When the government moves for data localisation, where does that put businesses? This was the theme of Thursday’s IE Thinc discussion involving representatives from the government and the corporate world. The debate revolved around questions such as — is it even possible to engineer products keeping data localisation in mind, how will it work given the global, ever-changing world of the internet, and what are the security risks associated with mandatory data localisation?
While there was consensus among the panelists that “critical data” should remain localised, most felt that data localisation would not provide solutions.
S Chandrasekhar, Director Government Affairs at Microsoft, said data localisation would lead to “Balkanisation of the internet”. He said there were mainly three aspects that should be kept in mind —- privacy, security and strategic control. The first two, he said, could be “assured without localisation”, but strategic control would need “some amount of localisation”.
“Even as a multinational company, we also tell that if there is some very valuable data —- military, intelligence or critical data —- it need not be out on the public cloud, it can be put on premise,” he said, adding that the size of such data was “minuscule”.
“For the minuscule percentage of data, we are bringing things which are probably threatening a number of services which are cheap because they are global (like Facebook and Google)… This one-size-fits-all approach in data localisation will probably be harmful,” said Chandrasekhar.
Shagufta Kamran, Associate Director-TMT, US India Strategic Partnership Forum, said “data balkanisation” will “not be in the interest of Indian or foreign firms”. She said recent statistics showed that data localisation was not the answer to problems. “In terms of the overall framework, I believe there are global frameworks and as a country we have strongly benefited from cross-border data flows, we should actually work towards more globally aligned frameworks that support the global internet economy as a whole.”
Gopalakrishnan S, Joint Secretary, Ministry of Electronics and Information Technology, had a slightly different view. He said the purpose of law was to bring in the privacy component, however, localisation would be “one of the components, not the end of all of it”.
“This will ensure that citizens’ privacy is assured, data is protected and there is some remedy. That’s the basic direction in which we are moving,” he said.
Shweta Rajpal Kohli, Country Director – Government Affairs & Public Policy, Salesforce, said there is a “worrying trend of data nationalism”.
“There is a study being done by NIPFP which says that the impact of any broad sweeping measures of data localisation would be that it would shave off 0.8 per cent from India’s GDP. It also says it would bring back domestic investments by 1.4 per cent,” she said, adding that localisation does not necessarily advance privacy and security goals.
Ashish Aggarwal, Senior Director and Head – Public Policy, Nasscom, said the MeitY discussion on data localisation was “fairly consultative”. “Compare this with what the RBI did. Industries have been left scratching their heads about what they’re supposed to do. This is problematic not only because you have to comply but also because you don’t know why,” he said
Bedavyasa Mohanty, Associate Fellow, Observer Research Foundation, there was no economic assessment impact done by the government before introducing data centres, on whether India had the power capability and land. He quoted the NIPFP study to say, “If you set up a data centre in the US, the cost would be around $47 billion. If you move that to India, Brazil or Russia, the cost goes up to $63 million because equipment will have to be brought in.”