(Mains GS 2 : Challenges to internal security through communication networks, role of media and social networking sites in internal security challenges, basics of cyber security; money-laundering and its prevention.)
- The requirement of data localisation strengthens the protection of personal data, as all of us while using the internet are sending data in some manner or form.
- For instance, obligations under the European Union’s General Data Protection Regulation (GDPR), obligates businesses in the EU to keep the data secured within the boundaries of the EU.
- If in any case such data is to be transferred to a different country, they need to have similar protections like those that exist in the EU.
- Therefore, it can be inferred that the motive for different governments to store data locally is not only to protect the privacy of their citizens but also to exercise their control on the data, which is fuelling and driving businesses in their countries, for law enforcement purposes.
Essential for India:
- India being one of the most powerful markets in terms of data creation and use, the need for data localisation is essential.
- While some governments may feel that such a move “will serve as a significant barrier to digital trade”, there is a necessity of such a requirement as law enforcement agencies in India face a lot of difficulties in getting timely access to data that may be stored elsewhere by businesses operating in India.
- In a similar pattern, due to the increasing number of digital payments in the country, the Reserve Bank of India has also mandated payment system data information to be stored in India for better monitoring and safety.
Other side of coin:
- The present technology-powered age is impacting trade on a different level, therefore, imposing restrictions in the free flow of data can not only create an impact on the global economy but also become a hindrance for local markets.
- If governments look at data localisation from the point of security and counter data breaches, it can, due to the forced localisation of data, make data security more vulnerable as the data no longer undergoes sharding.
- Moreover, developed countries may use sophisticated tools for data surveillance which can simply forfeit the purpose of achieving data security through relocation.
- There can also be an increased risk of local surveillance through the implementation of stringent data localisation laws.
Multiple stakeholder approach:
- Data is the enabler of businesses and digitisation that has been essential for growth and innovation.
- In this age of rapid technological growth, governments should shift to alternate standards (such as encryption) rather than enforcing strict measures on data localisation that could restrict trade and innovation.
- One should also reflect on how far we can go with a sovereignty-based model in a digitally connected world.
- It has become increasingly troublesome to solve jurisdictional issues in case of cybercrimes and online defamation which rely heavily on international cooperation between countries, making it difficult and expensive for prosecutors to act.
- Therefore, a way forward could be to move with a multiple stakeholder approach which can not only help in looking at data localisation alone, but also other issues such as privacy and governance.
- The ‘glocalization’ approach is one such method in the digital space, wherein laws can be harmonized globally, but by paying attention to local interests.
- Thus, with the pressing need for data localisation by the governments, it becomes important to assess the security of domestic systems for storing sensitive data.