In today's Finshots we try to summarize all the chatter surrounding data localisation rules

The Story

India is a huge market. In fact, we are the second-largest internet market in the world with 658 million users online, and another 250 million joining in by 2025. And for companies like Facebook, Twitter, and LinkedIn, this is an opportunity like no other. Sure, we may not hold the same monetisation potential as the other more advanced countries, but the sheer volume makes it a tantalizing proposition.

However, there’s a small issue. These companies prefer to store and process our data abroad. After all, they’ve made huge investments globally to build their data storage infrastructure. And it would make sense for them to transfer, process and store this data in these locations. Facebook for instance has 18 data centres primarily located in the United States, Europe and Singapore.

It has none in India.

But that’s creating tensions back home. Indian lawmakers would prefer these foreign companies build those data centres in India or store data locally. In fact, this idea has been gaining considerable traction all across the globe. The European Union has a comprehensive set of rules outlined within the General Data Protection Regulation. And while the regulations don’t explicitly mandate data localisation, it effectively dissuades foreign companies from freely moving/using this data. Meanwhile in India, we’ve had many people voice similar concerns. Chief among them — Mukesh Ambani, Chairman and Managing Director of Reliance Industries Ltd, who insists that data belonging to Indians must be owned and controlled by India and not foreign companies.

And the Indian government seems to agree with this assessment. They hope that data localization rules will do this and more. For starters, they believe storing data locally will offer better access to personal data in the event law enforcement officials seek it. They also believe that this could potentially thwart attempts of foreign surveillance while boosting economic growth back home. Finally, they hope that this move will help safeguard personal data. Data belonging to the Indian public.

And while some of the goals may seem a bit lofty, the government does have a point.

US and Canada host more than 42% of the world’s top million websites. And US firms for instance dominate major data collecting activities. Google controls 86% of the search engine market. Amazon has a lion’s share in the e-commerce market and Facebook generates a major chunk of its revenue monetising user data. In fact, they made a whopping $114.93 billion in 2021 alone — most of it through advertising revenue.

But if data localization rules were implemented, it would make it a tad bit difficult for companies to use and process data belonging to Indians. They would no longer have a free hand to monetise our data as they see fit and they would have to invest serious money in setting up data centres back home. Once again, this isn’t unique to India. In order to comply with China’s Personal Information Protection Law policies, Amazon had to sell its hardware to a cloud partner in China and work with them instead.

In India too, companies are sensing an opportunity.

Adani Group plans to invest Rs 4,600 crore in two data centre projects. Bharti Airtel has plans to invest Rs 5,000 crore in a bid to triple its data centre capacity by 2025. And Reliance Jio plans to invest Rs 7,000 crore to build a data centre in UP.

The only problem with this however is that US companies don’t like any of this. In fact, the US government has even hinted that data localisation regulations may be seen as an attempt to erect trade barriers between India and the US. They are fighting back already and have even threatened serious repercussions if India were to forge ahead despite their protests.

Elsewhere many critics believe that India’s attempt to formalize data localisation rules in the Personal Data Protection Bill (yet to be cleared by Parliament) is also deeply flawed. One argument is that the current guidelines offer the state sweeping powers to access personal data. Another argument is that it does little to safeguard user privacy. After all, you could stop foreign companies from misusing our data. But who’s stopping local companies from doing the same?

Well, maybe we need to rework the Data Protection Bill some more. But hopefully, this brief summary gives you an idea about some of the chatter surrounding data localisation rules.

Until then…

Don't forget to share this article on WhatsApp, LinkedIn and Twitter