Data Localisation

#GS-02 Governance

What is Data Localisation:

Data localization is the practice of storing the data in the region it was collected from.
Localisation mandates that companies collecting critical data about consumers must store and process them within the borders of the country.

Atleast one copy of personal data will need to be stored on servers located within India.
Transfers outside the country will need to be subject to safeguards.
Critical personal data will only be stored and processed in India.

This Bill spells out a framework for date protection and lays down the limits on how personal data is going to be used, collected, and processed.
The Bill allows exemptions for certain kinds of data processing, such as processing in the interest of national security, for legal proceedings, or for journalistic purposes.
The Bill requires that a serving copy of personal data be stored within the territory of India. Certain critical personal data must be stored solely within the country.
A national-level Data Protection Authority (DPA) is set up under the Bill to supervise and regulate data fiduciaries.

The requirement of data localisation strengthens the protection of personal data, as all of us while using the internet are sending data in some manner or form.
European Union’s General Data Protection Regulation (GDPR), obligates businesses in the EU to keep the data secured within the boundaries of the EU.
If in any case such data are to be transferred to a different country, they need to have similar protections like those that exist in the EU.
Another aspect related to this is the size of the population and subsequently the respective consumer markets.
For an effective data localisation framework to be in place, the objectives undertaken by different governments need to be re-assessed to see if there tends to be a uniformity in the nature of data that different businesses operate and exploit.

Imposing restrictions in the free flow of data can not only create an impact on the global economy but also become a hindrance for local markets.
If governments look at data localisation from the point of security and counter data breaches, it can, due to the forced localisation of data, make data security more vulnerable as the data no longer undergoes sharding.
This is particularly true of countries with poor IT infrastructure.
Moreover, developed countries may use sophisticated tools for data surveillance which can simply forfeit the purpose of achieving data security through relocation.
There can also be an increased risk of local surveillance through the implementation of stringent data localisation laws.
Another downside of this could be promotion of monopoly and eradication of small and mid-size businesses from the market.
Secondly, the nature of automation followed in the data centres that are set up to store data locally, does not foster employment opportunities but instead incurs high investment and energy costs.