What is the issue?
- Supreme Court recently ruled privacy as a fundamental right.
- This has triggered calls for data localisation in India.
Why data localisation?
- Currently there is no law guaranteeing either privacy in general or data security in particular.
- Most companies collecting data in India are MNCs that operate through local subsidiaries.
- The data collected is generally stored on servers located abroad.
- Such data is mined and analysed extensively and, quite possibly, shared with affiliates without any legal hurdle.
- The government is hence contemplating a law to mandate data-localisation.
- This would require data of Indian users to be stored on servers within India and hence be subject to Indian jurisdiction.
What are the concerns?
- Relatively few countries have legislated for data localisation and such laws are perceived to be undemocratic in character.
- Indian servers are also not secure - given the occurrence of multiple leaks on a massive scale.
- Locally-storing data provides the government with full access to demand and receive data at will.
- Given the opacity of Indian surveillance protocol, data localisation could easily lead to serious privacy violations.
How can the future be best approached?
- The Supreme Court ruling makes it imperative that a strong privacy law with robust safeguards is swiftly passed by Parliament.
- European Union has opined that data belong to the individual citizen who has generated it – and has legislated accordingly.
- Implementing this in the Indian context will require a carefully drafted privacy code that is passed into law.
- The government should work to ensure that data generated by Indians should be controlled by Indian laws, regardless of location.
Source: Business Standard
