Why Indian companies fear data storage norms
Rules on data storage are expected to have a huge impact on businesses
New Delhi: Piggybacking on the European Union’s (EU’s) General Data Protection Regulation (GDPR), which mandates that every EU citizen’s data must be stored within the EU, will end up hurting the Indian economy which is highly dependent on data-based businesses to fuel the growing services sector, apart from grappling with a trade-off with user convenience.
The committee tasked with the upcoming regulation on data protection is walking a tightrope in forming rules around data privacy. Whatever it does, may have collateral damage. If you focus too much on privacy, you may lose out on functionality and user convenience, and vice-versa. Moreover, defining personal data will be a huge challenge.
With the justice B.N. Srikrishna committee, which was set up to draft a data protection framework for the country, having concluded its final meeting on Wednesday, the country will soon have a data protection law, which will apply to both the government and the private sector. Once the law is framed, as many as 70 acts, including the right to information( RTI) and Aadhaar, may have to be amended to bring all data-related laws under one regulation.
The report is keenly awaited by the Indian industry given the cost of regulatory compliance that will emerge after the law is passed by the Parliament. Rules on data storage are expected to have a huge impact on businesses. User-generated data is integral to the business models of major communication and social media networks, as it makes them valuable to advertisers, which in turn, use it to help companies target goods and services at the right audience.
“The government has every right to mandate the storage of its own sensitive data in India. However, the government should have incentives for companies to store data in India instead of making it mandatory. If my business runs more efficiently by storing data elsewhere, you are increasing my costs by asking me to store locally. This makes little sense given the current Indian economic environment. When it comes to data, our priority should be control, not location,” said Mahesh Uppal, director at communications consulting firm ComFirst India.
For one, businesses such as Facebook and Google work beyond physical boundaries. Considering the reliance on new data-based businesses in “Digital India”, a strong regulation on data storage will also go against the government’s promise of ease of doing business.
Suneeth Katarki, partner, IndusLaw, argues that India should not copy the EU GDPR rules on data localisation at this point. “Companies should be allowed to store data elsewhere, but be liable to the Indian court of law. India could also opt for a negative list of jurisdictions where data storage should not take place. If we go for a regulation similar to the EU, there would be a hit on revenues of existing companies and it would also throttle the growth of new and innovative data-based businesses.”
Monitoring a company’s compliance of the rules and enforceability of the data protection law is going to be another challenge. It remains to be seen whether the committee will focus on enforcement through penalties or declare it a criminal offence.
Editor's Picks »
- Tatas to go slow on deal to acquire debt-laden Jet Airways: Report
- Unhappy with ‘developments’, says departing Yes Bank director
- What toppled Nissan chairman Carlos Ghosn? Questions swirl around property deals
- What Sri Lanka’s political turmoil means for India
- SVL launches funds focused on SMEs, affordable housing