like the Indonesia and Vietnam.
Security can be affected by a vast number of ways by fragmenting networking and different platforms. For instance, fintech and the card companies rely on the multiple anti-fraud platforms, which even further builds on the data from across the globe, said the announcement.
If we simply cut out India from those types of platforms, then not only do they draw on and learn from the Indian data, India also does not benefit from Machine Learning, and Artificial Intelligence, and anti-fraud technology and threat intelligence sharing which is provided by those platforms.
Moreover, given that the fact that they are only some of the few technologies that have access to a vast repository of the global data, that there is also a threat of the data localization in the absence of adequate control over data. There is hardly a dispute over the fact that it is also much more sensitive data that needs to be stored locally.
India has now also proposed some of the locating computing facilities inside the country itself if it is meant to protect some of its essential security interests and national interests at the ongoing negotiations of the legal proposed Regional Comprehensive Economic Partnership trade agreement.
New Delhi committee also revealed that the participating countries might also prevent the cross-border transfer of information by the electronic means which includes the personal information, only where it is much more necessary to achieve some of the legitimate public policy objectives or essential in the country opinion, for the proception of its vital security interests or the national interests.
India’s alternative proposal on the Asean package for the agreement eCommerce chapter came on Friday only after the 14 members of the 16 country RCEP, which includes the ASEAN opposed to the data localization, China was not a proponent.
Moreover, in the financial technology services chapter of the deal, India is even learned to have agreed to the economic data, in talks held with Vietnam in the late September, it is also believed to behave the decided that the commercial companies would also be allowed to move and store the data of the Indians abroad.
The proposal is also much more crucial as the RBI in the month of April 2018 notification mandated that all the system offers shall ensure that the entire India, which is the data much more relates to the payment system operated by them are stored in a system only in India. It later then clarified that a copy of the private data can also be stored across the globe in the case of cross border transactions. The financial services agreement will partly nullify the position.
Moreover, although the FSA was negotiated by the Reserve Bank of India, the contact point for the FSA is the ministry of commerce and not even the central bank.
In today’s proposal, which has been revealed, India also announced that thee no party shall have recourse to dispute the settlement for any matter relating to the electronic commerce arising under any of the chapters, with the help of any provision in this agreement.
Furthermore, no matter which is related to the issue has been finalized, some of the officials revealed that as the RCEP talks reach their final stages of selection before concluding next month. Commerce and the industry minister Piyush Goyal are also attending the RCEP ministerial meeting in Bangkok from the 11 and 12th of October.
ASEAN has also moved to a compromise proposal that is being discussed. No issue has been settled, which includes the data transfer, revealed the report.
The Ministry of Electronics and Information technology (MeiY) has also approved the proposal, said the announcement.
While on the other hand, the commerce and industry minister has also known for the strict data localization norms in its initial draft e-commerce policy, the electronics and information technology ministry is working on some of the personal data protection bills and has also become the nodal agency for all the matters related to the data.