The Indian government want companies holding data about their citizens to store it on local servers. Contentiously, this includes data generated by foreign credit card companies. However, the move will reduce Indians’ rights on their data in terms of how it is used and who it is sold to.
The original bill, the Personal Data Protection Bill 2018, proposed that a copy of the data be stored on Indian servers, while “critical” data to only exist within India.
One of the largest enthusiasts for this bill was Mukesh Ambani, the chairman of Reliance. He believes that “data is the new oil” and doesn’t want India to lose the valuable commodity. However, by stopping foreign companies like Amazon and Google accessing Indian data, his own company stands to benefit.
Nevertheless, in April the Reserve Bank of India set the regulations on foreign payment companies to keep transactional information on local servers. Companies like Visa and Mastercard had to comply, but they weren’t happy about it, not only because it makes fraud detection inefficient. The US revoked a trade agreement worth $5.6 billion in response, followed by India levying import duties on some US goods.
However, a US trade delegation to India may have forced the Indian government to change their stance. Senior executives from Google and Facebook have been lobbying to try and alter the bill to their favour.
Officials from the Ministry of Electronics and Information Technology in India have proposed a compromise where critical data could be held abroad if a cross-border agreement was reached. It’s likely that no-one wants to store multiple copies of the same data, since it’s expensive and a compliance nightmare.
While the government claim that the privacy of their citizens is of great importance to them, they’ve also told the Supreme Court of India that their citizens have no fundamental right to privacy. As such, many are questioning what the true intentions behind the bill are – for privacy or for financial gain?
Now the BBC are reporting that Indian officials are going to cite the WhatsApp Pegasus breach to try and push through their bill. According to the officials, this breach was a “serious issue of national security” that “requires measures, including data localisation”.
Experts are calling the request “bizarre” and that it “makes no sense at all”. WhatsApp fixed the breach, which allowed a malicious call to access all the phone’s data, and filed a lawsuit against Israeli firm NSO Group. They deny the claim.
Some also looked towards the Indian government for responsibility, since Indian journalists and activists were targeted. The government, too, deny the claim, but refuse to discuss it in parliament, instead citing a law that agencies are allowed to monitor and decrypt information of national security interest.
That chapter reads: “Datasets may be sold to analytics agencies that process the data, generate insights, and sell the insights further to the corporate sector, which may in turn use these insights to predict demand, discover untapped markets or innovate new products”.
It's likely that this debate will rumble on for a while.
India Wants Companies to Store Data Locally
No comments yet. Sign in to add the first!